Vulnerabilities > CVE-2009-1102 - Code Injection vulnerability in SUN Java

047910
CVSS 6.4 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
NONE
network
low complexity
sun
CWE-94
nessus

Summary

Unspecified vulnerability in the Virtual Machine in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to "code generation."

Vulnerable Configurations

Part Description Count
Application
Sun
1

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Leverage Executable Code in Non-Executable Files
    An attack of this type exploits a system's trust in configuration and resource files, when the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high. The attack can be directed at a client system, such as causing buffer overrun through loading seemingly benign image files, as in Microsoft Security Bulletin MS04-028 where specially crafted JPEG files could cause a buffer overrun once loaded into the browser. Another example targets clients reading pdf files. In this case the attacker simply appends javascript to the end of a legitimate url for a pdf (http://www.gnucitizen.org/blog/danger-danger-danger/) http://path/to/pdf/file.pdf#whatever_name_you_want=javascript:your_code_here The client assumes that they are reading a pdf, but the attacker has modified the resource and loaded executable javascript into the client's browser process. The attack can also target server processes. The attacker edits the resource or configuration file, for example a web.xml file used to configure security permissions for a J2EE app server, adding role name "public" grants all users with the public role the ability to use the administration functionality. The server trusts its configuration file to be correct, but when they are manipulated, the attacker gains full control.
  • Manipulating User-Controlled Variables
    This attack targets user controlled variables (DEBUG=1, PHP Globals, and So Forth). An attacker can override environment variables leveraging user-supplied, untrusted query variables directly used on the application server without any data sanitization. In extreme cases, the attacker can change variables controlling the business logic of the application. For instance, in languages like PHP, a number of poorly set default configurations may allow the user to override variables.

Nessus

  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2009-137.NASL
    descriptionMultiple security vulnerabilities has been identified and fixed in Little cms library embedded in OpenJDK : A memory leak flaw allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted image file (CVE-2009-0581). Multiple integer overflows allow remote attackers to execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow (CVE-2009-0723). Multiple stack-based buffer overflows allow remote attackers to execute arbitrary code via a crafted image file associated with a large integer value for the (1) input or (2) output channel (CVE-2009-0733). A flaw in the transformations of monochrome profiles allows remote attackers to cause denial of service triggered by a NULL pointer dereference via a crafted image file (CVE-2009-0793). Further security fixes in the JRE and in the Java API of OpenJDK : A flaw in handling temporary font files by the Java Virtual Machine (JVM) allows remote attackers to cause denial of service (CVE-2006-2426). An integer overflow flaw was found in Pulse-Java when handling Pulse audio source data lines. An attacker could use this flaw to cause an applet to crash, leading to a denial of service (CVE-2009-0794). A flaw in Java Runtime Environment initialized LDAP connections allows authenticated remote users to cause denial of service on the LDAP service (CVE-2009-1093). A flaw in the Java Runtime Environment LDAP client in handling server LDAP responses allows remote attackers to execute arbitrary code on the client side via malicious server response (CVE-2009-1094). Buffer overflows in the the Java Runtime Environment unpack200 utility allow remote attackers to execute arbitrary code via an crafted applet (CVE-2009-1095, CVE-2009-1096). A buffer overflow in the splash screen processing allows a attackers to execute arbitrary code (CVE-2009-1097). A buffer overflow in GIF images handling allows remote attackers to execute arbitrary code via an crafted GIF image (CVE-2009-1098). A flaw in the Java API for XML Web Services (JAX-WS) service endpoint handling allows remote attackers to cause a denial of service on the service endpoint
    last seen2020-06-01
    modified2020-06-02
    plugin id39478
    published2009-06-21
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/39478
    titleMandriva Linux Security Advisory : java-1.6.0-openjdk (MDVSA-2009:137)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Mandriva Linux Security Advisory MDVSA-2009:137. 
    # The text itself is copyright (C) Mandriva S.A.
    #
    
    if (NASL_LEVEL < 3000) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(39478);
      script_version ("1.22");
      script_cvs_date("Date: 2019/08/02 13:32:52");
    
      script_cve_id(
        "CVE-2006-2426",
        "CVE-2009-0581",
        "CVE-2009-0723",
        "CVE-2009-0733",
        "CVE-2009-0793",
        "CVE-2009-0794",
        "CVE-2009-1093",
        "CVE-2009-1094",
        "CVE-2009-1095",
        "CVE-2009-1096",
        "CVE-2009-1097",
        "CVE-2009-1098",
        "CVE-2009-1101",
        "CVE-2009-1102"
      );
      script_bugtraq_id(
        34185,
        34240,
        34411
      );
      script_xref(name:"MDVSA", value:"2009:137");
    
      script_name(english:"Mandriva Linux Security Advisory : java-1.6.0-openjdk (MDVSA-2009:137)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Mandriva Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Multiple security vulnerabilities has been identified and fixed in
    Little cms library embedded in OpenJDK :
    
    A memory leak flaw allows remote attackers to cause a denial of
    service (memory consumption and application crash) via a crafted image
    file (CVE-2009-0581).
    
    Multiple integer overflows allow remote attackers to execute arbitrary
    code via a crafted image file that triggers a heap-based buffer
    overflow (CVE-2009-0723).
    
    Multiple stack-based buffer overflows allow remote attackers to
    execute arbitrary code via a crafted image file associated with a
    large integer value for the (1) input or (2) output channel
    (CVE-2009-0733).
    
    A flaw in the transformations of monochrome profiles allows remote
    attackers to cause denial of service triggered by a NULL pointer
    dereference via a crafted image file (CVE-2009-0793).
    
    Further security fixes in the JRE and in the Java API of OpenJDK :
    
    A flaw in handling temporary font files by the Java Virtual Machine
    (JVM) allows remote attackers to cause denial of service
    (CVE-2006-2426).
    
    An integer overflow flaw was found in Pulse-Java when handling Pulse
    audio source data lines. An attacker could use this flaw to cause an
    applet to crash, leading to a denial of service (CVE-2009-0794).
    
    A flaw in Java Runtime Environment initialized LDAP connections allows
    authenticated remote users to cause denial of service on the LDAP
    service (CVE-2009-1093).
    
    A flaw in the Java Runtime Environment LDAP client in handling server
    LDAP responses allows remote attackers to execute arbitrary code on
    the client side via malicious server response (CVE-2009-1094).
    
    Buffer overflows in the the Java Runtime Environment unpack200 utility
    allow remote attackers to execute arbitrary code via an crafted applet
    (CVE-2009-1095, CVE-2009-1096).
    
    A buffer overflow in the splash screen processing allows a attackers
    to execute arbitrary code (CVE-2009-1097).
    
    A buffer overflow in GIF images handling allows remote attackers to
    execute arbitrary code via an crafted GIF image (CVE-2009-1098).
    
    A flaw in the Java API for XML Web Services (JAX-WS) service endpoint
    handling allows remote attackers to cause a denial of service on the
    service endpoint's server side (CVE-2009-1101).
    
    A flaw in the Java Runtime Environment Virtual Machine code generation
    allows remote attackers to execute arbitrary code via a crafted applet
    (CVE-2009-1102).
    
    This update provides fixes for these issues.
    
    Update :
    
    java-1.6.0-openjdk requires rhino packages and these has been further
    updated."
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_cwe_id(16, 20, 94, 119, 189, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:java-1.6.0-openjdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:java-1.6.0-openjdk-demo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:java-1.6.0-openjdk-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:java-1.6.0-openjdk-javadoc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:java-1.6.0-openjdk-plugin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:java-1.6.0-openjdk-src");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:rhino");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:rhino-demo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:rhino-javadoc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:rhino-manual");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2009.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2009.1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2009/06/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/06/21");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.");
      script_family(english:"Mandriva Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
    if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"MDK2009.0", reference:"java-1.6.0-openjdk-1.6.0.0-0.20.b16.0.2mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"java-1.6.0-openjdk-demo-1.6.0.0-0.20.b16.0.2mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"java-1.6.0-openjdk-devel-1.6.0.0-0.20.b16.0.2mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"java-1.6.0-openjdk-javadoc-1.6.0.0-0.20.b16.0.2mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"java-1.6.0-openjdk-plugin-1.6.0.0-0.20.b16.0.2mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"java-1.6.0-openjdk-src-1.6.0.0-0.20.b16.0.2mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"rhino-1.7-0.0.2.1mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"rhino-demo-1.7-0.0.2.1mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"rhino-javadoc-1.7-0.0.2.1mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"rhino-manual-1.7-0.0.2.1mdv2009.0", yank:"mdv")) flag++;
    
    if (rpm_check(release:"MDK2009.1", reference:"java-1.6.0-openjdk-1.6.0.0-0.20.b16.0.2mdv2009.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.1", reference:"java-1.6.0-openjdk-demo-1.6.0.0-0.20.b16.0.2mdv2009.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.1", reference:"java-1.6.0-openjdk-devel-1.6.0.0-0.20.b16.0.2mdv2009.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.1", reference:"java-1.6.0-openjdk-javadoc-1.6.0.0-0.20.b16.0.2mdv2009.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.1", reference:"java-1.6.0-openjdk-plugin-1.6.0.0-0.20.b16.0.2mdv2009.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.1", reference:"java-1.6.0-openjdk-src-1.6.0.0-0.20.b16.0.2mdv2009.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.1", reference:"rhino-1.7-0.0.3.1mdv2009.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.1", reference:"rhino-demo-1.7-0.0.3.1mdv2009.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.1", reference:"rhino-javadoc-1.7-0.0.3.1mdv2009.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.1", reference:"rhino-manual-1.7-0.0.3.1mdv2009.1", yank:"mdv")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2009-0377.NASL
    descriptionFrom Red Hat Security Advisory 2009:0377 : Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE) contains the software and tools that users need to run applications written using the Java programming language. A flaw was found in the way that the Java Virtual Machine (JVM) handled temporary font files. A malicious applet could use this flaw to use large amounts of disk space, causing a denial of service. (CVE-2006-2426) A memory leak flaw was found in LittleCMS (embedded in OpenJDK). An application using color profiles could use excessive amounts of memory, and possibly crash after using all available memory, if used to open specially crafted images. (CVE-2009-0581) Multiple integer overflow flaws which could lead to heap-based buffer overflows, as well as multiple insufficient input validation flaws, were found in the way LittleCMS handled color profiles. An attacker could use these flaws to create a specially crafted image file which could cause a Java application to crash or, possibly, execute arbitrary code when opened. (CVE-2009-0723, CVE-2009-0733) A NULL pointer dereference flaw was found in LittleCMS. An application using color profiles could crash while converting a specially crafted image file. (CVE-2009-0793) A flaw in the Java API for XML Web Services (JAX-WS) service endpoint handling could allow a remote attacker to cause a denial of service on the server application hosting the JAX-WS service endpoint. (CVE-2009-1101) A flaw in the way the Java Runtime Environment initialized LDAP connections could allow a remote, authenticated user to cause a denial of service on the LDAP service. (CVE-2009-1093) A flaw in the Java Runtime Environment LDAP client could allow malicious data from an LDAP server to cause arbitrary code to be loaded and then run on an LDAP client. (CVE-2009-1094) Several buffer overflow flaws were found in the Java Runtime Environment unpack200 functionality. An untrusted applet could extend its privileges, allowing it to read and write local files, as well as to execute local applications with the privileges of the user running the applet. (CVE-2009-1095, CVE-2009-1096) A flaw in the Java Runtime Environment Virtual Machine code generation functionality could allow untrusted applets to extend their privileges. An untrusted applet could extend its privileges, allowing it to read and write local files, as well as execute local applications with the privileges of the user running the applet. (CVE-2009-1102) A buffer overflow flaw was found in the splash screen processing. A remote attacker could extend privileges to read and write local files, as well as to execute local applications with the privileges of the user running the java process. (CVE-2009-1097) A buffer overflow flaw was found in how GIF images were processed. A remote attacker could extend privileges to read and write local files, as well as execute local applications with the privileges of the user running the java process. (CVE-2009-1098) Note: The flaws concerning applets in this advisory, CVE-2009-1095, CVE-2009-1096, and CVE-2009-1102, can only be triggered in java-1.6.0-openjdk by calling the
    last seen2020-06-01
    modified2020-06-02
    plugin id67831
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67831
    titleOracle Linux 5 : java-1.6.0-openjdk (ELSA-2009-0377)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2009:0377 and 
    # Oracle Linux Security Advisory ELSA-2009-0377 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(67831);
      script_version("1.15");
      script_cvs_date("Date: 2019/10/25 13:36:08");
    
      script_cve_id("CVE-2006-2426", "CVE-2009-0581", "CVE-2009-0723", "CVE-2009-0733", "CVE-2009-0793", "CVE-2009-1093", "CVE-2009-1094", "CVE-2009-1095", "CVE-2009-1096", "CVE-2009-1097", "CVE-2009-1098", "CVE-2009-1101", "CVE-2009-1102");
      script_bugtraq_id(34185, 34240);
      script_xref(name:"RHSA", value:"2009:0377");
    
      script_name(english:"Oracle Linux 5 : java-1.6.0-openjdk (ELSA-2009-0377)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "From Red Hat Security Advisory 2009:0377 :
    
    Updated java-1.6.0-openjdk packages that fix several security issues
    are now available for Red Hat Enterprise Linux 5.
    
    This update has been rated as having important security impact by the
    Red Hat Security Response Team.
    
    These packages provide the OpenJDK 6 Java Runtime Environment and the
    OpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE)
    contains the software and tools that users need to run applications
    written using the Java programming language.
    
    A flaw was found in the way that the Java Virtual Machine (JVM)
    handled temporary font files. A malicious applet could use this flaw
    to use large amounts of disk space, causing a denial of service.
    (CVE-2006-2426)
    
    A memory leak flaw was found in LittleCMS (embedded in OpenJDK). An
    application using color profiles could use excessive amounts of
    memory, and possibly crash after using all available memory, if used
    to open specially crafted images. (CVE-2009-0581)
    
    Multiple integer overflow flaws which could lead to heap-based buffer
    overflows, as well as multiple insufficient input validation flaws,
    were found in the way LittleCMS handled color profiles. An attacker
    could use these flaws to create a specially crafted image file which
    could cause a Java application to crash or, possibly, execute
    arbitrary code when opened. (CVE-2009-0723, CVE-2009-0733)
    
    A NULL pointer dereference flaw was found in LittleCMS. An application
    using color profiles could crash while converting a specially crafted
    image file. (CVE-2009-0793)
    
    A flaw in the Java API for XML Web Services (JAX-WS) service endpoint
    handling could allow a remote attacker to cause a denial of service on
    the server application hosting the JAX-WS service endpoint.
    (CVE-2009-1101)
    
    A flaw in the way the Java Runtime Environment initialized LDAP
    connections could allow a remote, authenticated user to cause a denial
    of service on the LDAP service. (CVE-2009-1093)
    
    A flaw in the Java Runtime Environment LDAP client could allow
    malicious data from an LDAP server to cause arbitrary code to be
    loaded and then run on an LDAP client. (CVE-2009-1094)
    
    Several buffer overflow flaws were found in the Java Runtime
    Environment unpack200 functionality. An untrusted applet could extend
    its privileges, allowing it to read and write local files, as well as
    to execute local applications with the privileges of the user running
    the applet. (CVE-2009-1095, CVE-2009-1096)
    
    A flaw in the Java Runtime Environment Virtual Machine code generation
    functionality could allow untrusted applets to extend their
    privileges. An untrusted applet could extend its privileges, allowing
    it to read and write local files, as well as execute local
    applications with the privileges of the user running the applet.
    (CVE-2009-1102)
    
    A buffer overflow flaw was found in the splash screen processing. A
    remote attacker could extend privileges to read and write local files,
    as well as to execute local applications with the privileges of the
    user running the java process. (CVE-2009-1097)
    
    A buffer overflow flaw was found in how GIF images were processed. A
    remote attacker could extend privileges to read and write local files,
    as well as execute local applications with the privileges of the user
    running the java process. (CVE-2009-1098)
    
    Note: The flaws concerning applets in this advisory, CVE-2009-1095,
    CVE-2009-1096, and CVE-2009-1102, can only be triggered in
    java-1.6.0-openjdk by calling the 'appletviewer' application.
    
    All users of java-1.6.0-openjdk are advised to upgrade to these
    updated packages, which resolve these issues. All running instances of
    OpenJDK Java must be restarted for the update to take effect."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2009-April/000953.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected java-1.6.0-openjdk packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_cwe_id(16, 20, 94, 119, 189, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:java-1.6.0-openjdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:java-1.6.0-openjdk-demo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:java-1.6.0-openjdk-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:java-1.6.0-openjdk-javadoc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:java-1.6.0-openjdk-src");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:5");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2006/05/17");
      script_set_attribute(attribute:"patch_publication_date", value:"2009/04/07");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 5", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    
    flag = 0;
    if (rpm_check(release:"EL5", reference:"java-1.6.0-openjdk-1.6.0.0-0.30.b09.0.1.el5")) flag++;
    if (rpm_check(release:"EL5", reference:"java-1.6.0-openjdk-demo-1.6.0.0-0.30.b09.0.1.el5")) flag++;
    if (rpm_check(release:"EL5", reference:"java-1.6.0-openjdk-devel-1.6.0.0-0.30.b09.0.1.el5")) flag++;
    if (rpm_check(release:"EL5", reference:"java-1.6.0-openjdk-javadoc-1.6.0.0-0.30.b09.0.1.el5")) flag++;
    if (rpm_check(release:"EL5", reference:"java-1.6.0-openjdk-src-1.6.0.0-0.30.b09.0.1.el5")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1.6.0-openjdk / java-1.6.0-openjdk-demo / etc");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_0_JAVA-1_6_0-SUN-090327.NASL
    descriptionThe Sun JDK 6 was updated to Update13 to fix various bugs and security issues. CVE-2009-1093: LdapCtx in the LDAP service in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier does not close the connection when initialization fails, which allows remote attackers to cause a denial of service (LDAP service hang). CVE-2009-1094: Unspecified vulnerability in the LDAP implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier allows remote LDAP servers to execute arbitrary code via unknown vectors related to serialized data. CVE-2009-1095: Integer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers. CVE-2009-1096: Buffer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers. CVE-2009-1097: Multiple buffer overflows in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allow remote attackers to access files or execute arbitrary code via a crafted (1) PNG image, aka CR 6804996, and (2) GIF image, aka CR 6804997. CVE-2009-1098: Buffer overflow in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files or execute arbitrary code via a crafted GIF image, aka CR 6804998. CVE-2009-1099: Integer signedness error in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a crafted Type1 font, which triggers a buffer overflow. CVE-2009-1100: Multiple unspecified vulnerabilities in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allow remote attackers to cause a denial of service (disk consumption) via vectors related to temporary font files and (1)
    last seen2020-06-01
    modified2020-06-02
    plugin id40003
    published2009-07-21
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40003
    titleopenSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-705)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2009-0377.NASL
    descriptionUpdated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE) contains the software and tools that users need to run applications written using the Java programming language. A flaw was found in the way that the Java Virtual Machine (JVM) handled temporary font files. A malicious applet could use this flaw to use large amounts of disk space, causing a denial of service. (CVE-2006-2426) A memory leak flaw was found in LittleCMS (embedded in OpenJDK). An application using color profiles could use excessive amounts of memory, and possibly crash after using all available memory, if used to open specially crafted images. (CVE-2009-0581) Multiple integer overflow flaws which could lead to heap-based buffer overflows, as well as multiple insufficient input validation flaws, were found in the way LittleCMS handled color profiles. An attacker could use these flaws to create a specially crafted image file which could cause a Java application to crash or, possibly, execute arbitrary code when opened. (CVE-2009-0723, CVE-2009-0733) A NULL pointer dereference flaw was found in LittleCMS. An application using color profiles could crash while converting a specially crafted image file. (CVE-2009-0793) A flaw in the Java API for XML Web Services (JAX-WS) service endpoint handling could allow a remote attacker to cause a denial of service on the server application hosting the JAX-WS service endpoint. (CVE-2009-1101) A flaw in the way the Java Runtime Environment initialized LDAP connections could allow a remote, authenticated user to cause a denial of service on the LDAP service. (CVE-2009-1093) A flaw in the Java Runtime Environment LDAP client could allow malicious data from an LDAP server to cause arbitrary code to be loaded and then run on an LDAP client. (CVE-2009-1094) Several buffer overflow flaws were found in the Java Runtime Environment unpack200 functionality. An untrusted applet could extend its privileges, allowing it to read and write local files, as well as to execute local applications with the privileges of the user running the applet. (CVE-2009-1095, CVE-2009-1096) A flaw in the Java Runtime Environment Virtual Machine code generation functionality could allow untrusted applets to extend their privileges. An untrusted applet could extend its privileges, allowing it to read and write local files, as well as execute local applications with the privileges of the user running the applet. (CVE-2009-1102) A buffer overflow flaw was found in the splash screen processing. A remote attacker could extend privileges to read and write local files, as well as to execute local applications with the privileges of the user running the java process. (CVE-2009-1097) A buffer overflow flaw was found in how GIF images were processed. A remote attacker could extend privileges to read and write local files, as well as execute local applications with the privileges of the user running the java process. (CVE-2009-1098) Note: The flaws concerning applets in this advisory, CVE-2009-1095, CVE-2009-1096, and CVE-2009-1102, can only be triggered in java-1.6.0-openjdk by calling the
    last seen2020-06-01
    modified2020-06-02
    plugin id36111
    published2009-04-08
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/36111
    titleRHEL 5 : java-1.6.0-openjdk (RHSA-2009:0377)
  • NASL familyVMware ESX Local Security Checks
    NASL idVMWARE_VMSA-2009-0014.NASL
    descriptiona. Service Console update for DHCP and third-party library update for DHCP client. DHCP is an Internet-standard protocol by which a computer can be connected to a local network, ask to be given configuration information, and receive from a server enough information to configure itself as a member of that network. A stack-based buffer overflow in the script_write_params method in ISC DHCP dhclient allows remote DHCP servers to execute arbitrary code via a crafted subnet-mask option. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-0692 to this issue. An insecure temporary file use flaw was discovered in the DHCP daemon
    last seen2020-06-01
    modified2020-06-02
    plugin id42179
    published2009-10-19
    reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/42179
    titleVMSA-2009-0014 : VMware ESX patches for DHCP, Service Console kernel, and JRE resolve multiple security issues
  • NASL familySuSE Local Security Checks
    NASL idSUSE_JAVA-1_6_0-SUN-6128.NASL
    descriptionThe Sun JDK 6 was updated to Update13 to fix various bugs and security issues. CVE-2009-1093: LdapCtx in the LDAP service in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier does not close the connection when initialization fails, which allows remote attackers to cause a denial of service (LDAP service hang). CVE-2009-1094: Unspecified vulnerability in the LDAP implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier allows remote LDAP servers to execute arbitrary code via unknown vectors related to serialized data. CVE-2009-1095: Integer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers. CVE-2009-1096: Buffer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers. CVE-2009-1097: Multiple buffer overflows in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allow remote attackers to access files or execute arbitrary code via a crafted (1) PNG image, aka CR 6804996, and (2) GIF image, aka CR 6804997. CVE-2009-1098: Buffer overflow in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files or execute arbitrary code via a crafted GIF image, aka CR 6804998. CVE-2009-1099: Integer signedness error in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a crafted Type1 font, which triggers a buffer overflow. CVE-2009-1100: Multiple unspecified vulnerabilities in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allow remote attackers to cause a denial of service (disk consumption) via vectors related to temporary font files and (1)
    last seen2020-06-01
    modified2020-06-02
    plugin id36071
    published2009-04-01
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/36071
    titleopenSUSE 10 Security Update : java-1_6_0-sun (java-1_6_0-sun-6128)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2009-0394.NASL
    descriptionUpdated java-1.5.0-sun packages that correct several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. The Sun 1.5.0 Java release includes the Sun Java 5 Runtime Environment and the Sun Java 5 Software Development Kit. This update fixes several vulnerabilities in the Sun Java 5 Runtime Environment and the Sun Java 5 Software Development Kit. These vulnerabilities are summarized on the
    last seen2020-06-01
    modified2020-06-02
    plugin id40742
    published2009-08-24
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/40742
    titleRHEL 4 / 5 : java-1.5.0-sun (RHSA-2009:0394)
  • NASL familyVMware ESX Local Security Checks
    NASL idVMWARE_VMSA-2010-0002_REMOTE.NASL
    descriptionThe remote VMware ESX host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in the bundled version of the Java Runtime Environment (JRE).
    last seen2020-06-01
    modified2020-06-02
    plugin id89736
    published2016-03-08
    reporterThis script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/89736
    titleVMware ESX Java Runtime Environment (JRE) Multiple Vulnerabilities (VMSA-2010-0002) (remote check)
  • NASL familyMisc.
    NASL idVMWARE_VMSA-2009-0014_REMOTE.NASL
    descriptionThe remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in the following components : - ISC DHCP dhclient - Integrated Services Digital Network (ISDN) subsystem - Java Runtime Environment (JRE) - Java SE Development Kit (JDK) - Java SE Web Start - Linux kernel - Linux kernel 32-bit and 64-bit emulation - Linux kernel Simple Internet Transition INET6 - Linux kernel tty - Linux kernel virtual file system (VFS) - Red Hat dhcpd init script for DHCP - SBNI WAN driver
    last seen2020-06-01
    modified2020-06-02
    plugin id89116
    published2016-03-03
    reporterThis script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/89116
    titleVMware ESX / ESXi Multiple Vulnerabilities (VMSA-2009-0014) (remote check)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200911-02.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200911-02 (Sun JDK/JRE: Multiple vulnerabilities) Multiple vulnerabilities have been reported in the Sun Java implementation. Please review the CVE identifiers referenced below and the associated Sun Alerts for details. Impact : A remote attacker could entice a user to open a specially crafted JAR archive, applet, or Java Web Start application, possibly resulting in the execution of arbitrary code with the privileges of the user running the application. Furthermore, a remote attacker could cause a Denial of Service affecting multiple services via several vectors, disclose information and memory contents, write or execute local files, conduct session hijacking attacks via GIFAR files, steal cookies, bypass the same-origin policy, load untrusted JAR files, establish network connections to arbitrary hosts and posts via several vectors, modify the list of supported graphics configurations, bypass HMAC-based authentication systems, escalate privileges via several vectors and cause applet code to be executed with older, possibly vulnerable versions of the JRE. NOTE: Some vulnerabilities require a trusted environment, user interaction, a DNS Man-in-the-Middle or Cross-Site-Scripting attack. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id42834
    published2009-11-18
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/42834
    titleGLSA-200911-02 : Sun JDK/JRE: Multiple vulnerabilities
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2009-0392.NASL
    descriptionUpdated java-1.6.0-sun packages that correct several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. This update fixes several vulnerabilities in the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. These vulnerabilities are summarized on the
    last seen2020-06-01
    modified2020-06-02
    plugin id40741
    published2009-08-24
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/40741
    titleRHEL 4 / 5 : java-1.6.0-sun (RHSA-2009:0392)
  • NASL familyVMware ESX Local Security Checks
    NASL idVMWARE_VMSA-2009-0016.NASL
    descriptiona. JRE Security Update JRE update to version 1.5.0_20, which addresses multiple security issues that existed in earlier releases of JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.5.0_18: CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100, CVE-2009-1101, CVE-2009-1102, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, and CVE-2009-1107. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.5.0_20: CVE-2009-2625, CVE-2009-2670, CVE-2009-2671, CVE-2009-2672, CVE-2009-2673, CVE-2009-2675, CVE-2009-2676, CVE-2009-2716, CVE-2009-2718, CVE-2009-2719, CVE-2009-2720, CVE-2009-2721, CVE-2009-2722, CVE-2009-2723, CVE-2009-2724. b. Update Apache Tomcat version Update for VirtualCenter and ESX patch update the Tomcat package to version 6.0.20 (vSphere 4.0) or version 5.5.28 (VirtualCenter 2.5) which addresses multiple security issues that existed in the previous version of Apache Tomcat. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.20 and Tomcat 5.5.28: CVE-2008-5515, CVE-2009-0033, CVE-2009-0580, CVE-2009-0781, CVE-2009-0783. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.18: CVE-2008-1232, CVE-2008-1947, CVE-2008-2370. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.16: CVE-2007-5333, CVE-2007-5342, CVE-2007-5461, CVE-2007-6286, CVE-2008-0002. c. Third-party library update for ntp. The Network Time Protocol (NTP) is used to synchronize a computer
    last seen2020-06-01
    modified2020-06-02
    plugin id42870
    published2009-11-23
    reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/42870
    titleVMSA-2009-0016 : VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components.
  • NASL familyVMware ESX Local Security Checks
    NASL idVMWARE_VMSA-2010-0002.NASL
    descriptiona. Java JRE Security Update JRE update to version 1.5.0_22, which addresses multiple security issues that existed in earlier releases of JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.5.0_18: CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100, CVE-2009-1101, CVE-2009-1102, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, and CVE-2009-1107. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.5.0_20: CVE-2009-2625, CVE-2009-2670, CVE-2009-2671, CVE-2009-2672, CVE-2009-2673, CVE-2009-2675, CVE-2009-2676, CVE-2009-2716, CVE-2009-2718, CVE-2009-2719, CVE-2009-2720, CVE-2009-2721, CVE-2009-2722, CVE-2009-2723, CVE-2009-2724. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.5.0_22: CVE-2009-3728, CVE-2009-3729, CVE-2009-3864, CVE-2009-3865, CVE-2009-3866, CVE-2009-3867, CVE-2009-3868, CVE-2009-3869, CVE-2009-3871, CVE-2009-3872, CVE-2009-3873, CVE-2009-3874, CVE-2009-3875, CVE-2009-3876, CVE-2009-3877, CVE-2009-3879, CVE-2009-3880, CVE-2009-3881, CVE-2009-3882, CVE-2009-3883, CVE-2009-3884, CVE-2009-3886, CVE-2009-3885.
    last seen2020-06-01
    modified2020-06-02
    plugin id45386
    published2010-03-31
    reporterThis script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/45386
    titleVMSA-2010-0002 : VMware vCenter update release addresses multiple security issues in Java JRE
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20090326_JAVA__JDK_1_6_0__ON_SL4_X.NASL
    descriptionThis update fixes several vulnerabilities in the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. These vulnerabilities are summarized on the
    last seen2020-06-01
    modified2020-06-02
    plugin id60555
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60555
    titleScientific Linux Security Update : java (jdk 1.6.0) on SL4.x, SL5.x i386/x86_64
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-748-1.NASL
    descriptionIt was discovered that font creation could leak temporary files. If a user were tricked into loading a malicious program or applet, a remote attacker could consume disk space, leading to a denial of service. (CVE-2006-2426, CVE-2009-1100) It was discovered that the lightweight HttpServer did not correctly close files on dataless connections. A remote attacker could send specially crafted requests, leading to a denial of service. (CVE-2009-1101) The Java Runtime Environment did not correctly validate certain generated code. If a user were tricked into running a malicious applet a remote attacker could execute arbitrary code. (CVE-2009-1102) It was discovered that LDAP connections did not close correctly. A remote attacker could send specially crafted requests, leading to a denial of service. (CVE-2009-1093) Java LDAP routines did not unserialize certain data correctly. A remote attacker could send specially crafted requests that could lead to arbitrary code execution. (CVE-2009-1094) Java did not correctly check certain JAR headers. If a user or automated system were tricked into processing a malicious JAR file, a remote attacker could crash the application, leading to a denial of service. (CVE-2009-1095, CVE-2009-1096) It was discovered that PNG and GIF decoding in Java could lead to memory corruption. If a user or automated system were tricked into processing a specially crafted image, a remote attacker could crash the application, leading to a denial of service. (CVE-2009-1097, CVE-2009-1098). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id36366
    published2009-04-23
    reporterUbuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/36366
    titleUbuntu 8.10 : openjdk-6 vulnerabilities (USN-748-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_JAVA-1_6_0-SUN-090327.NASL
    descriptionThe Sun JDK 6 was updated to Update13 to fix various bugs and security issues. - LdapCtx in the LDAP service in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier does not close the connection when initialization fails, which allows remote attackers to cause a denial of service (LDAP service hang). (CVE-2009-1093) - Unspecified vulnerability in the LDAP implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier allows remote LDAP servers to execute arbitrary code via unknown vectors related to serialized data. (CVE-2009-1094) - Integer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers. (CVE-2009-1095) - Buffer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers. (CVE-2009-1096) - Multiple buffer overflows in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allow remote attackers to access files or execute arbitrary code via a crafted (1) PNG image, aka CR 6804996, and (2) GIF image, aka CR 6804997. (CVE-2009-1097) - Buffer overflow in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files or execute arbitrary code via a crafted GIF image, aka CR 6804998. (CVE-2009-1098) - Integer signedness error in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a crafted Type1 font, which triggers a buffer overflow. (CVE-2009-1099) - Multiple unspecified vulnerabilities in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allow remote attackers to cause a denial of service (disk consumption) via vectors related to temporary font files and (1)
    last seen2020-06-01
    modified2020-06-02
    plugin id41407
    published2009-09-24
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41407
    titleSuSE 11 Security Update : Sun JDK 6 (SAT Patch Number 699)
  • NASL familyMisc.
    NASL idSUN_JAVA_JRE_254569_UNIX.NASL
    descriptionThe version of Sun Java Runtime Environment (JRE) installed on the remote host is earlier than 6 Update 13 / 5.0 Update 18 / 1.4.2_20 / 1.3.1_25. Such versions are potentially affected by the following security issues : - A denial of service vulnerability affects the JRE LDAP implementation. (254569). - A remote code execution vulnerability in the JRE LDAP implementation may allow for arbitrary code to be run in the context of the affected LDAP client. (254569) - There are multiple integer and buffer overflow vulnerabilities when unpacking applets and Java Web Start applications using the
    last seen2020-06-01
    modified2020-06-02
    plugin id64829
    published2013-02-22
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/64829
    titleSun Java JRE Multiple Vulnerabilities (254569 / 254611 / 254608 ..) (Unix)
  • NASL familyMisc.
    NASL idVMWARE_VMSA-2009-0016_REMOTE.NASL
    descriptionThe remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in the following components : - Apache Geronimo - Apache Tomcat - Apache Xerces2 - cURL/libcURL - ISC BIND - Libxml2 - Linux kernel - Linux kernel 64-bit - Linux kernel Common Internet File System - Linux kernel eCryptfs - NTP - Python - Java Runtime Environment (JRE) - Java SE Development Kit (JDK) - Java SE Abstract Window Toolkit (AWT) - Java SE Plugin - Java SE Provider - Java SE Swing - Java SE Web Start
    last seen2020-06-01
    modified2020-06-02
    plugin id89117
    published2016-03-03
    reporterThis script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/89117
    titleVMware ESX / ESXi Multiple Vulnerabilities (VMSA-2009-0016) (remote check)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_1_JAVA-1_6_0-SUN-090328.NASL
    descriptionThe Sun JDK 6 was updated to Update13 to fix various bugs and security issues. CVE-2009-1093: LdapCtx in the LDAP service in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier does not close the connection when initialization fails, which allows remote attackers to cause a denial of service (LDAP service hang). CVE-2009-1094: Unspecified vulnerability in the LDAP implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier allows remote LDAP servers to execute arbitrary code via unknown vectors related to serialized data. CVE-2009-1095: Integer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers. CVE-2009-1096: Buffer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers. CVE-2009-1097: Multiple buffer overflows in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allow remote attackers to access files or execute arbitrary code via a crafted (1) PNG image, aka CR 6804996, and (2) GIF image, aka CR 6804997. CVE-2009-1098: Buffer overflow in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files or execute arbitrary code via a crafted GIF image, aka CR 6804998. CVE-2009-1099: Integer signedness error in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a crafted Type1 font, which triggers a buffer overflow. CVE-2009-1100: Multiple unspecified vulnerabilities in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allow remote attackers to cause a denial of service (disk consumption) via vectors related to temporary font files and (1)
    last seen2020-06-01
    modified2020-06-02
    plugin id40242
    published2009-07-21
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40242
    titleopenSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-705)
  • NASL familyWindows
    NASL idSUN_JAVA_JRE_254569.NASL
    descriptionThe version of Sun Java Runtime Environment (JRE) installed on the remote host is earlier than 6 Update 13 / 5.0 Update 18 / 1.4.2_20 / 1.3.1_25. Such versions are potentially affected by the following security issues : - A denial of service vulnerability affects the JRE LDAP implementation. (254569). - A remote code execution vulnerability in the JRE LDAP implementation may allow for arbitrary code to be run in the context of the affected LDAP client. (254569) - There are multiple integer and buffer overflow vulnerabilities when unpacking applets and Java Web Start applications using the
    last seen2020-06-01
    modified2020-06-02
    plugin id36034
    published2009-03-27
    reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/36034
    titleSun Java JRE Multiple Vulnerabilities (254569 / 254611 / 254608 ..)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2009-0377.NASL
    descriptionUpdated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE) contains the software and tools that users need to run applications written using the Java programming language. A flaw was found in the way that the Java Virtual Machine (JVM) handled temporary font files. A malicious applet could use this flaw to use large amounts of disk space, causing a denial of service. (CVE-2006-2426) A memory leak flaw was found in LittleCMS (embedded in OpenJDK). An application using color profiles could use excessive amounts of memory, and possibly crash after using all available memory, if used to open specially crafted images. (CVE-2009-0581) Multiple integer overflow flaws which could lead to heap-based buffer overflows, as well as multiple insufficient input validation flaws, were found in the way LittleCMS handled color profiles. An attacker could use these flaws to create a specially crafted image file which could cause a Java application to crash or, possibly, execute arbitrary code when opened. (CVE-2009-0723, CVE-2009-0733) A NULL pointer dereference flaw was found in LittleCMS. An application using color profiles could crash while converting a specially crafted image file. (CVE-2009-0793) A flaw in the Java API for XML Web Services (JAX-WS) service endpoint handling could allow a remote attacker to cause a denial of service on the server application hosting the JAX-WS service endpoint. (CVE-2009-1101) A flaw in the way the Java Runtime Environment initialized LDAP connections could allow a remote, authenticated user to cause a denial of service on the LDAP service. (CVE-2009-1093) A flaw in the Java Runtime Environment LDAP client could allow malicious data from an LDAP server to cause arbitrary code to be loaded and then run on an LDAP client. (CVE-2009-1094) Several buffer overflow flaws were found in the Java Runtime Environment unpack200 functionality. An untrusted applet could extend its privileges, allowing it to read and write local files, as well as to execute local applications with the privileges of the user running the applet. (CVE-2009-1095, CVE-2009-1096) A flaw in the Java Runtime Environment Virtual Machine code generation functionality could allow untrusted applets to extend their privileges. An untrusted applet could extend its privileges, allowing it to read and write local files, as well as execute local applications with the privileges of the user running the applet. (CVE-2009-1102) A buffer overflow flaw was found in the splash screen processing. A remote attacker could extend privileges to read and write local files, as well as to execute local applications with the privileges of the user running the java process. (CVE-2009-1097) A buffer overflow flaw was found in how GIF images were processed. A remote attacker could extend privileges to read and write local files, as well as execute local applications with the privileges of the user running the java process. (CVE-2009-1098) Note: The flaws concerning applets in this advisory, CVE-2009-1095, CVE-2009-1096, and CVE-2009-1102, can only be triggered in java-1.6.0-openjdk by calling the
    last seen2020-06-01
    modified2020-06-02
    plugin id43736
    published2010-01-06
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/43736
    titleCentOS 5 : java-1.6.0-openjdk (CESA-2009:0377)

Oval

  • accepted2013-04-29T04:04:24.694-04:00
    classvulnerability
    contributors
    • nameAharon Chernin
      organizationSCAP.com, LLC
    • nameDragos Prisaca
      organizationG2, Inc.
    definition_extensions
    • commentThe operating system installed on the system is Red Hat Enterprise Linux 5
      ovaloval:org.mitre.oval:def:11414
    • commentThe operating system installed on the system is CentOS Linux 5.x
      ovaloval:org.mitre.oval:def:15802
    • commentOracle Linux 5.x
      ovaloval:org.mitre.oval:def:15459
    descriptionUnspecified vulnerability in the Virtual Machine in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to "code generation."
    familyunix
    idoval:org.mitre.oval:def:10300
    statusaccepted
    submitted2010-07-09T03:56:16-04:00
    titleUnspecified vulnerability in the Virtual Machine in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to "code generation."
    version18
  • accepted2014-01-20T04:01:28.898-05:00
    classvulnerability
    contributors
    • nameMichael Wood
      organizationHewlett-Packard
    • nameChris Coffin
      organizationThe MITRE Corporation
    definition_extensions
    • commentVMware ESX Server 3.5.0 is installed
      ovaloval:org.mitre.oval:def:5887
    • commentVMware ESX Server 4.0 is installed
      ovaloval:org.mitre.oval:def:6293
    descriptionUnspecified vulnerability in the Virtual Machine in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to "code generation."
    familyunix
    idoval:org.mitre.oval:def:6722
    statusaccepted
    submitted2009-11-30T15:39:02.000-04:00
    titleJava Runtime Environment (JRE) Virtual Machine Lets Remote Users Read/Write Files and Execute Local Applications
    version7

Redhat

advisories
  • bugzilla
    id492353
    titleCVE-2009-0793 lcms: Null pointer dereference (DoS) by handling transformations of monochrome profiles
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 5 is installed
        ovaloval:com.redhat.rhba:tst:20070331005
      • OR
        • AND
          • commentjava-1.6.0-openjdk-devel is earlier than 1:1.6.0.0-0.30.b09.el5
            ovaloval:com.redhat.rhsa:tst:20090377001
          • commentjava-1.6.0-openjdk-devel is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20090377002
        • AND
          • commentjava-1.6.0-openjdk-javadoc is earlier than 1:1.6.0.0-0.30.b09.el5
            ovaloval:com.redhat.rhsa:tst:20090377003
          • commentjava-1.6.0-openjdk-javadoc is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20090377004
        • AND
          • commentjava-1.6.0-openjdk-demo is earlier than 1:1.6.0.0-0.30.b09.el5
            ovaloval:com.redhat.rhsa:tst:20090377005
          • commentjava-1.6.0-openjdk-demo is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20090377006
        • AND
          • commentjava-1.6.0-openjdk is earlier than 1:1.6.0.0-0.30.b09.el5
            ovaloval:com.redhat.rhsa:tst:20090377007
          • commentjava-1.6.0-openjdk is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20090377008
        • AND
          • commentjava-1.6.0-openjdk-src is earlier than 1:1.6.0.0-0.30.b09.el5
            ovaloval:com.redhat.rhsa:tst:20090377009
          • commentjava-1.6.0-openjdk-src is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20090377010
    rhsa
    idRHSA-2009:0377
    released2009-04-07
    severityImportant
    titleRHSA-2009:0377: java-1.6.0-openjdk security update (Important)
  • rhsa
    idRHSA-2009:0392
rpms
  • java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5
  • java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5
  • java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5
  • java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5
  • java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5
  • java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5
  • java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4
  • java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5
  • java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4
  • java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5
  • java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4
  • java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5
  • java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4
  • java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5
  • java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4
  • java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5
  • java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4
  • java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5