Vulnerabilities > CVE-2009-3882 - Information Exposure vulnerability in SUN Jdk, JRE and Openjdk

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
sun
CWE-200
nessus

Summary

Multiple unspecified vulnerabilities in the Swing implementation in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and remote attack vectors, related to "information leaks in mutable variables," aka Bug Id 6657026.

Vulnerable Configurations

Part Description Count
Application
Sun
79

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Subverting Environment Variable Values
    The attacker directly or indirectly modifies environment variables used by or controlling the target software. The attacker's goal is to cause the target software to deviate from its expected operation in a manner that benefits the attacker.
  • Footprinting
    An attacker engages in probing and exploration activity to identify constituents and properties of the target. Footprinting is a general term to describe a variety of information gathering techniques, often used by attackers in preparation for some attack. It consists of using tools to learn as much as possible about the composition, configuration, and security mechanisms of the targeted application, system or network. Information that might be collected during a footprinting effort could include open ports, applications and their versions, network topology, and similar information. While footprinting is not intended to be damaging (although certain activities, such as network scans, can sometimes cause disruptions to vulnerable applications inadvertently) it may often pave the way for more damaging attacks.
  • Exploiting Trust in Client (aka Make the Client Invisible)
    An attack of this type exploits a programs' vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by placing themselves in the communication channel between client and server such that communication directly to the server is possible where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
  • Browser Fingerprinting
    An attacker carefully crafts small snippets of Java Script to efficiently detect the type of browser the potential victim is using. Many web-based attacks need prior knowledge of the web browser including the version of browser to ensure successful exploitation of a vulnerability. Having this knowledge allows an attacker to target the victim with attacks that specifically exploit known or zero day weaknesses in the type and version of the browser used by the victim. Automating this process via Java Script as a part of the same delivery system used to exploit the browser is considered more efficient as the attacker can supply a browser fingerprinting method and integrate it with exploit code, all contained in Java Script and in response to the same web page request by the browser.
  • Session Credential Falsification through Prediction
    This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.

Nessus

  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20091109_JAVA__JDK_1_6_0__ON_SL4_X.NASL
    descriptionCVE-2009-2409 deprecate MD2 in SSL cert validation (Kaminsky) CVE-2009-3873 OpenJDK JPEG Image Writer quantization problem (6862968) CVE-2009-3875 OpenJDK MessageDigest.isEqual introduces timing attack vulnerabilities (6863503) CVE-2009-3876 OpenJDK ASN.1/DER input stream parser denial of service (6864911) CVE-2009-3877 CVE-2009-3869 OpenJDK JRE AWT setDifflCM stack overflow (6872357) CVE-2009-3871 OpenJDK JRE AWT setBytePixels heap overflow (6872358) CVE-2009-3874 OpenJDK ImageI/O JPEG heap overflow (6874643) CVE-2009-3728 OpenJDK ICC_Profile file existence detection information leak (6631533) CVE-2009-3881 OpenJDK resurrected classloaders can still have children (6636650) CVE-2009-3882 CVE-2009-3883 OpenJDK information leaks in mutable variables (6657026,6657138) CVE-2009-3880 OpenJDK UI logging information leakage(6664512) CVE-2009-3879 OpenJDK GraphicsConfiguration information leak(6822057) CVE-2009-3884 OpenJDK zoneinfo file existence information leak (6824265) CVE-2009-3729 JRE TrueType font parsing crash (6815780) CVE-2009-3872 JRE JPEG JFIF Decoder issue (6862969) CVE-2009-3886 JRE REGRESSION:have problem to run JNLP app and applets with signed Jar files (6870531) CVE-2009-3865 java-1.6.0-sun: ACE in JRE Deployment Toolkit (6869752) CVE-2009-3866 java-1.6.0-sun: Privilege escalation in the Java Web Start Installer (6872824) CVE-2009-3867 java-1.5.0-sun, java-1.6.0-sun: Stack-based buffer overflow via a long file: URL argument (6854303) CVE-2009-3868 java-1.5.0-sun, java-1.6.0-sun: Privilege escalation via crafted image file due improper color profiles parsing (6862970) This update fixes several vulnerabilities in the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. These vulnerabilities are summarized on the
    last seen2020-06-01
    modified2020-06-02
    plugin id60691
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60691
    titleScientific Linux Security Update : java (jdk 1.6.0) on SL4.x, SL5.x i386/x86_64
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text is (C) Scientific Linux.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(60691);
      script_version("1.8");
      script_cvs_date("Date: 2019/10/25 13:36:18");
    
      script_cve_id("CVE-2009-2409", "CVE-2009-3728", "CVE-2009-3729", "CVE-2009-3865", "CVE-2009-3866", "CVE-2009-3867", "CVE-2009-3868", "CVE-2009-3869", "CVE-2009-3871", "CVE-2009-3872", "CVE-2009-3873", "CVE-2009-3874", "CVE-2009-3875", "CVE-2009-3876", "CVE-2009-3877", "CVE-2009-3879", "CVE-2009-3880", "CVE-2009-3881", "CVE-2009-3882", "CVE-2009-3883", "CVE-2009-3884", "CVE-2009-3886");
    
      script_name(english:"Scientific Linux Security Update : java (jdk 1.6.0) on SL4.x, SL5.x i386/x86_64");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Scientific Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "CVE-2009-2409 deprecate MD2 in SSL cert validation (Kaminsky)
    
    CVE-2009-3873 OpenJDK JPEG Image Writer quantization problem (6862968)
    
    CVE-2009-3875 OpenJDK MessageDigest.isEqual introduces timing attack
    vulnerabilities (6863503)
    
    CVE-2009-3876 OpenJDK ASN.1/DER input stream parser denial of service
    (6864911) CVE-2009-3877
    
    CVE-2009-3869 OpenJDK JRE AWT setDifflCM stack overflow (6872357)
    
    CVE-2009-3871 OpenJDK JRE AWT setBytePixels heap overflow (6872358)
    
    CVE-2009-3874 OpenJDK ImageI/O JPEG heap overflow (6874643)
    
    CVE-2009-3728 OpenJDK ICC_Profile file existence detection information
    leak (6631533)
    
    CVE-2009-3881 OpenJDK resurrected classloaders can still have children
    (6636650)
    
    CVE-2009-3882 CVE-2009-3883 OpenJDK information leaks in mutable
    variables (6657026,6657138)
    
    CVE-2009-3880 OpenJDK UI logging information leakage(6664512)
    
    CVE-2009-3879 OpenJDK GraphicsConfiguration information leak(6822057)
    
    CVE-2009-3884 OpenJDK zoneinfo file existence information leak
    (6824265)
    
    CVE-2009-3729 JRE TrueType font parsing crash (6815780)
    
    CVE-2009-3872 JRE JPEG JFIF Decoder issue (6862969)
    
    CVE-2009-3886 JRE REGRESSION:have problem to run JNLP app and applets
    with signed Jar files (6870531)
    
    CVE-2009-3865 java-1.6.0-sun: ACE in JRE Deployment Toolkit (6869752)
    
    CVE-2009-3866 java-1.6.0-sun: Privilege escalation in the Java Web
    Start Installer (6872824)
    
    CVE-2009-3867 java-1.5.0-sun, java-1.6.0-sun: Stack-based buffer
    overflow via a long file: URL argument (6854303)
    
    CVE-2009-3868 java-1.5.0-sun, java-1.6.0-sun: Privilege escalation via
    crafted image file due improper color profiles parsing (6862970)
    
    This update fixes several vulnerabilities in the Sun Java 6 Runtime
    Environment and the Sun Java 6 Software Development Kit. These
    vulnerabilities are summarized on the 'Advance notification of
    Security Updates for Java SE' page from Sun Microsystems, listed in
    the References section. (CVE-2009-2409, CVE-2009-3728, CVE-2009-3729,
    
    CVE-2009-3865, CVE-2009-3866, CVE-2009-3867, CVE-2009-3868,
    
    CVE-2009-3869, CVE-2009-3871, CVE-2009-3872, CVE-2009-3873,
    
    CVE-2009-3874, CVE-2009-3875, CVE-2009-3876, CVE-2009-3877,
    
    CVE-2009-3879, CVE-2009-3880, CVE-2009-3881, CVE-2009-3882,
    
    CVE-2009-3883, CVE-2009-3884, CVE-2009-3886)
    
    All running instances of Sun Java must be restarted for the update to
    take effect."
      );
      # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0911&L=scientific-linux-errata&T=0&P=2369
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?6a7a8b8a"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected java-1.6.0-sun-compat and / or jdk packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Sun Java JRE AWT setDiffICM Buffer Overflow');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
      script_cwe_id(22, 94, 119, 189, 200, 264, 310, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2009/07/30");
      script_set_attribute(attribute:"patch_publication_date", value:"2009/11/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Scientific Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"SL4", reference:"java-1.6.0-sun-compat-1.6.0.17-1.sl4.jpp")) flag++;
    if (rpm_check(release:"SL4", reference:"jdk-1.6.0_17-fcs")) flag++;
    
    if (rpm_check(release:"SL5", cpu:"i386", reference:"java-1.6.0-sun-compat-1.6.0.17-3.sl5.jpp")) flag++;
    if (rpm_check(release:"SL5", cpu:"i386", reference:"jdk-1.6.0_17-fcs")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2009-1571.NASL
    descriptionUpdated java-1.5.0-sun packages that correct several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. The Sun 1.5.0 Java release includes the Sun Java 5 Runtime Environment and the Sun Java 5 Software Development Kit. This update fixes several vulnerabilities in the Sun Java 5 Runtime Environment and the Sun Java 5 Software Development Kit. These vulnerabilities are summarized on the
    last seen2020-06-01
    modified2020-06-02
    plugin id42455
    published2009-11-11
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/42455
    titleRHEL 4 / 5 : java-1.5.0-sun (RHSA-2009:1571)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2009:1571. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(42455);
      script_version ("1.32");
      script_cvs_date("Date: 2019/10/25 13:36:14");
    
      script_cve_id("CVE-2009-2409", "CVE-2009-3728", "CVE-2009-3867", "CVE-2009-3868", "CVE-2009-3869", "CVE-2009-3871", "CVE-2009-3873", "CVE-2009-3874", "CVE-2009-3875", "CVE-2009-3876", "CVE-2009-3877", "CVE-2009-3879", "CVE-2009-3880", "CVE-2009-3881", "CVE-2009-3882", "CVE-2009-3883", "CVE-2009-3884", "CVE-2010-0079");
      script_bugtraq_id(36881);
      script_xref(name:"RHSA", value:"2009:1571");
    
      script_name(english:"RHEL 4 / 5 : java-1.5.0-sun (RHSA-2009:1571)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated java-1.5.0-sun packages that correct several security issues
    are now available for Red Hat Enterprise Linux 4 Extras and 5
    Supplementary.
    
    This update has been rated as having critical security impact by the
    Red Hat Security Response Team.
    
    The Sun 1.5.0 Java release includes the Sun Java 5 Runtime Environment
    and the Sun Java 5 Software Development Kit.
    
    This update fixes several vulnerabilities in the Sun Java 5 Runtime
    Environment and the Sun Java 5 Software Development Kit. These
    vulnerabilities are summarized on the 'Advance notification of
    Security Updates for Java SE' page from Sun Microsystems, listed in
    the References section. (CVE-2009-2409, CVE-2009-3728, CVE-2009-3873,
    CVE-2009-3876, CVE-2009-3877, CVE-2009-3879, CVE-2009-3880,
    CVE-2009-3881, CVE-2009-3882, CVE-2009-3883, CVE-2009-3884)
    
    Note: This is the final update for the java-1.5.0-sun packages, as the
    Sun Java SE Release family 5.0 has now reached End of Service Life.
    The next update will remove the java-1.5.0-sun packages.
    
    An alternative to Sun Java SE 5.0 is the Java 2 Technology Edition of
    the IBM Developer Kit for Linux, which is available from the Extras
    and Supplementary channels on the Red Hat Network. For users of
    applications that are capable of using the Java 6 runtime, the OpenJDK
    open source JDK is included in Red Hat Enterprise Linux 5 (since 5.3)
    and is supported by Red Hat.
    
    Users of java-1.5.0-sun should upgrade to these updated packages,
    which correct these issues. All running instances of Sun Java must be
    restarted for the update to take effect."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2009-2409"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2009-3728"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2009-3867"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2009-3868"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2009-3869"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2009-3871"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2009-3873"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2009-3874"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2009-3875"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2009-3876"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2009-3877"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2009-3879"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2009-3880"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2009-3881"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2009-3882"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2009-3883"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2009-3884"
      );
      # http://blogs.sun.com/security/entry/advance_notification_of_security_updates6
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?6212b694"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2009:1571"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Sun Java JRE AWT setDiffICM Buffer Overflow');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
      script_cwe_id(22, 119, 189, 200, 264, 310, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun-demo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun-jdbc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun-plugin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun-src");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4.8");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5.4");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2009/07/30");
      script_set_attribute(attribute:"patch_publication_date", value:"2009/11/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/11/11");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(4|5)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 4.x / 5.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2009:1571";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL4", cpu:"i586", reference:"java-1.5.0-sun-1.5.0.22-1jpp.1.el4")) flag++;
    
      if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"java-1.5.0-sun-1.5.0.22-1jpp.1.el4")) flag++;
    
      if (rpm_check(release:"RHEL4", cpu:"i586", reference:"java-1.5.0-sun-demo-1.5.0.22-1jpp.1.el4")) flag++;
    
      if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"java-1.5.0-sun-demo-1.5.0.22-1jpp.1.el4")) flag++;
    
      if (rpm_check(release:"RHEL4", cpu:"i586", reference:"java-1.5.0-sun-devel-1.5.0.22-1jpp.1.el4")) flag++;
    
      if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"java-1.5.0-sun-devel-1.5.0.22-1jpp.1.el4")) flag++;
    
      if (rpm_check(release:"RHEL4", cpu:"i586", reference:"java-1.5.0-sun-jdbc-1.5.0.22-1jpp.1.el4")) flag++;
    
      if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"java-1.5.0-sun-jdbc-1.5.0.22-1jpp.1.el4")) flag++;
    
      if (rpm_check(release:"RHEL4", cpu:"i586", reference:"java-1.5.0-sun-plugin-1.5.0.22-1jpp.1.el4")) flag++;
    
      if (rpm_check(release:"RHEL4", cpu:"i586", reference:"java-1.5.0-sun-src-1.5.0.22-1jpp.1.el4")) flag++;
    
      if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"java-1.5.0-sun-src-1.5.0.22-1jpp.1.el4")) flag++;
    
    
      if (rpm_check(release:"RHEL5", cpu:"i586", reference:"java-1.5.0-sun-1.5.0.22-1jpp.1.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.5.0-sun-1.5.0.22-1jpp.1.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"i586", reference:"java-1.5.0-sun-demo-1.5.0.22-1jpp.1.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.5.0-sun-demo-1.5.0.22-1jpp.1.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"i586", reference:"java-1.5.0-sun-devel-1.5.0.22-1jpp.1.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.5.0-sun-devel-1.5.0.22-1jpp.1.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"i586", reference:"java-1.5.0-sun-jdbc-1.5.0.22-1jpp.1.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.5.0-sun-jdbc-1.5.0.22-1jpp.1.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"i586", reference:"java-1.5.0-sun-plugin-1.5.0.22-1jpp.1.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"i586", reference:"java-1.5.0-sun-src-1.5.0.22-1jpp.1.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.5.0-sun-src-1.5.0.22-1jpp.1.el5")) flag++;
    
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1.5.0-sun / java-1.5.0-sun-demo / java-1.5.0-sun-devel / etc");
      }
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2009-1584.NASL
    descriptionUpdated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE) contains the software and tools that users need to run applications written using the Java programming language. An integer overflow flaw and buffer overflow flaws were found in the way the JRE processed image files. An untrusted applet or application could use these flaws to extend its privileges, allowing it to read and write local files, as well as to execute local applications with the privileges of the user running the applet or application. (CVE-2009-3869, CVE-2009-3871, CVE-2009-3873, CVE-2009-3874) An information leak was found in the JRE. An untrusted applet or application could use this flaw to extend its privileges, allowing it to read and write local files, as well as to execute local applications with the privileges of the user running the applet or application. (CVE-2009-3881) It was discovered that the JRE still accepts certificates with MD2 hash signatures, even though MD2 is no longer considered a cryptographically strong algorithm. This could make it easier for an attacker to create a malicious certificate that would be treated as trusted by the JRE. With this update, the JRE disables the use of the MD2 algorithm inside signatures by default. (CVE-2009-2409) A timing attack flaw was found in the way the JRE processed HMAC digests. This flaw could aid an attacker using forged digital signatures to bypass authentication checks. (CVE-2009-3875) Two denial of service flaws were found in the JRE. These could be exploited in server-side application scenarios that process DER-encoded (Distinguished Encoding Rules) data. (CVE-2009-3876, CVE-2009-3877) An information leak was found in the way the JRE handled color profiles. An attacker could use this flaw to discover the existence of files outside of the color profiles directory. (CVE-2009-3728) A flaw in the JRE with passing arrays to the X11GraphicsDevice API was found. An untrusted applet or application could use this flaw to access and modify the list of supported graphics configurations. This flaw could also lead to sensitive information being leaked to unprivileged code. (CVE-2009-3879) It was discovered that the JRE passed entire objects to the logging API. This could lead to sensitive information being leaked to either untrusted or lower-privileged code from an attacker-controlled applet which has access to the logging API and is therefore able to manipulate (read and/or call) the passed objects. (CVE-2009-3880) Potential information leaks were found in various mutable static variables. These could be exploited in application scenarios that execute untrusted scripting code. (CVE-2009-3882, CVE-2009-3883) An information leak was found in the way the TimeZone.getTimeZone method was handled. This method could load time zone files that are outside of the [JRE_HOME]/lib/zi/ directory, allowing a remote attacker to probe the local file system. (CVE-2009-3884) Note: The flaws concerning applets in this advisory, CVE-2009-3869, CVE-2009-3871, CVE-2009-3873, CVE-2009-3874, CVE-2009-3879, CVE-2009-3880, CVE-2009-3881 and CVE-2009-3884, can only be triggered in java-1.6.0-openjdk by calling the
    last seen2020-06-01
    modified2020-06-02
    plugin id42828
    published2009-11-17
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/42828
    titleRHEL 5 : java-1.6.0-openjdk (RHSA-2009:1584)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2009:1584. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(42828);
      script_version ("1.30");
      script_cvs_date("Date: 2019/10/25 13:36:14");
    
      script_cve_id("CVE-2009-2409", "CVE-2009-3728", "CVE-2009-3869", "CVE-2009-3871", "CVE-2009-3873", "CVE-2009-3874", "CVE-2009-3875", "CVE-2009-3876", "CVE-2009-3877", "CVE-2009-3879", "CVE-2009-3880", "CVE-2009-3881", "CVE-2009-3882", "CVE-2009-3883", "CVE-2009-3884", "CVE-2010-0079");
      script_bugtraq_id(36881);
      script_xref(name:"RHSA", value:"2009:1584");
    
      script_name(english:"RHEL 5 : java-1.6.0-openjdk (RHSA-2009:1584)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated java-1.6.0-openjdk packages that fix several security issues
    are now available for Red Hat Enterprise Linux 5.
    
    This update has been rated as having important security impact by the
    Red Hat Security Response Team.
    
    These packages provide the OpenJDK 6 Java Runtime Environment and the
    OpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE)
    contains the software and tools that users need to run applications
    written using the Java programming language.
    
    An integer overflow flaw and buffer overflow flaws were found in the
    way the JRE processed image files. An untrusted applet or application
    could use these flaws to extend its privileges, allowing it to read
    and write local files, as well as to execute local applications with
    the privileges of the user running the applet or application.
    (CVE-2009-3869, CVE-2009-3871, CVE-2009-3873, CVE-2009-3874)
    
    An information leak was found in the JRE. An untrusted applet or
    application could use this flaw to extend its privileges, allowing it
    to read and write local files, as well as to execute local
    applications with the privileges of the user running the applet or
    application. (CVE-2009-3881)
    
    It was discovered that the JRE still accepts certificates with MD2
    hash signatures, even though MD2 is no longer considered a
    cryptographically strong algorithm. This could make it easier for an
    attacker to create a malicious certificate that would be treated as
    trusted by the JRE. With this update, the JRE disables the use of the
    MD2 algorithm inside signatures by default. (CVE-2009-2409)
    
    A timing attack flaw was found in the way the JRE processed HMAC
    digests. This flaw could aid an attacker using forged digital
    signatures to bypass authentication checks. (CVE-2009-3875)
    
    Two denial of service flaws were found in the JRE. These could be
    exploited in server-side application scenarios that process
    DER-encoded (Distinguished Encoding Rules) data. (CVE-2009-3876,
    CVE-2009-3877)
    
    An information leak was found in the way the JRE handled color
    profiles. An attacker could use this flaw to discover the existence of
    files outside of the color profiles directory. (CVE-2009-3728)
    
    A flaw in the JRE with passing arrays to the X11GraphicsDevice API was
    found. An untrusted applet or application could use this flaw to
    access and modify the list of supported graphics configurations. This
    flaw could also lead to sensitive information being leaked to
    unprivileged code. (CVE-2009-3879)
    
    It was discovered that the JRE passed entire objects to the logging
    API. This could lead to sensitive information being leaked to either
    untrusted or lower-privileged code from an attacker-controlled applet
    which has access to the logging API and is therefore able to
    manipulate (read and/or call) the passed objects. (CVE-2009-3880)
    
    Potential information leaks were found in various mutable static
    variables. These could be exploited in application scenarios that
    execute untrusted scripting code. (CVE-2009-3882, CVE-2009-3883)
    
    An information leak was found in the way the TimeZone.getTimeZone
    method was handled. This method could load time zone files that are
    outside of the [JRE_HOME]/lib/zi/ directory, allowing a remote
    attacker to probe the local file system. (CVE-2009-3884)
    
    Note: The flaws concerning applets in this advisory, CVE-2009-3869,
    CVE-2009-3871, CVE-2009-3873, CVE-2009-3874, CVE-2009-3879,
    CVE-2009-3880, CVE-2009-3881 and CVE-2009-3884, can only be triggered
    in java-1.6.0-openjdk by calling the 'appletviewer' application.
    
    All users of java-1.6.0-openjdk are advised to upgrade to these
    updated packages, which resolve these issues. All running instances of
    OpenJDK Java must be restarted for the update to take effect."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2009-2409"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2009-3728"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2009-3869"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2009-3871"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2009-3873"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2009-3874"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2009-3875"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2009-3876"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2009-3877"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2009-3879"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2009-3880"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2009-3881"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2009-3882"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2009-3883"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2009-3884"
      );
      # http://blogs.sun.com/security/entry/advance_notification_of_security_updates6
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?6212b694"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2009:1584"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Sun Java JRE AWT setDiffICM Buffer Overflow');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_cwe_id(22, 119, 189, 200, 264, 310, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-demo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-javadoc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-src");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5.4");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2009/07/30");
      script_set_attribute(attribute:"patch_publication_date", value:"2009/11/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/11/17");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2009:1584";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"java-1.6.0-openjdk-1.6.0.0-1.7.b09.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.6.0-openjdk-1.6.0.0-1.7.b09.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"java-1.6.0-openjdk-demo-1.6.0.0-1.7.b09.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.6.0-openjdk-demo-1.6.0.0-1.7.b09.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"java-1.6.0-openjdk-devel-1.6.0.0-1.7.b09.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.6.0-openjdk-devel-1.6.0.0-1.7.b09.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"java-1.6.0-openjdk-javadoc-1.6.0.0-1.7.b09.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.6.0-openjdk-javadoc-1.6.0.0-1.7.b09.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"java-1.6.0-openjdk-src-1.6.0.0-1.7.b09.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.6.0-openjdk-src-1.6.0.0-1.7.b09.el5")) flag++;
    
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1.6.0-openjdk / java-1.6.0-openjdk-demo / etc");
      }
    }
    
  • NASL familyVMware ESX Local Security Checks
    NASL idVMWARE_VMSA-2010-0002_REMOTE.NASL
    descriptionThe remote VMware ESX host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in the bundled version of the Java Runtime Environment (JRE).
    last seen2020-06-01
    modified2020-06-02
    plugin id89736
    published2016-03-08
    reporterThis script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/89736
    titleVMware ESX Java Runtime Environment (JRE) Multiple Vulnerabilities (VMSA-2010-0002) (remote check)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(89736);
      script_version("1.5");
      script_cvs_date("Date: 2018/08/06 14:03:16");
    
      script_cve_id(
        "CVE-2009-1093",
        "CVE-2009-1094",
        "CVE-2009-1095",
        "CVE-2009-1096",
        "CVE-2009-1097",
        "CVE-2009-1098",
        "CVE-2009-1099",
        "CVE-2009-1100",
        "CVE-2009-1101",
        "CVE-2009-1102",
        "CVE-2009-1103",
        "CVE-2009-1104",
        "CVE-2009-1105",
        "CVE-2009-1106",
        "CVE-2009-1107",
        "CVE-2009-2625",
        "CVE-2009-2670",
        "CVE-2009-2671",
        "CVE-2009-2672",
        "CVE-2009-2673",
        "CVE-2009-2675",
        "CVE-2009-2676",
        "CVE-2009-2716",
        "CVE-2009-2718",
        "CVE-2009-2719",
        "CVE-2009-2720",
        "CVE-2009-2721",
        "CVE-2009-2722",
        "CVE-2009-2723",
        "CVE-2009-2724",
        "CVE-2009-3728",
        "CVE-2009-3729",
        "CVE-2009-3864",
        "CVE-2009-3865",
        "CVE-2009-3866",
        "CVE-2009-3867",
        "CVE-2009-3868",
        "CVE-2009-3869",
        "CVE-2009-3871",
        "CVE-2009-3872",
        "CVE-2009-3873",
        "CVE-2009-3874",
        "CVE-2009-3875",
        "CVE-2009-3876",
        "CVE-2009-3877",
        "CVE-2009-3879",
        "CVE-2009-3880",
        "CVE-2009-3881",
        "CVE-2009-3882",
        "CVE-2009-3883",
        "CVE-2009-3884",
        "CVE-2009-3885",
        "CVE-2009-3886"
      );
      script_bugtraq_id(
        34240,
        35922,
        35939,
        35943,
        35944,
        35946,
        35958,
        36881
      );
      script_xref(name:"VMSA", value:"2010-0002");
    
      script_name(english:"VMware ESX Java Runtime Environment (JRE) Multiple Vulnerabilities (VMSA-2010-0002) (remote check)");
      script_summary(english:"Checks the ESX / ESXi version and build number.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote VMware ESX host is missing a security-related patch.");
      script_set_attribute(attribute:"description", value:
    "The remote VMware ESX host is missing a security-related patch. It is,
    therefore, affected by multiple vulnerabilities, including remote code
    execution vulnerabilities, in the bundled version of the Java Runtime
    Environment (JRE).");
      script_set_attribute(attribute:"see_also", value:"https://www.vmware.com/security/advisories/VMSA-2010-0002");
      script_set_attribute(attribute:"see_also", value:"http://lists.vmware.com/pipermail/security-announce/2010/000097.html");
      script_set_attribute(attribute:"solution", value:
    "Apply the appropriate patch according to the vendor advisory that
    pertains to ESX version 3.5 / 4.0.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Sun Java JRE AWT setDiffICM Buffer Overflow');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
      script_cwe_id(16, 20, 22, 94, 119, 189, 200, 264, 310, 362, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2009/03/23");
      script_set_attribute(attribute:"patch_publication_date", value:"2010/01/29");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/03/08");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.");
      script_family(english:"VMware ESX Local Security Checks");
    
      script_dependencies("vmware_vsphere_detect.nbin");
      script_require_keys("Host/VMware/version", "Host/VMware/release");
      script_require_ports("Host/VMware/vsphere");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    
    ver = get_kb_item_or_exit("Host/VMware/version");
    rel = get_kb_item_or_exit("Host/VMware/release");
    port = get_kb_item_or_exit("Host/VMware/vsphere");
    esx = '';
    
    if ("ESX" >!< rel)
      audit(AUDIT_OS_NOT, "VMware ESX/ESXi");
    
    extract = eregmatch(pattern:"^(ESXi?) (\d\.\d).*$", string:ver);
    if (isnull(extract))
      audit(AUDIT_UNKNOWN_APP_VER, "VMware ESX/ESXi");
    else
    {
      esx = extract[1];
      ver = extract[2];
    }
    
    # fixed build numbers are the same for ESX and ESXi
    fixes = make_array(
              "3.5", "227413",
              "4.0", "256968"
            );
    
    fix = FALSE;
    fix = fixes[ver];
    
    # get the build before checking the fix for the most complete audit trail
    extract = eregmatch(pattern:'^VMware ESXi?.* build-([0-9]+)$', string:rel);
    if (isnull(extract))
      audit(AUDIT_UNKNOWN_BUILD, "VMware " + esx, ver);
    
    build = int(extract[1]);
    
    # if there is no fix in the array, fix is FALSE
    if (!fix)
      audit(AUDIT_INST_VER_NOT_VULN, "VMware " + esx, ver, build);
    
    if (build < fix)
    {
    
      report = '\n  Version         : ' + esx + " " + ver +
               '\n  Installed build : ' + build +
               '\n  Fixed build     : ' + fix +
               '\n';
      security_report_v4(port:port, extra:report, severity:SECURITY_HOLE);
      exit(0);
    }
    else
      audit(AUDIT_INST_VER_NOT_VULN, "VMware " + esx, ver, build);
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_0_JAVA-1_6_0-OPENJDK-091125.NASL
    descriptionNew icedtea update to fix : - ICC_Profile file existence detection information leak; CVE-2009-3728: CVSS v2 Base Score: 5.0 - BMP parsing DoS with UNC ICC links; CVE-2009-3885: CVSS v2 Base Score: 5.0 - resurrected classloaders can still have children; CVE-2009-3881: CVSS v2 Base Score: 7.5 - Numerous static security flaws in Swing; CVE-2009-3882: CVSS v2 Base Score: 7.5 - Mutable statics in Windows PL&F; CVE-2009-3883: CVSS v2 Base Score: 7.5 - UI logging information leakage; CVE-2009-3880: CVSS v2 Base Score: 5.0 - GraphicsConfiguration information leak; CVE-2009-3879: CVSS v2 Base Score: 7.5 - zoneinfo file existence information leak; CVE-2009-3884: CVSS v2 Base Score: 5.0 - deprecate MD2 in SSL cert validation; CVE-2009-2409: CVSS v2 Base Score: 6.4 - JPEG Image Writer quantization problem; CVE-2009-3873: CVSS v2 Base Score: 9.3 - MessageDigest.isEqual introduces timing attack vulnerabilities; CVE-2009-3875: CVSS v2 Base Score: 5.0 - OpenJDK ASN.1/DER input stream parser denial of service; CVE-2009-3876,CVE-2009-3877: CVSS v2 Base Score: 5.0 - JRE AWT setDifflCM stack overflow; CVE-2009-3869: CVSS v2 Base Score: 9.3 - ImageI/O JPEG heap overflow; CVE-2009-3874: CVSS v2 Base Score: 9.3 - JRE AWT setBytePixels heap overflow; CVE-2009-3871: CVSS v2 Base Score: 9.3
    last seen2020-06-01
    modified2020-06-02
    plugin id42921
    published2009-11-30
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/42921
    titleopenSUSE Security Update : java-1_6_0-openjdk (java-1_6_0-openjdk-1613)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update java-1_6_0-openjdk-1613.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(42921);
      script_version("1.13");
      script_cvs_date("Date: 2019/10/25 13:36:34");
    
      script_cve_id("CVE-2009-2409", "CVE-2009-3728", "CVE-2009-3869", "CVE-2009-3871", "CVE-2009-3873", "CVE-2009-3874", "CVE-2009-3875", "CVE-2009-3876", "CVE-2009-3877", "CVE-2009-3879", "CVE-2009-3880", "CVE-2009-3881", "CVE-2009-3882", "CVE-2009-3883", "CVE-2009-3884", "CVE-2009-3885");
    
      script_name(english:"openSUSE Security Update : java-1_6_0-openjdk (java-1_6_0-openjdk-1613)");
      script_summary(english:"Check for the java-1_6_0-openjdk-1613 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "New icedtea update to fix :
    
      - ICC_Profile file existence detection information leak;
        CVE-2009-3728: CVSS v2 Base Score: 5.0
    
      - BMP parsing DoS with UNC ICC links; CVE-2009-3885: CVSS
        v2 Base Score: 5.0
    
      - resurrected classloaders can still have children;
        CVE-2009-3881: CVSS v2 Base Score: 7.5
    
      - Numerous static security flaws in Swing; CVE-2009-3882:
        CVSS v2 Base Score: 7.5
    
      - Mutable statics in Windows PL&F; CVE-2009-3883: CVSS v2
        Base Score: 7.5
    
      - UI logging information leakage; CVE-2009-3880: CVSS v2
        Base Score: 5.0
    
      - GraphicsConfiguration information leak; CVE-2009-3879:
        CVSS v2 Base Score: 7.5
    
      - zoneinfo file existence information leak; CVE-2009-3884:
        CVSS v2 Base Score: 5.0
    
      - deprecate MD2 in SSL cert validation; CVE-2009-2409:
        CVSS v2 Base Score: 6.4
    
      - JPEG Image Writer quantization problem; CVE-2009-3873:
        CVSS v2 Base Score: 9.3
    
      - MessageDigest.isEqual introduces timing attack
        vulnerabilities; CVE-2009-3875: CVSS v2 Base Score: 5.0
    
      - OpenJDK ASN.1/DER input stream parser denial of service;
        CVE-2009-3876,CVE-2009-3877: CVSS v2 Base Score: 5.0
    
      - JRE AWT setDifflCM stack overflow; CVE-2009-3869: CVSS
        v2 Base Score: 9.3
    
      - ImageI/O JPEG heap overflow; CVE-2009-3874: CVSS v2 Base
        Score: 9.3
    
      - JRE AWT setBytePixels heap overflow; CVE-2009-3871: CVSS
        v2 Base Score: 9.3"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=554069"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected java-1_6_0-openjdk packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Sun Java JRE AWT setDiffICM Buffer Overflow');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_cwe_id(22, 119, 189, 200, 264, 310, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-demo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-javadoc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-plugin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-src");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2009/11/25");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/11/30");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE11\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.0", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE11.0", reference:"java-1_6_0-openjdk-1.6.2_b16-0.1") ) flag++;
    if ( rpm_check(release:"SUSE11.0", reference:"java-1_6_0-openjdk-demo-1.6.2_b16-0.1") ) flag++;
    if ( rpm_check(release:"SUSE11.0", reference:"java-1_6_0-openjdk-devel-1.6.2_b16-0.1") ) flag++;
    if ( rpm_check(release:"SUSE11.0", reference:"java-1_6_0-openjdk-javadoc-1.6.2_b16-0.1") ) flag++;
    if ( rpm_check(release:"SUSE11.0", reference:"java-1_6_0-openjdk-plugin-1.6.2_b16-0.1") ) flag++;
    if ( rpm_check(release:"SUSE11.0", reference:"java-1_6_0-openjdk-src-1.6.2_b16-0.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1_6_0-openjdk");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_2_JAVA-1_6_0-OPENJDK-091127.NASL
    descriptionNew icedtea update to fix : - ICC_Profile file existence detection information leak; CVE-2009-3728: CVSS v2 Base Score: 5.0 - BMP parsing DoS with UNC ICC links; CVE-2009-3885: CVSS v2 Base Score: 5.0 - resurrected classloaders can still have children; CVE-2009-3881: CVSS v2 Base Score: 7.5 - Numerous static security flaws in Swing; CVE-2009-3882: CVSS v2 Base Score: 7.5 - Mutable statics in Windows PL&F; CVE-2009-3883: CVSS v2 Base Score: 7.5 - UI logging information leakage; CVE-2009-3880: CVSS v2 Base Score: 5.0 - GraphicsConfiguration information leak; CVE-2009-3879: CVSS v2 Base Score: 7.5 - zoneinfo file existence information leak; CVE-2009-3884: CVSS v2 Base Score: 5.0 - deprecate MD2 in SSL cert validation; CVE-2009-2409: CVSS v2 Base Score: 6.4 - JPEG Image Writer quantization problem; CVE-2009-3873: CVSS v2 Base Score: 9.3 - MessageDigest.isEqual introduces timing attack vulnerabilities; CVE-2009-3875: CVSS v2 Base Score: 5.0 - OpenJDK ASN.1/DER input stream parser denial of service; CVE-2009-3876,CVE-2009-3877: CVSS v2 Base Score: 5.0 - JRE AWT setDifflCM stack overflow; CVE-2009-3869: CVSS v2 Base Score: 9.3 - ImageI/O JPEG heap overflow; CVE-2009-3874: CVSS v2 Base Score: 9.3 - JRE AWT setBytePixels heap overflow; CVE-2009-3871: CVSS v2 Base Score: 9.3
    last seen2020-06-01
    modified2020-06-02
    plugin id42926
    published2009-11-30
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/42926
    titleopenSUSE Security Update : java-1_6_0-openjdk (java-1_6_0-openjdk-1613)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2009-1560.NASL
    descriptionUpdated java-1.6.0-sun packages that correct several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. This update fixes several vulnerabilities in the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. These vulnerabilities are summarized on the
    last seen2020-06-01
    modified2020-06-02
    plugin id42431
    published2009-11-10
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/42431
    titleRHEL 4 / 5 : java-1.6.0-sun (RHSA-2009:1560)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2009-1584.NASL
    descriptionUpdated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE) contains the software and tools that users need to run applications written using the Java programming language. An integer overflow flaw and buffer overflow flaws were found in the way the JRE processed image files. An untrusted applet or application could use these flaws to extend its privileges, allowing it to read and write local files, as well as to execute local applications with the privileges of the user running the applet or application. (CVE-2009-3869, CVE-2009-3871, CVE-2009-3873, CVE-2009-3874) An information leak was found in the JRE. An untrusted applet or application could use this flaw to extend its privileges, allowing it to read and write local files, as well as to execute local applications with the privileges of the user running the applet or application. (CVE-2009-3881) It was discovered that the JRE still accepts certificates with MD2 hash signatures, even though MD2 is no longer considered a cryptographically strong algorithm. This could make it easier for an attacker to create a malicious certificate that would be treated as trusted by the JRE. With this update, the JRE disables the use of the MD2 algorithm inside signatures by default. (CVE-2009-2409) A timing attack flaw was found in the way the JRE processed HMAC digests. This flaw could aid an attacker using forged digital signatures to bypass authentication checks. (CVE-2009-3875) Two denial of service flaws were found in the JRE. These could be exploited in server-side application scenarios that process DER-encoded (Distinguished Encoding Rules) data. (CVE-2009-3876, CVE-2009-3877) An information leak was found in the way the JRE handled color profiles. An attacker could use this flaw to discover the existence of files outside of the color profiles directory. (CVE-2009-3728) A flaw in the JRE with passing arrays to the X11GraphicsDevice API was found. An untrusted applet or application could use this flaw to access and modify the list of supported graphics configurations. This flaw could also lead to sensitive information being leaked to unprivileged code. (CVE-2009-3879) It was discovered that the JRE passed entire objects to the logging API. This could lead to sensitive information being leaked to either untrusted or lower-privileged code from an attacker-controlled applet which has access to the logging API and is therefore able to manipulate (read and/or call) the passed objects. (CVE-2009-3880) Potential information leaks were found in various mutable static variables. These could be exploited in application scenarios that execute untrusted scripting code. (CVE-2009-3882, CVE-2009-3883) An information leak was found in the way the TimeZone.getTimeZone method was handled. This method could load time zone files that are outside of the [JRE_HOME]/lib/zi/ directory, allowing a remote attacker to probe the local file system. (CVE-2009-3884) Note: The flaws concerning applets in this advisory, CVE-2009-3869, CVE-2009-3871, CVE-2009-3873, CVE-2009-3874, CVE-2009-3879, CVE-2009-3880, CVE-2009-3881 and CVE-2009-3884, can only be triggered in java-1.6.0-openjdk by calling the
    last seen2020-06-01
    modified2020-06-02
    plugin id67075
    published2013-06-29
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67075
    titleCentOS 5 : java-1.6.0-openjdk (CESA-2009:1584)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2009-1584.NASL
    descriptionFrom Red Hat Security Advisory 2009:1584 : Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE) contains the software and tools that users need to run applications written using the Java programming language. An integer overflow flaw and buffer overflow flaws were found in the way the JRE processed image files. An untrusted applet or application could use these flaws to extend its privileges, allowing it to read and write local files, as well as to execute local applications with the privileges of the user running the applet or application. (CVE-2009-3869, CVE-2009-3871, CVE-2009-3873, CVE-2009-3874) An information leak was found in the JRE. An untrusted applet or application could use this flaw to extend its privileges, allowing it to read and write local files, as well as to execute local applications with the privileges of the user running the applet or application. (CVE-2009-3881) It was discovered that the JRE still accepts certificates with MD2 hash signatures, even though MD2 is no longer considered a cryptographically strong algorithm. This could make it easier for an attacker to create a malicious certificate that would be treated as trusted by the JRE. With this update, the JRE disables the use of the MD2 algorithm inside signatures by default. (CVE-2009-2409) A timing attack flaw was found in the way the JRE processed HMAC digests. This flaw could aid an attacker using forged digital signatures to bypass authentication checks. (CVE-2009-3875) Two denial of service flaws were found in the JRE. These could be exploited in server-side application scenarios that process DER-encoded (Distinguished Encoding Rules) data. (CVE-2009-3876, CVE-2009-3877) An information leak was found in the way the JRE handled color profiles. An attacker could use this flaw to discover the existence of files outside of the color profiles directory. (CVE-2009-3728) A flaw in the JRE with passing arrays to the X11GraphicsDevice API was found. An untrusted applet or application could use this flaw to access and modify the list of supported graphics configurations. This flaw could also lead to sensitive information being leaked to unprivileged code. (CVE-2009-3879) It was discovered that the JRE passed entire objects to the logging API. This could lead to sensitive information being leaked to either untrusted or lower-privileged code from an attacker-controlled applet which has access to the logging API and is therefore able to manipulate (read and/or call) the passed objects. (CVE-2009-3880) Potential information leaks were found in various mutable static variables. These could be exploited in application scenarios that execute untrusted scripting code. (CVE-2009-3882, CVE-2009-3883) An information leak was found in the way the TimeZone.getTimeZone method was handled. This method could load time zone files that are outside of the [JRE_HOME]/lib/zi/ directory, allowing a remote attacker to probe the local file system. (CVE-2009-3884) Note: The flaws concerning applets in this advisory, CVE-2009-3869, CVE-2009-3871, CVE-2009-3873, CVE-2009-3874, CVE-2009-3879, CVE-2009-3880, CVE-2009-3881 and CVE-2009-3884, can only be triggered in java-1.6.0-openjdk by calling the
    last seen2020-06-01
    modified2020-06-02
    plugin id67960
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67960
    titleOracle Linux 5 : java-1.6.0-openjdk (ELSA-2009-1584)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_1_JAVA-1_6_0-OPENJDK-091125.NASL
    descriptionNew icedtea update to fix : - ICC_Profile file existence detection information leak; CVE-2009-3728: CVSS v2 Base Score: 5.0 - BMP parsing DoS with UNC ICC links; CVE-2009-3885: CVSS v2 Base Score: 5.0 - resurrected classloaders can still have children; CVE-2009-3881: CVSS v2 Base Score: 7.5 - Numerous static security flaws in Swing; CVE-2009-3882: CVSS v2 Base Score: 7.5 - Mutable statics in Windows PL&F; CVE-2009-3883: CVSS v2 Base Score: 7.5 - UI logging information leakage; CVE-2009-3880: CVSS v2 Base Score: 5.0 - GraphicsConfiguration information leak; CVE-2009-3879: CVSS v2 Base Score: 7.5 - zoneinfo file existence information leak; CVE-2009-3884: CVSS v2 Base Score: 5.0 - deprecate MD2 in SSL cert validation; CVE-2009-2409: CVSS v2 Base Score: 6.4 - JPEG Image Writer quantization problem; CVE-2009-3873: CVSS v2 Base Score: 9.3 - MessageDigest.isEqual introduces timing attack vulnerabilities; CVE-2009-3875: CVSS v2 Base Score: 5.0 - OpenJDK ASN.1/DER input stream parser denial of service; CVE-2009-3876,CVE-2009-3877: CVSS v2 Base Score: 5.0 - JRE AWT setDifflCM stack overflow; CVE-2009-3869: CVSS v2 Base Score: 9.3 - ImageI/O JPEG heap overflow; CVE-2009-3874: CVSS v2 Base Score: 9.3 - JRE AWT setBytePixels heap overflow; CVE-2009-3871: CVSS v2 Base Score: 9.3
    last seen2020-06-01
    modified2020-06-02
    plugin id42923
    published2009-11-30
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/42923
    titleopenSUSE Security Update : java-1_6_0-openjdk (java-1_6_0-openjdk-1613)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-859-1.NASL
    descriptionDan Kaminsky discovered that SSL certificates signed with MD2 could be spoofed given enough time. As a result, an attacker could potentially create a malicious trusted certificate to impersonate another site. This update handles this issue by completely disabling MD2 for certificate validation in OpenJDK. (CVE-2009-2409) It was discovered that ICC profiles could be identified with
    last seen2020-06-01
    modified2020-06-02
    plugin id42817
    published2009-11-16
    reporterUbuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/42817
    titleUbuntu 8.10 / 9.04 / 9.10 : openjdk-6 vulnerabilities (USN-859-1)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200911-02.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200911-02 (Sun JDK/JRE: Multiple vulnerabilities) Multiple vulnerabilities have been reported in the Sun Java implementation. Please review the CVE identifiers referenced below and the associated Sun Alerts for details. Impact : A remote attacker could entice a user to open a specially crafted JAR archive, applet, or Java Web Start application, possibly resulting in the execution of arbitrary code with the privileges of the user running the application. Furthermore, a remote attacker could cause a Denial of Service affecting multiple services via several vectors, disclose information and memory contents, write or execute local files, conduct session hijacking attacks via GIFAR files, steal cookies, bypass the same-origin policy, load untrusted JAR files, establish network connections to arbitrary hosts and posts via several vectors, modify the list of supported graphics configurations, bypass HMAC-based authentication systems, escalate privileges via several vectors and cause applet code to be executed with older, possibly vulnerable versions of the JRE. NOTE: Some vulnerabilities require a trusted environment, user interaction, a DNS Man-in-the-Middle or Cross-Site-Scripting attack. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id42834
    published2009-11-18
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/42834
    titleGLSA-200911-02 : Sun JDK/JRE: Multiple vulnerabilities
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2009-1662.NASL
    descriptionUpdated java-1.5.0-sun packages that correct several security issues are now available for Red Hat Network Satellite Server 5.1. This update has been rated as having low security impact by the Red Hat Security Response Team. This update corrects several security vulnerabilities in the Sun Java Runtime Environment shipped as part of Red Hat Network Satellite Server 5.1. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. Several flaws were fixed in the Sun Java 5 Runtime Environment. (CVE-2006-2426, CVE-2008-2086, CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, CVE-2009-1096, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100, CVE-2009-1103, CVE-2009-1104, CVE-2009-1107, CVE-2009-2409, CVE-2009-2475, CVE-2009-2625, CVE-2009-2670, CVE-2009-2671, CVE-2009-2672, CVE-2009-2673, CVE-2009-2675, CVE-2009-2676, CVE-2009-2689, CVE-2009-3728, CVE-2009-3873, CVE-2009-3876, CVE-2009-3877, CVE-2009-3879, CVE-2009-3880, CVE-2009-3881, CVE-2009-3882, CVE-2009-3883, CVE-2009-3884) Note: This is the final update for the java-1.5.0-sun packages, as the Sun Java SE Release family 5.0 has now reached End of Service Life. An alternative to Sun Java SE 5.0 is the Java 2 Technology Edition of the IBM Developer Kit for Linux, which is available from the Satellite 5.1 channels on the Red Hat Network. For a long term solution, Red Hat advises users to switch from Sun Java SE 5.0 to the Java 2 Technology Edition of the IBM Developer Kit for Linux. Refer to the Solution section for instructions. Users of Red Hat Network Satellite Server 5.1 are advised to upgrade to these updated java-1.5.0-sun packages, which resolve these issues. All running instances of Sun Java must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id53539
    published2011-04-23
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/53539
    titleRHEL 4 : Sun Java Runtime in Satellite Server (RHSA-2009:1662)
  • NASL familyVMware ESX Local Security Checks
    NASL idVMWARE_VMSA-2010-0002.NASL
    descriptiona. Java JRE Security Update JRE update to version 1.5.0_22, which addresses multiple security issues that existed in earlier releases of JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.5.0_18: CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100, CVE-2009-1101, CVE-2009-1102, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, and CVE-2009-1107. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.5.0_20: CVE-2009-2625, CVE-2009-2670, CVE-2009-2671, CVE-2009-2672, CVE-2009-2673, CVE-2009-2675, CVE-2009-2676, CVE-2009-2716, CVE-2009-2718, CVE-2009-2719, CVE-2009-2720, CVE-2009-2721, CVE-2009-2722, CVE-2009-2723, CVE-2009-2724. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.5.0_22: CVE-2009-3728, CVE-2009-3729, CVE-2009-3864, CVE-2009-3865, CVE-2009-3866, CVE-2009-3867, CVE-2009-3868, CVE-2009-3869, CVE-2009-3871, CVE-2009-3872, CVE-2009-3873, CVE-2009-3874, CVE-2009-3875, CVE-2009-3876, CVE-2009-3877, CVE-2009-3879, CVE-2009-3880, CVE-2009-3881, CVE-2009-3882, CVE-2009-3883, CVE-2009-3884, CVE-2009-3886, CVE-2009-3885.
    last seen2020-06-01
    modified2020-06-02
    plugin id45386
    published2010-03-31
    reporterThis script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/45386
    titleVMSA-2010-0002 : VMware vCenter update release addresses multiple security issues in Java JRE
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2009-11486.NASL
    descriptionAdd latest security patches Bug numbers:510197, 530053, 530057, 530061, 530062, 530063, 530067, 530098, 530173, 530175, 530296, 530297, 530300 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id42802
    published2009-11-16
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/42802
    titleFedora 11 : java-1.6.0-openjdk-1.6.0.0-30.b16.fc11 (2009-11486)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2009-11489.NASL
    descriptionAdd latest security patches Bug numbers:510197, 530053, 530057, 530061, 530062, 530063, 530067, 530098, 530173, 530175, 530296, 530297, 530300 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id42805
    published2009-11-16
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/42805
    titleFedora 12 : java-1.6.0-openjdk-1.6.0.0-33.b16.fc12 (2009-11489)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2009-11490.NASL
    descriptionAdd latest security patches Bug numbers:510197, 530053, 530057, 530061, 530062, 530063, 530067, 530098, 530173, 530175, 530296, 530297, 530300 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id42806
    published2009-11-16
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/42806
    titleFedora 10 : java-1.6.0-openjdk-1.6.0.0-23.b16.fc10 (2009-11490)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2010-084.NASL
    descriptionMultiple Java OpenJDK security vulnerabilities has been identified and fixed : - TLS: MITM attacks via session renegotiation (CVE-2009-3555). - Loader-constraint table allows arrays instead of only the b ase-classes (CVE-2010-0082). - Policy/PolicyFile leak dynamic ProtectionDomains. (CVE-2010-0084). - File TOCTOU deserialization vulnerability (CVE-2010-0085). - Inflater/Deflater clone issues (CVE-2010-0088). - Unsigned applet can retrieve the dragged information before drop action occurs (CVE-2010-0091). - AtomicReferenceArray causes SIGSEGV -> SEGV_MAPERR error (CVE-2010-0092). - System.arraycopy unable to reference elements beyond Integer.MAX_VALUE bytes (CVE-2010-0093). - Deserialization of RMIConnectionImpl objects should enforce stricter checks (CVE-2010-0094). - Subclasses of InetAddress may incorrectly interpret network addresses (CVE-2010-0095). - JAR unpack200 must verify input parameters (CVE-2010-0837). - CMM readMabCurveData Buffer Overflow Vulnerability (CVE-2010-0838). - Applet Trusted Methods Chaining Privilege Escalation Vulnerability (CVE-2010-0840). - No ClassCastException for HashAttributeSet constructors if run with -Xcomp (CVE-2010-0845) - ImagingLib arbitrary code execution vulnerability (CVE-2010-0847). - AWT Library Invalid Index Vulnerability (CVE-2010-0848). Additional security issues that was fixed with IcedTea6 1.6.2 : - deprecate MD2 in SSL cert validation (CVE-2009-2409). - ICC_Profile file existence detection information leak (CVE-2009-3728). - JRE AWT setDifflCM stack overflow (CVE-2009-3869). - JRE AWT setBytePixels heap overflow (CVE-2009-3871). - JPEG Image Writer quantization problem (CVE-2009-3873). - ImageI/O JPEG heap overflow (CVE-2009-3874). - MessageDigest.isEqual introduces timing attack vulnerabilities (CVE-2009-3875). - OpenJDK ASN.1/DER input stream parser denial of service (CVE-2009-3876, CVE-2009-3877) - GraphicsConfiguration information leak (CVE-2009-3879). - UI logging information leakage (CVE-2009-3880). - resurrected classloaders can still have children (CVE-2009-3881). - Numerous static security flaws in Swing (findbugs) (CVE-2009-3882). - Mutable statics in Windows PL&amp;F (findbugs) (CVE-2009-3883). - zoneinfo file existence information leak (CVE-2009-3884). - BMP parsing DoS with UNC ICC links (CVE-2009-3885). Additionally Paulo Cesar Pereira de Andrade (pcpa) at Mandriva found and fixed a bug in IcedTea6 1.8 that is also applied to the provided packages : - plugin/icedteanp/IcedTeaNPPlugin.cc (plugin_filter_environment): Increment malloc size by one to account for NULL terminator. Bug# 474. Packages for 2009.0 are provided due to the Extended Maintenance Program.
    last seen2020-06-01
    modified2020-06-02
    plugin id46176
    published2010-04-29
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/46176
    titleMandriva Linux Security Advisory : java-1.6.0-openjdk (MDVSA-2010:084)

Oval

  • accepted2014-01-20T04:01:33.752-05:00
    classvulnerability
    contributors
    • nameJ. Daniel Brown
      organizationDTCC
    • nameChris Coffin
      organizationThe MITRE Corporation
    definition_extensions
    commentVMware ESX Server 4.0 is installed
    ovaloval:org.mitre.oval:def:6293
    descriptionMultiple unspecified vulnerabilities in the Swing implementation in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and remote attack vectors, related to "information leaks in mutable variables," aka Bug Id 6657026.
    familyunix
    idoval:org.mitre.oval:def:7300
    statusaccepted
    submitted2010-06-01T17:30:00.000-05:00
    titleOpenJDK Information Leaks in Mutable Variables
    version8
  • accepted2013-04-29T04:17:54.534-04:00
    classvulnerability
    contributors
    • nameAharon Chernin
      organizationSCAP.com, LLC
    • nameDragos Prisaca
      organizationG2, Inc.
    definition_extensions
    • commentThe operating system installed on the system is Red Hat Enterprise Linux 5
      ovaloval:org.mitre.oval:def:11414
    • commentThe operating system installed on the system is CentOS Linux 5.x
      ovaloval:org.mitre.oval:def:15802
    • commentOracle Linux 5.x
      ovaloval:org.mitre.oval:def:15459
    descriptionMultiple unspecified vulnerabilities in the Swing implementation in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and remote attack vectors, related to "information leaks in mutable variables," aka Bug Id 6657026.
    familyunix
    idoval:org.mitre.oval:def:8841
    statusaccepted
    submitted2010-07-09T03:56:16-04:00
    titleMultiple unspecified vulnerabilities in the Swing implementation in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and remote attack vectors, related to "information leaks in mutable variables," aka Bug Id 6657026.
    version18

Redhat

rpms
  • java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4
  • java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5
  • java-1.6.0-sun-demo-1:1.6.0.17-1jpp.1.el4
  • java-1.6.0-sun-demo-1:1.6.0.17-1jpp.2.el5
  • java-1.6.0-sun-devel-1:1.6.0.17-1jpp.1.el4
  • java-1.6.0-sun-devel-1:1.6.0.17-1jpp.2.el5
  • java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.1.el4
  • java-1.6.0-sun-jdbc-1:1.6.0.17-1jpp.2.el5
  • java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.1.el4
  • java-1.6.0-sun-plugin-1:1.6.0.17-1jpp.2.el5
  • java-1.6.0-sun-src-1:1.6.0.17-1jpp.1.el4
  • java-1.6.0-sun-src-1:1.6.0.17-1jpp.2.el5
  • java-1.5.0-sun-0:1.5.0.22-1jpp.1.el4
  • java-1.5.0-sun-0:1.5.0.22-1jpp.1.el5
  • java-1.5.0-sun-demo-0:1.5.0.22-1jpp.1.el4
  • java-1.5.0-sun-demo-0:1.5.0.22-1jpp.1.el5
  • java-1.5.0-sun-devel-0:1.5.0.22-1jpp.1.el4
  • java-1.5.0-sun-devel-0:1.5.0.22-1jpp.1.el5
  • java-1.5.0-sun-jdbc-0:1.5.0.22-1jpp.1.el4
  • java-1.5.0-sun-jdbc-0:1.5.0.22-1jpp.1.el5
  • java-1.5.0-sun-plugin-0:1.5.0.22-1jpp.1.el4
  • java-1.5.0-sun-plugin-0:1.5.0.22-1jpp.1.el5
  • java-1.5.0-sun-src-0:1.5.0.22-1jpp.1.el4
  • java-1.5.0-sun-src-0:1.5.0.22-1jpp.1.el5
  • java-1.6.0-openjdk-1:1.6.0.0-1.7.b09.el5
  • java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.7.b09.el5
  • java-1.6.0-openjdk-demo-1:1.6.0.0-1.7.b09.el5
  • java-1.6.0-openjdk-devel-1:1.6.0.0-1.7.b09.el5
  • java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.7.b09.el5
  • java-1.6.0-openjdk-src-1:1.6.0.0-1.7.b09.el5
  • java-1.5.0-sun-0:1.5.0.22-1jpp.1.el4
  • java-1.5.0-sun-devel-0:1.5.0.22-1jpp.1.el4