Vulnerabilities > CVE-2009-0581 - Memory Leak vulnerability in multiple products

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN

Summary

Memory leak in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allows context-dependent attackers to cause a denial of service (memory consumption and application crash) via a crafted image file.

Nessus

  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2009-137.NASL
    descriptionMultiple security vulnerabilities has been identified and fixed in Little cms library embedded in OpenJDK : A memory leak flaw allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted image file (CVE-2009-0581). Multiple integer overflows allow remote attackers to execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow (CVE-2009-0723). Multiple stack-based buffer overflows allow remote attackers to execute arbitrary code via a crafted image file associated with a large integer value for the (1) input or (2) output channel (CVE-2009-0733). A flaw in the transformations of monochrome profiles allows remote attackers to cause denial of service triggered by a NULL pointer dereference via a crafted image file (CVE-2009-0793). Further security fixes in the JRE and in the Java API of OpenJDK : A flaw in handling temporary font files by the Java Virtual Machine (JVM) allows remote attackers to cause denial of service (CVE-2006-2426). An integer overflow flaw was found in Pulse-Java when handling Pulse audio source data lines. An attacker could use this flaw to cause an applet to crash, leading to a denial of service (CVE-2009-0794). A flaw in Java Runtime Environment initialized LDAP connections allows authenticated remote users to cause denial of service on the LDAP service (CVE-2009-1093). A flaw in the Java Runtime Environment LDAP client in handling server LDAP responses allows remote attackers to execute arbitrary code on the client side via malicious server response (CVE-2009-1094). Buffer overflows in the the Java Runtime Environment unpack200 utility allow remote attackers to execute arbitrary code via an crafted applet (CVE-2009-1095, CVE-2009-1096). A buffer overflow in the splash screen processing allows a attackers to execute arbitrary code (CVE-2009-1097). A buffer overflow in GIF images handling allows remote attackers to execute arbitrary code via an crafted GIF image (CVE-2009-1098). A flaw in the Java API for XML Web Services (JAX-WS) service endpoint handling allows remote attackers to cause a denial of service on the service endpoint
    last seen2020-06-01
    modified2020-06-02
    plugin id39478
    published2009-06-21
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/39478
    titleMandriva Linux Security Advisory : java-1.6.0-openjdk (MDVSA-2009:137)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Mandriva Linux Security Advisory MDVSA-2009:137. 
    # The text itself is copyright (C) Mandriva S.A.
    #
    
    if (NASL_LEVEL < 3000) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(39478);
      script_version ("1.22");
      script_cvs_date("Date: 2019/08/02 13:32:52");
    
      script_cve_id(
        "CVE-2006-2426",
        "CVE-2009-0581",
        "CVE-2009-0723",
        "CVE-2009-0733",
        "CVE-2009-0793",
        "CVE-2009-0794",
        "CVE-2009-1093",
        "CVE-2009-1094",
        "CVE-2009-1095",
        "CVE-2009-1096",
        "CVE-2009-1097",
        "CVE-2009-1098",
        "CVE-2009-1101",
        "CVE-2009-1102"
      );
      script_bugtraq_id(
        34185,
        34240,
        34411
      );
      script_xref(name:"MDVSA", value:"2009:137");
    
      script_name(english:"Mandriva Linux Security Advisory : java-1.6.0-openjdk (MDVSA-2009:137)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Mandriva Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Multiple security vulnerabilities has been identified and fixed in
    Little cms library embedded in OpenJDK :
    
    A memory leak flaw allows remote attackers to cause a denial of
    service (memory consumption and application crash) via a crafted image
    file (CVE-2009-0581).
    
    Multiple integer overflows allow remote attackers to execute arbitrary
    code via a crafted image file that triggers a heap-based buffer
    overflow (CVE-2009-0723).
    
    Multiple stack-based buffer overflows allow remote attackers to
    execute arbitrary code via a crafted image file associated with a
    large integer value for the (1) input or (2) output channel
    (CVE-2009-0733).
    
    A flaw in the transformations of monochrome profiles allows remote
    attackers to cause denial of service triggered by a NULL pointer
    dereference via a crafted image file (CVE-2009-0793).
    
    Further security fixes in the JRE and in the Java API of OpenJDK :
    
    A flaw in handling temporary font files by the Java Virtual Machine
    (JVM) allows remote attackers to cause denial of service
    (CVE-2006-2426).
    
    An integer overflow flaw was found in Pulse-Java when handling Pulse
    audio source data lines. An attacker could use this flaw to cause an
    applet to crash, leading to a denial of service (CVE-2009-0794).
    
    A flaw in Java Runtime Environment initialized LDAP connections allows
    authenticated remote users to cause denial of service on the LDAP
    service (CVE-2009-1093).
    
    A flaw in the Java Runtime Environment LDAP client in handling server
    LDAP responses allows remote attackers to execute arbitrary code on
    the client side via malicious server response (CVE-2009-1094).
    
    Buffer overflows in the the Java Runtime Environment unpack200 utility
    allow remote attackers to execute arbitrary code via an crafted applet
    (CVE-2009-1095, CVE-2009-1096).
    
    A buffer overflow in the splash screen processing allows a attackers
    to execute arbitrary code (CVE-2009-1097).
    
    A buffer overflow in GIF images handling allows remote attackers to
    execute arbitrary code via an crafted GIF image (CVE-2009-1098).
    
    A flaw in the Java API for XML Web Services (JAX-WS) service endpoint
    handling allows remote attackers to cause a denial of service on the
    service endpoint's server side (CVE-2009-1101).
    
    A flaw in the Java Runtime Environment Virtual Machine code generation
    allows remote attackers to execute arbitrary code via a crafted applet
    (CVE-2009-1102).
    
    This update provides fixes for these issues.
    
    Update :
    
    java-1.6.0-openjdk requires rhino packages and these has been further
    updated."
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_cwe_id(16, 20, 94, 119, 189, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:java-1.6.0-openjdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:java-1.6.0-openjdk-demo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:java-1.6.0-openjdk-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:java-1.6.0-openjdk-javadoc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:java-1.6.0-openjdk-plugin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:java-1.6.0-openjdk-src");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:rhino");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:rhino-demo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:rhino-javadoc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:rhino-manual");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2009.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2009.1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2009/06/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/06/21");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.");
      script_family(english:"Mandriva Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
    if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"MDK2009.0", reference:"java-1.6.0-openjdk-1.6.0.0-0.20.b16.0.2mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"java-1.6.0-openjdk-demo-1.6.0.0-0.20.b16.0.2mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"java-1.6.0-openjdk-devel-1.6.0.0-0.20.b16.0.2mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"java-1.6.0-openjdk-javadoc-1.6.0.0-0.20.b16.0.2mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"java-1.6.0-openjdk-plugin-1.6.0.0-0.20.b16.0.2mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"java-1.6.0-openjdk-src-1.6.0.0-0.20.b16.0.2mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"rhino-1.7-0.0.2.1mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"rhino-demo-1.7-0.0.2.1mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"rhino-javadoc-1.7-0.0.2.1mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"rhino-manual-1.7-0.0.2.1mdv2009.0", yank:"mdv")) flag++;
    
    if (rpm_check(release:"MDK2009.1", reference:"java-1.6.0-openjdk-1.6.0.0-0.20.b16.0.2mdv2009.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.1", reference:"java-1.6.0-openjdk-demo-1.6.0.0-0.20.b16.0.2mdv2009.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.1", reference:"java-1.6.0-openjdk-devel-1.6.0.0-0.20.b16.0.2mdv2009.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.1", reference:"java-1.6.0-openjdk-javadoc-1.6.0.0-0.20.b16.0.2mdv2009.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.1", reference:"java-1.6.0-openjdk-plugin-1.6.0.0-0.20.b16.0.2mdv2009.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.1", reference:"java-1.6.0-openjdk-src-1.6.0.0-0.20.b16.0.2mdv2009.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.1", reference:"rhino-1.7-0.0.3.1mdv2009.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.1", reference:"rhino-demo-1.7-0.0.3.1mdv2009.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.1", reference:"rhino-javadoc-1.7-0.0.3.1mdv2009.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.1", reference:"rhino-manual-1.7-0.0.3.1mdv2009.1", yank:"mdv")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2009-0377.NASL
    descriptionFrom Red Hat Security Advisory 2009:0377 : Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE) contains the software and tools that users need to run applications written using the Java programming language. A flaw was found in the way that the Java Virtual Machine (JVM) handled temporary font files. A malicious applet could use this flaw to use large amounts of disk space, causing a denial of service. (CVE-2006-2426) A memory leak flaw was found in LittleCMS (embedded in OpenJDK). An application using color profiles could use excessive amounts of memory, and possibly crash after using all available memory, if used to open specially crafted images. (CVE-2009-0581) Multiple integer overflow flaws which could lead to heap-based buffer overflows, as well as multiple insufficient input validation flaws, were found in the way LittleCMS handled color profiles. An attacker could use these flaws to create a specially crafted image file which could cause a Java application to crash or, possibly, execute arbitrary code when opened. (CVE-2009-0723, CVE-2009-0733) A NULL pointer dereference flaw was found in LittleCMS. An application using color profiles could crash while converting a specially crafted image file. (CVE-2009-0793) A flaw in the Java API for XML Web Services (JAX-WS) service endpoint handling could allow a remote attacker to cause a denial of service on the server application hosting the JAX-WS service endpoint. (CVE-2009-1101) A flaw in the way the Java Runtime Environment initialized LDAP connections could allow a remote, authenticated user to cause a denial of service on the LDAP service. (CVE-2009-1093) A flaw in the Java Runtime Environment LDAP client could allow malicious data from an LDAP server to cause arbitrary code to be loaded and then run on an LDAP client. (CVE-2009-1094) Several buffer overflow flaws were found in the Java Runtime Environment unpack200 functionality. An untrusted applet could extend its privileges, allowing it to read and write local files, as well as to execute local applications with the privileges of the user running the applet. (CVE-2009-1095, CVE-2009-1096) A flaw in the Java Runtime Environment Virtual Machine code generation functionality could allow untrusted applets to extend their privileges. An untrusted applet could extend its privileges, allowing it to read and write local files, as well as execute local applications with the privileges of the user running the applet. (CVE-2009-1102) A buffer overflow flaw was found in the splash screen processing. A remote attacker could extend privileges to read and write local files, as well as to execute local applications with the privileges of the user running the java process. (CVE-2009-1097) A buffer overflow flaw was found in how GIF images were processed. A remote attacker could extend privileges to read and write local files, as well as execute local applications with the privileges of the user running the java process. (CVE-2009-1098) Note: The flaws concerning applets in this advisory, CVE-2009-1095, CVE-2009-1096, and CVE-2009-1102, can only be triggered in java-1.6.0-openjdk by calling the
    last seen2020-06-01
    modified2020-06-02
    plugin id67831
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67831
    titleOracle Linux 5 : java-1.6.0-openjdk (ELSA-2009-0377)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2009:0377 and 
    # Oracle Linux Security Advisory ELSA-2009-0377 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(67831);
      script_version("1.15");
      script_cvs_date("Date: 2019/10/25 13:36:08");
    
      script_cve_id("CVE-2006-2426", "CVE-2009-0581", "CVE-2009-0723", "CVE-2009-0733", "CVE-2009-0793", "CVE-2009-1093", "CVE-2009-1094", "CVE-2009-1095", "CVE-2009-1096", "CVE-2009-1097", "CVE-2009-1098", "CVE-2009-1101", "CVE-2009-1102");
      script_bugtraq_id(34185, 34240);
      script_xref(name:"RHSA", value:"2009:0377");
    
      script_name(english:"Oracle Linux 5 : java-1.6.0-openjdk (ELSA-2009-0377)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "From Red Hat Security Advisory 2009:0377 :
    
    Updated java-1.6.0-openjdk packages that fix several security issues
    are now available for Red Hat Enterprise Linux 5.
    
    This update has been rated as having important security impact by the
    Red Hat Security Response Team.
    
    These packages provide the OpenJDK 6 Java Runtime Environment and the
    OpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE)
    contains the software and tools that users need to run applications
    written using the Java programming language.
    
    A flaw was found in the way that the Java Virtual Machine (JVM)
    handled temporary font files. A malicious applet could use this flaw
    to use large amounts of disk space, causing a denial of service.
    (CVE-2006-2426)
    
    A memory leak flaw was found in LittleCMS (embedded in OpenJDK). An
    application using color profiles could use excessive amounts of
    memory, and possibly crash after using all available memory, if used
    to open specially crafted images. (CVE-2009-0581)
    
    Multiple integer overflow flaws which could lead to heap-based buffer
    overflows, as well as multiple insufficient input validation flaws,
    were found in the way LittleCMS handled color profiles. An attacker
    could use these flaws to create a specially crafted image file which
    could cause a Java application to crash or, possibly, execute
    arbitrary code when opened. (CVE-2009-0723, CVE-2009-0733)
    
    A NULL pointer dereference flaw was found in LittleCMS. An application
    using color profiles could crash while converting a specially crafted
    image file. (CVE-2009-0793)
    
    A flaw in the Java API for XML Web Services (JAX-WS) service endpoint
    handling could allow a remote attacker to cause a denial of service on
    the server application hosting the JAX-WS service endpoint.
    (CVE-2009-1101)
    
    A flaw in the way the Java Runtime Environment initialized LDAP
    connections could allow a remote, authenticated user to cause a denial
    of service on the LDAP service. (CVE-2009-1093)
    
    A flaw in the Java Runtime Environment LDAP client could allow
    malicious data from an LDAP server to cause arbitrary code to be
    loaded and then run on an LDAP client. (CVE-2009-1094)
    
    Several buffer overflow flaws were found in the Java Runtime
    Environment unpack200 functionality. An untrusted applet could extend
    its privileges, allowing it to read and write local files, as well as
    to execute local applications with the privileges of the user running
    the applet. (CVE-2009-1095, CVE-2009-1096)
    
    A flaw in the Java Runtime Environment Virtual Machine code generation
    functionality could allow untrusted applets to extend their
    privileges. An untrusted applet could extend its privileges, allowing
    it to read and write local files, as well as execute local
    applications with the privileges of the user running the applet.
    (CVE-2009-1102)
    
    A buffer overflow flaw was found in the splash screen processing. A
    remote attacker could extend privileges to read and write local files,
    as well as to execute local applications with the privileges of the
    user running the java process. (CVE-2009-1097)
    
    A buffer overflow flaw was found in how GIF images were processed. A
    remote attacker could extend privileges to read and write local files,
    as well as execute local applications with the privileges of the user
    running the java process. (CVE-2009-1098)
    
    Note: The flaws concerning applets in this advisory, CVE-2009-1095,
    CVE-2009-1096, and CVE-2009-1102, can only be triggered in
    java-1.6.0-openjdk by calling the 'appletviewer' application.
    
    All users of java-1.6.0-openjdk are advised to upgrade to these
    updated packages, which resolve these issues. All running instances of
    OpenJDK Java must be restarted for the update to take effect."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2009-April/000953.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected java-1.6.0-openjdk packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_cwe_id(16, 20, 94, 119, 189, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:java-1.6.0-openjdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:java-1.6.0-openjdk-demo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:java-1.6.0-openjdk-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:java-1.6.0-openjdk-javadoc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:java-1.6.0-openjdk-src");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:5");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2006/05/17");
      script_set_attribute(attribute:"patch_publication_date", value:"2009/04/07");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 5", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    
    flag = 0;
    if (rpm_check(release:"EL5", reference:"java-1.6.0-openjdk-1.6.0.0-0.30.b09.0.1.el5")) flag++;
    if (rpm_check(release:"EL5", reference:"java-1.6.0-openjdk-demo-1.6.0.0-0.30.b09.0.1.el5")) flag++;
    if (rpm_check(release:"EL5", reference:"java-1.6.0-openjdk-devel-1.6.0.0-0.30.b09.0.1.el5")) flag++;
    if (rpm_check(release:"EL5", reference:"java-1.6.0-openjdk-javadoc-1.6.0.0-0.30.b09.0.1.el5")) flag++;
    if (rpm_check(release:"EL5", reference:"java-1.6.0-openjdk-src-1.6.0.0-0.30.b09.0.1.el5")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1.6.0-openjdk / java-1.6.0-openjdk-demo / etc");
    }
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2009-0339.NASL
    descriptionFrom Red Hat Security Advisory 2009:0339 : Updated lcms packages that resolve several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Little Color Management System (LittleCMS, or simply
    last seen2020-06-01
    modified2020-06-02
    plugin id67819
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67819
    titleOracle Linux 5 : lcms (ELSA-2009-0339)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2009:0339 and 
    # Oracle Linux Security Advisory ELSA-2009-0339 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(67819);
      script_version("1.10");
      script_cvs_date("Date: 2019/10/25 13:36:07");
    
      script_cve_id("CVE-2009-0581", "CVE-2009-0723", "CVE-2009-0733");
      script_xref(name:"RHSA", value:"2009:0339");
    
      script_name(english:"Oracle Linux 5 : lcms (ELSA-2009-0339)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "From Red Hat Security Advisory 2009:0339 :
    
    Updated lcms packages that resolve several security issues are now
    available for Red Hat Enterprise Linux 5.
    
    This update has been rated as having moderate security impact by the
    Red Hat Security Response Team.
    
    Little Color Management System (LittleCMS, or simply 'lcms') is a
    small-footprint, speed-optimized open source color management engine.
    
    Multiple integer overflow flaws which could lead to heap-based buffer
    overflows, as well as multiple insufficient input validation flaws,
    were found in LittleCMS. An attacker could use these flaws to create a
    specially crafted image file which could cause an application using
    LittleCMS to crash, or, possibly, execute arbitrary code when opened
    by a victim. (CVE-2009-0723, CVE-2009-0733)
    
    A memory leak flaw was found in LittleCMS. An application using
    LittleCMS could use excessive amount of memory, and possibly crash
    after using all available memory, if used to open specially crafted
    images. (CVE-2009-0581)
    
    Red Hat would like to thank Chris Evans from the Google Security Team
    for reporting these issues.
    
    All users of LittleCMS should install these updated packages, which
    upgrade LittleCMS to version 1.18. All running applications using the
    lcms library must be restarted for the update to take effect."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2009-March/000923.html"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected lcms packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(119, 189, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:lcms");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:lcms-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:python-lcms");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:5");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2009/03/23");
      script_set_attribute(attribute:"patch_publication_date", value:"2009/03/19");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 5", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    
    flag = 0;
    if (rpm_check(release:"EL5", reference:"lcms-1.18-0.1.beta1.el5_3.2")) flag++;
    if (rpm_check(release:"EL5", reference:"lcms-devel-1.18-0.1.beta1.el5_3.2")) flag++;
    if (rpm_check(release:"EL5", reference:"python-lcms-1.18-0.1.beta1.el5_3.2")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "lcms / lcms-devel / python-lcms");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2009-0377.NASL
    descriptionUpdated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE) contains the software and tools that users need to run applications written using the Java programming language. A flaw was found in the way that the Java Virtual Machine (JVM) handled temporary font files. A malicious applet could use this flaw to use large amounts of disk space, causing a denial of service. (CVE-2006-2426) A memory leak flaw was found in LittleCMS (embedded in OpenJDK). An application using color profiles could use excessive amounts of memory, and possibly crash after using all available memory, if used to open specially crafted images. (CVE-2009-0581) Multiple integer overflow flaws which could lead to heap-based buffer overflows, as well as multiple insufficient input validation flaws, were found in the way LittleCMS handled color profiles. An attacker could use these flaws to create a specially crafted image file which could cause a Java application to crash or, possibly, execute arbitrary code when opened. (CVE-2009-0723, CVE-2009-0733) A NULL pointer dereference flaw was found in LittleCMS. An application using color profiles could crash while converting a specially crafted image file. (CVE-2009-0793) A flaw in the Java API for XML Web Services (JAX-WS) service endpoint handling could allow a remote attacker to cause a denial of service on the server application hosting the JAX-WS service endpoint. (CVE-2009-1101) A flaw in the way the Java Runtime Environment initialized LDAP connections could allow a remote, authenticated user to cause a denial of service on the LDAP service. (CVE-2009-1093) A flaw in the Java Runtime Environment LDAP client could allow malicious data from an LDAP server to cause arbitrary code to be loaded and then run on an LDAP client. (CVE-2009-1094) Several buffer overflow flaws were found in the Java Runtime Environment unpack200 functionality. An untrusted applet could extend its privileges, allowing it to read and write local files, as well as to execute local applications with the privileges of the user running the applet. (CVE-2009-1095, CVE-2009-1096) A flaw in the Java Runtime Environment Virtual Machine code generation functionality could allow untrusted applets to extend their privileges. An untrusted applet could extend its privileges, allowing it to read and write local files, as well as execute local applications with the privileges of the user running the applet. (CVE-2009-1102) A buffer overflow flaw was found in the splash screen processing. A remote attacker could extend privileges to read and write local files, as well as to execute local applications with the privileges of the user running the java process. (CVE-2009-1097) A buffer overflow flaw was found in how GIF images were processed. A remote attacker could extend privileges to read and write local files, as well as execute local applications with the privileges of the user running the java process. (CVE-2009-1098) Note: The flaws concerning applets in this advisory, CVE-2009-1095, CVE-2009-1096, and CVE-2009-1102, can only be triggered in java-1.6.0-openjdk by calling the
    last seen2020-06-01
    modified2020-06-02
    plugin id36111
    published2009-04-08
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/36111
    titleRHEL 5 : java-1.6.0-openjdk (RHSA-2009:0377)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2009:0377. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(36111);
      script_version ("1.32");
      script_cvs_date("Date: 2019/10/25 13:36:14");
    
      script_cve_id("CVE-2006-2426", "CVE-2009-0581", "CVE-2009-0723", "CVE-2009-0733", "CVE-2009-0793", "CVE-2009-1093", "CVE-2009-1094", "CVE-2009-1095", "CVE-2009-1096", "CVE-2009-1097", "CVE-2009-1098", "CVE-2009-1101", "CVE-2009-1102");
      script_bugtraq_id(34185, 34240);
      script_xref(name:"RHSA", value:"2009:0377");
    
      script_name(english:"RHEL 5 : java-1.6.0-openjdk (RHSA-2009:0377)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated java-1.6.0-openjdk packages that fix several security issues
    are now available for Red Hat Enterprise Linux 5.
    
    This update has been rated as having important security impact by the
    Red Hat Security Response Team.
    
    These packages provide the OpenJDK 6 Java Runtime Environment and the
    OpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE)
    contains the software and tools that users need to run applications
    written using the Java programming language.
    
    A flaw was found in the way that the Java Virtual Machine (JVM)
    handled temporary font files. A malicious applet could use this flaw
    to use large amounts of disk space, causing a denial of service.
    (CVE-2006-2426)
    
    A memory leak flaw was found in LittleCMS (embedded in OpenJDK). An
    application using color profiles could use excessive amounts of
    memory, and possibly crash after using all available memory, if used
    to open specially crafted images. (CVE-2009-0581)
    
    Multiple integer overflow flaws which could lead to heap-based buffer
    overflows, as well as multiple insufficient input validation flaws,
    were found in the way LittleCMS handled color profiles. An attacker
    could use these flaws to create a specially crafted image file which
    could cause a Java application to crash or, possibly, execute
    arbitrary code when opened. (CVE-2009-0723, CVE-2009-0733)
    
    A NULL pointer dereference flaw was found in LittleCMS. An application
    using color profiles could crash while converting a specially crafted
    image file. (CVE-2009-0793)
    
    A flaw in the Java API for XML Web Services (JAX-WS) service endpoint
    handling could allow a remote attacker to cause a denial of service on
    the server application hosting the JAX-WS service endpoint.
    (CVE-2009-1101)
    
    A flaw in the way the Java Runtime Environment initialized LDAP
    connections could allow a remote, authenticated user to cause a denial
    of service on the LDAP service. (CVE-2009-1093)
    
    A flaw in the Java Runtime Environment LDAP client could allow
    malicious data from an LDAP server to cause arbitrary code to be
    loaded and then run on an LDAP client. (CVE-2009-1094)
    
    Several buffer overflow flaws were found in the Java Runtime
    Environment unpack200 functionality. An untrusted applet could extend
    its privileges, allowing it to read and write local files, as well as
    to execute local applications with the privileges of the user running
    the applet. (CVE-2009-1095, CVE-2009-1096)
    
    A flaw in the Java Runtime Environment Virtual Machine code generation
    functionality could allow untrusted applets to extend their
    privileges. An untrusted applet could extend its privileges, allowing
    it to read and write local files, as well as execute local
    applications with the privileges of the user running the applet.
    (CVE-2009-1102)
    
    A buffer overflow flaw was found in the splash screen processing. A
    remote attacker could extend privileges to read and write local files,
    as well as to execute local applications with the privileges of the
    user running the java process. (CVE-2009-1097)
    
    A buffer overflow flaw was found in how GIF images were processed. A
    remote attacker could extend privileges to read and write local files,
    as well as execute local applications with the privileges of the user
    running the java process. (CVE-2009-1098)
    
    Note: The flaws concerning applets in this advisory, CVE-2009-1095,
    CVE-2009-1096, and CVE-2009-1102, can only be triggered in
    java-1.6.0-openjdk by calling the 'appletviewer' application.
    
    All users of java-1.6.0-openjdk are advised to upgrade to these
    updated packages, which resolve these issues. All running instances of
    OpenJDK Java must be restarted for the update to take effect."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-2426"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2009-0581"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2009-0723"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2009-0733"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2009-0793"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2009-1093"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2009-1094"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2009-1095"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2009-1096"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2009-1097"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2009-1098"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2009-1101"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2009-1102"
      );
      # http://blogs.sun.com/security/entry/advance_notification_of_security_updates4
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?025abcaa"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2009:0377"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_cwe_id(16, 20, 94, 119, 189, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-demo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-javadoc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-src");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5.3");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2006/05/17");
      script_set_attribute(attribute:"patch_publication_date", value:"2009/04/07");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/04/08");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2009:0377";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"java-1.6.0-openjdk-1.6.0.0-0.30.b09.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.6.0-openjdk-1.6.0.0-0.30.b09.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"java-1.6.0-openjdk-demo-1.6.0.0-0.30.b09.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.6.0-openjdk-demo-1.6.0.0-0.30.b09.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"java-1.6.0-openjdk-devel-1.6.0.0-0.30.b09.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.6.0-openjdk-devel-1.6.0.0-0.30.b09.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"java-1.6.0-openjdk-javadoc-1.6.0.0-0.30.b09.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.6.0-openjdk-javadoc-1.6.0.0-0.30.b09.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"java-1.6.0-openjdk-src-1.6.0.0-0.30.b09.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.6.0-openjdk-src-1.6.0.0-0.30.b09.el5")) flag++;
    
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1.6.0-openjdk / java-1.6.0-openjdk-demo / etc");
      }
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_1_LCMS-090309.NASL
    descriptionSpecially crafted image files could cause an integer overflow in lcms. Attackers could potentially exploit that to crash applications using lcms or even execute arbitrary code (CVE-2009-0723, CVE-2009-0581, CVE-2009-0733).
    last seen2020-06-01
    modified2020-06-02
    plugin id40255
    published2009-07-21
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40255
    titleopenSUSE Security Update : lcms (lcms-581)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update lcms-581.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(40255);
      script_version("1.12");
      script_cvs_date("Date: 2019/10/25 13:36:34");
    
      script_cve_id("CVE-2009-0581", "CVE-2009-0723", "CVE-2009-0733");
    
      script_name(english:"openSUSE Security Update : lcms (lcms-581)");
      script_summary(english:"Check for the lcms-581 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Specially crafted image files could cause an integer overflow in lcms.
    Attackers could potentially exploit that to crash applications using
    lcms or even execute arbitrary code (CVE-2009-0723, CVE-2009-0581,
    CVE-2009-0733)."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=479606"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected lcms packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_cwe_id(119, 189, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:lcms");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:liblcms-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:liblcms-devel-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:liblcms1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:liblcms1-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-lcms");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2009/03/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/07/21");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE11\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.1", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE11.1", reference:"lcms-1.17-44.59.1") ) flag++;
    if ( rpm_check(release:"SUSE11.1", reference:"liblcms-devel-1.17-44.59.1") ) flag++;
    if ( rpm_check(release:"SUSE11.1", reference:"liblcms1-1.17-44.59.1") ) flag++;
    if ( rpm_check(release:"SUSE11.1", reference:"python-lcms-1.17-44.59.1") ) flag++;
    if ( rpm_check(release:"SUSE11.1", cpu:"x86_64", reference:"liblcms-devel-32bit-1.17-44.59.1") ) flag++;
    if ( rpm_check(release:"SUSE11.1", cpu:"x86_64", reference:"liblcms1-32bit-1.17-44.59.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "lcms / liblcms-devel / liblcms-devel-32bit / liblcms1 / etc");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2009-3034.NASL
    descriptionlcms in OpenJDK upgraded to 1.18 fixing many related security issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id36025
    published2009-03-27
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/36025
    titleFedora 9 : java-1.6.0-openjdk-1.6.0.0-0.23.b09.fc9 (2009-3034)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2009-3034.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(36025);
      script_version ("1.14");
      script_cvs_date("Date: 2019/08/02 13:32:29");
    
      script_cve_id("CVE-2009-0581", "CVE-2009-0723", "CVE-2009-0733");
      script_xref(name:"FEDORA", value:"2009-3034");
    
      script_name(english:"Fedora 9 : java-1.6.0-openjdk-1.6.0.0-0.23.b09.fc9 (2009-3034)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "lcms in OpenJDK upgraded to 1.18 fixing many related security issues.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=487508"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=487509"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=487512"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2009-March/021715.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?15f2963b"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected java-1.6.0-openjdk package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_cwe_id(119, 189, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:java-1.6.0-openjdk");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:9");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2009/03/25");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/03/27");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^9([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 9.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC9", reference:"java-1.6.0-openjdk-1.6.0.0-0.23.b09.fc9")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1.6.0-openjdk");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2009-0339.NASL
    descriptionUpdated lcms packages that resolve several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Little Color Management System (LittleCMS, or simply
    last seen2020-06-01
    modified2020-06-02
    plugin id35970
    published2009-03-20
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/35970
    titleRHEL 5 : lcms (RHSA-2009:0339)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1769.NASL
    descriptionSeveral vulnerabilities have been identified in OpenJDK, an implementation of the Java SE platform. - CVE-2006-2426 Creation of large, temporary fonts could use up available disk space, leading to a denial of service condition. - CVE-2009-0581 / CVE-2009-0723 / CVE-2009-0733 / CVE-2009-0793 Several vulnerabilities existed in the embedded LittleCMS library, exploitable through crafted images: a memory leak, resulting in a denial of service condition (CVE-2009-0581 ), heap-based buffer overflows, potentially allowing arbitrary code execution (CVE-2009-0723, CVE-2009-0733 ), and a NULL pointer dereference, leading to denial of service (CVE-2009-0793 ). - CVE-2009-1093 The LDAP server implementation (in com.sun.jdni.ldap) did not properly close sockets if an error was encountered, leading to a denial-of-service condition. - CVE-2009-1094 The LDAP client implementation (in com.sun.jdni.ldap) allowed malicious LDAP servers to execute arbitrary code on the client. - CVE-2009-1101 The HTTP server implementation (sun.net.httpserver) contained an unspecified denial of service vulnerability. - CVE-2009-1095 / CVE-2009-1096 / CVE-2009-1097 / CVE-2009-1098 Several issues in Java Web Start have been addressed. The Debian packages currently do not support Java Web Start, so these issues are not directly exploitable, but the relevant code has been updated nevertheless.
    last seen2020-06-01
    modified2020-06-02
    plugin id36142
    published2009-04-13
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/36142
    titleDebian DSA-1769-1 : openjdk-6 - several vulnerabilities
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-744-1.NASL
    descriptionChris Evans discovered that LittleCMS did not properly handle certain error conditions, resulting in a large memory leak. If a user or automated system were tricked into processing an image with malicious ICC tags, a remote attacker could cause a denial of service. (CVE-2009-0581) Chris Evans discovered that LittleCMS contained multiple integer overflows. If a user or automated system were tricked into processing an image with malicious ICC tags, a remote attacker could crash applications linked against liblcms1, leading to a denial of service, or possibly execute arbitrary code with user privileges. (CVE-2009-0723) Chris Evans discovered that LittleCMS did not properly perform bounds checking, leading to a buffer overflow. If a user or automated system were tricked into processing an image with malicious ICC tags, a remote attacker could execute arbitrary code with user privileges. (CVE-2009-0733). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id37935
    published2009-04-23
    reporterUbuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/37935
    titleUbuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : lcms vulnerabilities (USN-744-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_0_LCMS-090309.NASL
    descriptionSpecially crafted image files could cause an integer overflow in lcms. Attackers could potentially exploit that to crash applications using lcms or even execute arbitrary code (CVE-2009-0723, CVE-2009-0581, CVE-2009-0733).
    last seen2020-06-01
    modified2020-06-02
    plugin id40020
    published2009-07-21
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40020
    titleopenSUSE Security Update : lcms (lcms-581)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2009-2910.NASL
    descriptionSome patches that was collected in the fedora package have just been submitted upstream. Changes are hight that this update can be superseeded by a beta3 or a stable release from upstream. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id35994
    published2009-03-24
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/35994
    titleFedora 9 : lcms-1.18-0.1.beta2.fc9 (2009-2910)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2009-2928.NASL
    description - Mon Mar 23 2009 kwizart < kwizart at gmail.com > - 1.18-1 - Update to 1.18 (final) - Remove upstreamed patches - Disable autoreconf - patch libtool to prevent rpath issue Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id35996
    published2009-03-24
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/35996
    titleFedora 9 : lcms-1.18-1.fc9 (2009-2928)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2009-2983.NASL
    descriptionFixes important lcms security bug which gives unwarranted access to malicious users. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id35997
    published2009-03-24
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/35997
    titleFedora 9 : java-1.6.0-openjdk-1.6.0.0-0.21.b09.fc9 (2009-2983)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2009-083-01.NASL
    descriptionNew lcms packages are available for Slackware 10.0, 10.1, 10.2, 11.0, 12.0, 12.1, 12.2, and -current to fix security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id36009
    published2009-03-25
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/36009
    titleSlackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / 12.2 / current : lcms (SSA:2009-083-01)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_LCMS-090317.NASL
    descriptionSpecially crafted image files could cause an integer overflow in lcms. Attackers could potentially exploit that to crash applications using lcms or even execute arbitrary code. (CVE-2009-0723 / CVE-2009-0581 / CVE-2009-0733)
    last seen2020-06-01
    modified2020-06-02
    plugin id41417
    published2009-09-24
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41417
    titleSuSE 11 Security Update : lcms (SAT Patch Number 635)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_1_JAVA-1_6_0-OPENJDK-090312.NASL
    descriptionSpecially crafted image files could cause an integer overflow in the lcms library contained in openjdk. Attackers could potentially exploit that to crash applications using lcms or even execute arbitrary code (CVE-2009-0723, CVE-2009-0581, CVE-2009-0733).
    last seen2020-06-01
    modified2020-06-02
    plugin id40239
    published2009-07-21
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40239
    titleopenSUSE Security Update : java-1_6_0-openjdk (java-1_6_0-openjdk-602)
  • NASL familySuSE Local Security Checks
    NASL idSUSE9_12361.NASL
    descriptionSpecially crafted image files could cause an integer overflow in lcms. Attackers could potentially exploit that to crash applications using lcms or even execute arbitrary code. (CVE-2009-0723, CVE-2009-0581, CVE-2009-0733)
    last seen2020-06-01
    modified2020-06-02
    plugin id41284
    published2009-09-24
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41284
    titleSuSE9 Security Update : liblcms (YOU Patch Number 12361)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20090319_LCMS_ON_SL5_X.NASL
    descriptionMultiple integer overflow flaws which could lead to heap-based buffer overflows, as well as multiple insufficient input validation flaws, were found in LittleCMS. An attacker could use these flaws to create a specially crafted image file which could cause an application using LittleCMS to crash, or, possibly, execute arbitrary code when opened by a victim. (CVE-2009-0723, CVE-2009-0733) A memory leak flaw was found in LittleCMS. An application using LittleCMS could use excessive amount of memory, and possibly crash after using all available memory, if used to open specially crafted images. (CVE-2009-0581) All running applications using the lcms library must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id60550
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60550
    titleScientific Linux Security Update : lcms on SL5.x i386/x86_64
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_0_JAVA-1_6_0-OPENJDK-090312.NASL
    descriptionSpecially crafted image files could cause an integer overflow in the lcms library contained in openjdk. Attackers could potentially exploit that to crash applications using lcms or even execute arbitrary code (CVE-2009-0723, CVE-2009-0581, CVE-2009-0733). This update also fixes problems with package dependencies that prevented installation of the package.
    last seen2020-06-01
    modified2020-06-02
    plugin id40000
    published2009-07-21
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40000
    titleopenSUSE Security Update : java-1_6_0-openjdk (java-1_6_0-openjdk-603)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_LIBLCMS-6048.NASL
    descriptionSpecially crafted image files could cause an integer overflow in lcms. Attackers could potentially exploit that to crash applications using lcms or even execute arbitrary code. (CVE-2009-0723 / CVE-2009-0581 / CVE-2009-0733)
    last seen2020-06-01
    modified2020-06-02
    plugin id41544
    published2009-09-24
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41544
    titleSuSE 10 Security Update : liblcms (ZYPP Patch Number 6048)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2009-2970.NASL
    descriptionSome patches that was collected in the fedora package have just been submitted upstream. Changes are hight that this update can be superseeded by a beta3 or a stable release from upstream. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id36384
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/36384
    titleFedora 10 : lcms-1.18-0.1.beta2.fc10 (2009-2970)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2009-121.NASL
    descriptionMultiple security vulnerabilities has been identified and fixed in Little cms : A memory leak flaw allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted image file (CVE-2009-0581). Multiple integer overflows allow remote attackers to execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow (CVE-2009-0723). Multiple stack-based buffer overflows allow remote attackers to execute arbitrary code via a crafted image file associated with a large integer value for the (1) input or (2) output channel (CVE-2009-0733). A flaw in the transformations of monochrome profiles allows remote attackers to cause denial of service triggered by a NULL pointer dereference via a crafted image file (CVE-2009-0793). This update provides fixes for these issues. Update : Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers
    last seen2020-06-01
    modified2020-06-02
    plugin id38865
    published2009-05-22
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/38865
    titleMandriva Linux Security Advisory : lcms (MDVSA-2009:121-1)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200904-19.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200904-19 (LittleCMS: Multiple vulnerabilities) RedHat reported a NULL pointer dereference flaw while processing monochrome ICC profiles (CVE-2009-0793). Chris Evans of Google discovered the following vulnerabilities: LittleCMS contains severe memory leaks (CVE-2009-0581). LittleCMS is prone to multiple integer overflows, leading to a heap-based buffer overflow (CVE-2009-0723). The ReadSetOfCurves() function is vulnerable to stack-based buffer overflows when called from code paths without a bounds check on channel counts (CVE-2009-0733). Impact : A remote attacker could entice a user or automated system to open a specially crafted file containing a malicious ICC profile, possibly resulting in the execution of arbitrary code with the privileges of the user running the application or memory exhaustion, leading to a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id36198
    published2009-04-21
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/36198
    titleGLSA-200904-19 : LittleCMS: Multiple vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE_LIBLCMS-6049.NASL
    descriptionSpecially crafted image files could cause an integer overflow in lcms. Attackers could potentially exploit that to crash applications using lcms or even execute arbitrary code (CVE-2009-0723, CVE-2009-0581, CVE-2009-0733).
    last seen2020-06-01
    modified2020-06-02
    plugin id36007
    published2009-03-24
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/36007
    titleopenSUSE 10 Security Update : liblcms (liblcms-6049)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2009-2982.NASL
    descriptionFixes important lcms security bug which gives unwarranted access to malicious users. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id38080
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/38080
    titleFedora 10 : java-1.6.0-openjdk-1.6.0.0-11.b14.fc10 (2009-2982)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2009-0377.NASL
    descriptionUpdated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE) contains the software and tools that users need to run applications written using the Java programming language. A flaw was found in the way that the Java Virtual Machine (JVM) handled temporary font files. A malicious applet could use this flaw to use large amounts of disk space, causing a denial of service. (CVE-2006-2426) A memory leak flaw was found in LittleCMS (embedded in OpenJDK). An application using color profiles could use excessive amounts of memory, and possibly crash after using all available memory, if used to open specially crafted images. (CVE-2009-0581) Multiple integer overflow flaws which could lead to heap-based buffer overflows, as well as multiple insufficient input validation flaws, were found in the way LittleCMS handled color profiles. An attacker could use these flaws to create a specially crafted image file which could cause a Java application to crash or, possibly, execute arbitrary code when opened. (CVE-2009-0723, CVE-2009-0733) A NULL pointer dereference flaw was found in LittleCMS. An application using color profiles could crash while converting a specially crafted image file. (CVE-2009-0793) A flaw in the Java API for XML Web Services (JAX-WS) service endpoint handling could allow a remote attacker to cause a denial of service on the server application hosting the JAX-WS service endpoint. (CVE-2009-1101) A flaw in the way the Java Runtime Environment initialized LDAP connections could allow a remote, authenticated user to cause a denial of service on the LDAP service. (CVE-2009-1093) A flaw in the Java Runtime Environment LDAP client could allow malicious data from an LDAP server to cause arbitrary code to be loaded and then run on an LDAP client. (CVE-2009-1094) Several buffer overflow flaws were found in the Java Runtime Environment unpack200 functionality. An untrusted applet could extend its privileges, allowing it to read and write local files, as well as to execute local applications with the privileges of the user running the applet. (CVE-2009-1095, CVE-2009-1096) A flaw in the Java Runtime Environment Virtual Machine code generation functionality could allow untrusted applets to extend their privileges. An untrusted applet could extend its privileges, allowing it to read and write local files, as well as execute local applications with the privileges of the user running the applet. (CVE-2009-1102) A buffer overflow flaw was found in the splash screen processing. A remote attacker could extend privileges to read and write local files, as well as to execute local applications with the privileges of the user running the java process. (CVE-2009-1097) A buffer overflow flaw was found in how GIF images were processed. A remote attacker could extend privileges to read and write local files, as well as execute local applications with the privileges of the user running the java process. (CVE-2009-1098) Note: The flaws concerning applets in this advisory, CVE-2009-1095, CVE-2009-1096, and CVE-2009-1102, can only be triggered in java-1.6.0-openjdk by calling the
    last seen2020-06-01
    modified2020-06-02
    plugin id43736
    published2010-01-06
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/43736
    titleCentOS 5 : java-1.6.0-openjdk (CESA-2009:0377)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1745.NASL
    descriptionSeveral security issues have been discovered in lcms, a color management library. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-0581 Chris Evans discovered that lcms is affected by a memory leak, which could result in a denial of service via specially crafted image files. - CVE-2009-0723 Chris Evans discovered that lcms is prone to several integer overflows via specially crafted image files, which could lead to the execution of arbitrary code. - CVE-2009-0733 Chris Evans discovered the lack of upper-bounds check on sizes leading to a buffer overflow, which could be used to execute arbitrary code.
    last seen2020-06-01
    modified2020-06-02
    plugin id35967
    published2009-03-20
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/35967
    titleDebian DSA-1745-1 : lcms - several vulnerabilities
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2009-2903.NASL
    description - Mon Mar 23 2009 kwizart < kwizart at gmail.com > - 1.18-1 - Update to 1.18 (final) - Remove upstreamed patches - Disable autoreconf - patch libtool to prevent rpath issue - Fri Mar 20 2009 kwizart < kwizart at gmail.com > - 1.18-0.1.beta2 - Update to 1.18beta2 fix bug #487508: CVE-2009-0723 LittleCms integer overflow fix bug #487512: CVE-2009-0733 LittleCms lack of upper-bounds check on sizes fix bug #487509: CVE-2009-0581 LittleCms memory leak - Mon Mar 2 2009 kwizart < kwizart at gmail.com > - 1.17-10 - Fix circle dependency #452352 - Wed Feb 25 2009 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.17-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild - Thu Dec 4 2008 kwizart < kwizart at gmail.com > - 1.17-8 - Fix autoreconf and missing auxiliary files. - Sat Nov 29 2008 Ignacio Vazquez-Abrams <ivazqueznet+rpm at gmail.com> - 1.17-7 - Rebuild for Python 2.6 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id37136
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/37136
    titleFedora 10 : lcms-1.18-1.fc10 (2009-2903)

Oval

accepted2013-04-29T04:00:33.361-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 5
    ovaloval:org.mitre.oval:def:11414
  • commentThe operating system installed on the system is CentOS Linux 5.x
    ovaloval:org.mitre.oval:def:15802
  • commentOracle Linux 5.x
    ovaloval:org.mitre.oval:def:15459
descriptionMemory leak in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allows context-dependent attackers to cause a denial of service (memory consumption and application crash) via a crafted image file.
familyunix
idoval:org.mitre.oval:def:10023
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleMemory leak in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allows context-dependent attackers to cause a denial of service (memory consumption and application crash) via a crafted image file.
version18

Redhat

advisories
  • rhsa
    idRHSA-2009:0339
  • rhsa
    idRHSA-2009:0377
rpms
  • lcms-0:1.18-0.1.beta1.el5_3.2
  • lcms-debuginfo-0:1.18-0.1.beta1.el5_3.2
  • lcms-devel-0:1.18-0.1.beta1.el5_3.2
  • python-lcms-0:1.18-0.1.beta1.el5_3.2
  • java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5
  • java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5
  • java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5
  • java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5
  • java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5
  • java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 34185 CVE(CAN) ID: CVE-2009-0581,CVE-2009-0733,CVE-2009-0723 Little cms是一款小型的开源颜色管理引擎。 LittleCMS中存在多个可导致堆溢出的整数溢出漏洞和多个不充分输入验证错误。攻击者可以利用这些漏洞创建特制的图形文件,如果受害用户打开了该文件,就会导致使用LittleCMS的应用崩溃或执行任意代码。 LittleCMS中存在内存泄露漏洞。如果使用LittleCMS的应用打开了特制图形,就会使用过多的内存,在耗尽所有可用内存后会崩溃。 Little CMS &lt; 1.18 厂商补丁: RedHat ------ RedHat已经为此发布了一个安全公告(RHSA-2009:0339-01)以及相应补丁: RHSA-2009:0339-01:Moderate: lcms security update 链接:<a href=https://www.redhat.com/support/errata/RHSA-2009-0339.html target=_blank rel=external nofollow>https://www.redhat.com/support/errata/RHSA-2009-0339.html</a>
idSSV:4945
last seen2017-11-19
modified2009-03-23
published2009-03-23
reporterRoot
titleLittle CMS内存泄露及整数溢出漏洞

References