Vulnerabilities > CVE-2010-0840

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
oracle
opensuse
canonical
critical
nessus
exploit available
metasploit

Summary

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to improper checks when executing privileged methods in the Java Runtime Environment (JRE), which allows attackers to execute arbitrary code via (1) an untrusted object that extends the trusted class but has not modified a certain method, or (2) "a similar trust issue with interfaces," aka "Trusted Methods Chaining Remote Code Execution Vulnerability."

Exploit-Db

descriptionJava Statement.invoke() Trusted Method Chain Exploit. CVE-2010-0840. Remote exploits for multiple platform
idEDB-ID:16297
last seen2016-02-01
modified2010-12-15
published2010-12-15
reportermetasploit
sourcehttps://www.exploit-db.com/download/16297/
titleJava Statement.invoke Trusted Method Chain Exploit

Metasploit

descriptionThis module exploits a vulnerability in Java Runtime Environment that allows an untrusted method to run in a privileged context. The vulnerability affects version 6 prior to update 19 and version 5 prior to update 23.
idMSF:EXPLOIT/MULTI/BROWSER/JAVA_TRUSTED_CHAIN
last seen2020-06-14
modified1976-01-01
published1976-01-01
references
reporterRapid7
sourcehttps://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/multi/browser/java_trusted_chain.rb
titleJava Statement.invoke() Trusted Method Chain Privilege Escalation

Nessus

  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-923-1.NASL
    descriptionMarsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user
    last seen2020-06-01
    modified2020-06-02
    plugin id45474
    published2010-04-09
    reporterUbuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/45474
    titleUbuntu 8.04 LTS / 8.10 / 9.04 / 9.10 : openjdk-6 vulnerabilities (USN-923-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-923-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(45474);
      script_version("1.24");
      script_cvs_date("Date: 2019/09/19 12:54:26");
    
      script_cve_id("CVE-2009-3555", "CVE-2010-0082", "CVE-2010-0084", "CVE-2010-0085", "CVE-2010-0088", "CVE-2010-0091", "CVE-2010-0092", "CVE-2010-0093", "CVE-2010-0094", "CVE-2010-0095", "CVE-2010-0837", "CVE-2010-0838", "CVE-2010-0840", "CVE-2010-0845", "CVE-2010-0847", "CVE-2010-0848");
      script_bugtraq_id(36935, 39065, 39069, 39071, 39072, 39075, 39078, 39081, 39085, 39086, 39088, 39089, 39090, 39093, 39094, 39096);
      script_xref(name:"USN", value:"923-1");
    
      script_name(english:"Ubuntu 8.04 LTS / 8.10 / 9.04 / 9.10 : openjdk-6 vulnerabilities (USN-923-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3
    protocols. If an attacker could perform a man in the middle attack at
    the start of a TLS connection, the attacker could inject arbitrary
    content at the beginning of the user's session. (CVE-2009-3555)
    
    It was discovered that Loader-constraint table, Policy/PolicyFile,
    Inflater/Deflater, drag/drop access, and deserialization did not
    correctly handle certain sensitive objects. If a user were tricked
    into running a specially crafted applet, private information could be
    leaked to a remote attacker, leading to a loss of privacy.
    (CVE-2010-0082, CVE-2010-0084, CVE-2010-0085, CVE-2010-0088,
    CVE-2010-0091, CVE-2010-0094)
    
    It was discovered that AtomicReferenceArray, System.arraycopy,
    InetAddress, and HashAttributeSet did not correctly handle certain
    situations. If a remote attacker could trigger specific error
    conditions, a Java application could crash, leading to a denial of
    service. (CVE-2010-0092, CVE-2010-0093, CVE-2010-0095, CVE-2010-0845)
    
    It was discovered that Pack200, CMM readMabCurveData, ImagingLib, and
    the AWT library did not correctly check buffer lengths. If a user or
    automated system were tricked into handling specially crafted JAR
    files or images, a remote attacker could crash the Java application or
    possibly gain user privileges (CVE-2010-0837, CVE-2010-0838,
    CVE-2010-0847, CVE-2010-0848).
    
    It was discovered that applets did not correctly handle certain trust
    chains. If a user were tricked into running a specially crafted
    applet, a remote attacker could possibly run untrusted code with user
    privileges. (CVE-2010-0840).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/923-1/"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Java Statement.invoke() Trusted Method Chain Privilege Escalation');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
      script_cwe_id(310);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:icedtea-6-jre-cacao");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:icedtea6-plugin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-demo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-headless");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-lib");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-zero");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-source");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-source-files");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:8.04:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:8.10");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:9.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:9.10");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2009/11/09");
      script_set_attribute(attribute:"patch_publication_date", value:"2010/04/06");
      script_set_attribute(attribute:"plugin_publication_date", value:"2010/04/09");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(8\.04|8\.10|9\.04|9\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 8.04 / 8.10 / 9.04 / 9.10", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"8.04", pkgname:"openjdk-6-dbg", pkgver:"6b11-2ubuntu2.2")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"openjdk-6-demo", pkgver:"6b11-2ubuntu2.2")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"openjdk-6-doc", pkgver:"6b11-2ubuntu2.2")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"openjdk-6-jdk", pkgver:"6b11-2ubuntu2.2")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"openjdk-6-jre", pkgver:"6b11-2ubuntu2.2")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"openjdk-6-jre-headless", pkgver:"6b11-2ubuntu2.2")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"openjdk-6-jre-lib", pkgver:"6b11-2ubuntu2.2")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"openjdk-6-source", pkgver:"6b11-2ubuntu2.2")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"icedtea6-plugin", pkgver:"6b12-0ubuntu6.7")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"openjdk-6-dbg", pkgver:"6b12-0ubuntu6.7")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"openjdk-6-demo", pkgver:"6b12-0ubuntu6.7")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"openjdk-6-doc", pkgver:"6b12-0ubuntu6.7")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"openjdk-6-jdk", pkgver:"6b12-0ubuntu6.7")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"openjdk-6-jre", pkgver:"6b12-0ubuntu6.7")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"openjdk-6-jre-headless", pkgver:"6b12-0ubuntu6.7")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"openjdk-6-jre-lib", pkgver:"6b12-0ubuntu6.7")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"openjdk-6-source", pkgver:"6b12-0ubuntu6.7")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"openjdk-6-source-files", pkgver:"6b12-0ubuntu6.7")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"icedtea-6-jre-cacao", pkgver:"6b14-1.4.1-0ubuntu13")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"icedtea6-plugin", pkgver:"6b14-1.4.1-0ubuntu13")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"openjdk-6-dbg", pkgver:"6b14-1.4.1-0ubuntu13")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"openjdk-6-demo", pkgver:"6b14-1.4.1-0ubuntu13")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"openjdk-6-doc", pkgver:"6b14-1.4.1-0ubuntu13")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"openjdk-6-jdk", pkgver:"6b14-1.4.1-0ubuntu13")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"openjdk-6-jre", pkgver:"6b14-1.4.1-0ubuntu13")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"openjdk-6-jre-headless", pkgver:"6b14-1.4.1-0ubuntu13")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"openjdk-6-jre-lib", pkgver:"6b14-1.4.1-0ubuntu13")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"openjdk-6-jre-zero", pkgver:"6b14-1.4.1-0ubuntu13")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"openjdk-6-source", pkgver:"6b14-1.4.1-0ubuntu13")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"openjdk-6-source-files", pkgver:"6b14-1.4.1-0ubuntu13")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"icedtea-6-jre-cacao", pkgver:"6b16-1.6.1-3ubuntu3")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"icedtea6-plugin", pkgver:"6b16-1.6.1-3ubuntu3")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"openjdk-6-dbg", pkgver:"6b16-1.6.1-3ubuntu3")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"openjdk-6-demo", pkgver:"6b16-1.6.1-3ubuntu3")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"openjdk-6-doc", pkgver:"6b16-1.6.1-3ubuntu3")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"openjdk-6-jdk", pkgver:"6b16-1.6.1-3ubuntu3")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"openjdk-6-jre", pkgver:"6b16-1.6.1-3ubuntu3")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"openjdk-6-jre-headless", pkgver:"6b16-1.6.1-3ubuntu3")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"openjdk-6-jre-lib", pkgver:"6b16-1.6.1-3ubuntu3")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"openjdk-6-jre-zero", pkgver:"6b16-1.6.1-3ubuntu3")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"openjdk-6-source", pkgver:"6b16-1.6.1-3ubuntu3")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "icedtea-6-jre-cacao / icedtea6-plugin / openjdk-6-dbg / etc");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2010-0339.NASL
    descriptionUpdated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE) contains the software and tools that users need to run applications written using the Java programming language. A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols handle session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client
    last seen2020-06-01
    modified2020-06-02
    plugin id46295
    published2010-05-11
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/46295
    titleRHEL 5 : java-1.6.0-openjdk (RHSA-2010:0339)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2010:0339. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(46295);
      script_version ("1.32");
      script_cvs_date("Date: 2019/10/25 13:36:15");
    
      script_cve_id("CVE-2009-3555", "CVE-2010-0082", "CVE-2010-0084", "CVE-2010-0085", "CVE-2010-0088", "CVE-2010-0091", "CVE-2010-0092", "CVE-2010-0093", "CVE-2010-0094", "CVE-2010-0095", "CVE-2010-0837", "CVE-2010-0838", "CVE-2010-0840", "CVE-2010-0845", "CVE-2010-0847", "CVE-2010-0848");
      script_bugtraq_id(36935, 39065, 39069, 39071, 39072, 39075, 39078, 39081, 39085, 39086, 39088, 39089, 39090, 39093, 39094, 39096);
      script_xref(name:"RHSA", value:"2010:0339");
    
      script_name(english:"RHEL 5 : java-1.6.0-openjdk (RHSA-2010:0339)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated java-1.6.0-openjdk packages that fix several security issues
    are now available for Red Hat Enterprise Linux 5.
    
    The Red Hat Security Response Team has rated this update as having
    important security impact. Common Vulnerability Scoring System (CVSS)
    base scores, which give detailed severity ratings, are available for
    each vulnerability from the CVE links in the References section.
    
    These packages provide the OpenJDK 6 Java Runtime Environment and the
    OpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE)
    contains the software and tools that users need to run applications
    written using the Java programming language.
    
    A flaw was found in the way the TLS/SSL (Transport Layer
    Security/Secure Sockets Layer) protocols handle session renegotiation.
    A man-in-the-middle attacker could use this flaw to prefix arbitrary
    plain text to a client's session (for example, an HTTPS connection to
    a website). This could force the server to process an attacker's
    request as if authenticated using the victim's credentials.
    (CVE-2009-3555)
    
    This update disables renegotiation in the Java Secure Socket Extension
    (JSSE) component. Unsafe renegotiation can be re-enabled using the
    sun.security.ssl.allowUnsafeRenegotiation property. Refer to the
    following Knowledgebase article for details:
    http://kbase.redhat.com/faq/docs/DOC-20491
    
    A number of flaws have been fixed in the Java Virtual Machine (JVM)
    and in various Java class implementations. These flaws could allow an
    unsigned applet or application to bypass intended access restrictions.
    (CVE-2010-0082, CVE-2010-0084, CVE-2010-0085, CVE-2010-0088,
    CVE-2010-0094)
    
    An untrusted applet could access clipboard information if a drag
    operation was performed over that applet's canvas. This could lead to
    an information leak. (CVE-2010-0091)
    
    The rawIndex operation incorrectly handled large values, causing the
    corruption of internal memory structures, resulting in an untrusted
    applet or application crashing. (CVE-2010-0092)
    
    The System.arraycopy operation incorrectly handled large index values,
    potentially causing array corruption in an untrusted applet or
    application. (CVE-2010-0093)
    
    Subclasses of InetAddress may incorrectly interpret network addresses,
    allowing an untrusted applet or application to bypass network access
    restrictions. (CVE-2010-0095)
    
    In certain cases, type assignments could result in 'non-exact'
    interface types. This could be used to bypass type-safety
    restrictions. (CVE-2010-0845)
    
    A buffer overflow flaw in LittleCMS (embedded in OpenJDK) could cause
    an untrusted applet or application using color profiles from untrusted
    sources to crash. (CVE-2010-0838)
    
    An input validation flaw was found in the JRE unpack200 functionality.
    An untrusted applet or application could use this flaw to elevate its
    privileges. (CVE-2010-0837)
    
    Deferred calls to trusted applet methods could be granted incorrect
    permissions, allowing an untrusted applet or application to extend its
    privileges. (CVE-2010-0840)
    
    A missing input validation flaw in the JRE could allow an attacker to
    crash an untrusted applet or application. (CVE-2010-0848)
    
    A flaw in Java2D could allow an attacker to execute arbitrary code
    with the privileges of a user running an untrusted applet or
    application that uses Java2D. (CVE-2010-0847)
    
    Note: The flaws concerning applets in this advisory, CVE-2010-0082,
    CVE-2010-0084, CVE-2010-0085, CVE-2010-0088, CVE-2010-0091,
    CVE-2010-0092, CVE-2010-0093, CVE-2010-0094, CVE-2010-0095,
    CVE-2010-0837, CVE-2010-0838, CVE-2010-0840, CVE-2010-0847, and
    CVE-2010-0848, can only be triggered in java-1.6.0-openjdk by calling
    the 'appletviewer' application.
    
    This update also provides three defense in depth patches. (BZ#575745,
    BZ#575861, BZ#575789)
    
    All users of java-1.6.0-openjdk are advised to upgrade to these
    updated packages, which resolve these issues. All running instances of
    OpenJDK Java must be restarted for the update to take effect."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2009-3555"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2010-0082"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2010-0084"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2010-0085"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2010-0088"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2010-0091"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2010-0092"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2010-0093"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2010-0094"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2010-0095"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2010-0837"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2010-0838"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2010-0840"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2010-0845"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2010-0847"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2010-0848"
      );
      # http://kbase.redhat.com/faq/docs/DOC-20491
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/articles/20490"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2010:0339"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Java Statement.invoke() Trusted Method Chain Privilege Escalation');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
      script_cwe_id(310);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-demo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-javadoc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-src");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2009/11/09");
      script_set_attribute(attribute:"patch_publication_date", value:"2010/03/31");
      script_set_attribute(attribute:"plugin_publication_date", value:"2010/05/11");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2010:0339";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"java-1.6.0-openjdk-1.6.0.0-1.11.b16.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.6.0-openjdk-1.6.0.0-1.11.b16.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"java-1.6.0-openjdk-demo-1.6.0.0-1.11.b16.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.6.0-openjdk-demo-1.6.0.0-1.11.b16.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"java-1.6.0-openjdk-devel-1.6.0.0-1.11.b16.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.6.0-openjdk-devel-1.6.0.0-1.11.b16.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"java-1.6.0-openjdk-javadoc-1.6.0.0-1.11.b16.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.6.0-openjdk-javadoc-1.6.0.0-1.11.b16.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"java-1.6.0-openjdk-src-1.6.0.0-1.11.b16.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.6.0-openjdk-src-1.6.0.0-1.11.b16.el5")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1.6.0-openjdk / java-1.6.0-openjdk-demo / etc");
      }
    }
    
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20100331_JAVA__JDK_1_6_0__ON_SL4_X.NASL
    descriptionCVE-2009-3555 TLS: MITM attacks via session renegotiation CVE-2010-0082 OpenJDK Loader-constraint table allows arrays instead of only the base-classes (6626217) CVE-2010-0084 OpenJDK Policy/PolicyFile leak dynamic ProtectionDomains. (6633872) CVE-2010-0085 OpenJDK File TOCTOU deserialization vulnerability (6736390) CVE-2010-0088 OpenJDK Inflater/Deflater clone issues (6745393) CVE-2010-0091 OpenJDK Unsigned applet can retrieve the dragged information before drop action occurs(6887703) CVE-2010-0092 OpenJDK AtomicReferenceArray causes SIGSEGV -> SEGV_MAPERR error (6888149) CVE-2010-0093 OpenJDK System.arraycopy unable to reference elements beyond Integer.MAX_VALUE bytes (6892265) CVE-2010-0094 OpenJDK Deserialization of RMIConnectionImpl objects should enforce stricter checks (6893947) CVE-2010-0095 OpenJDK Subclasses of InetAddress may incorrectly interpret network addresses (6893954) CVE-2010-0845 OpenJDK No ClassCastException for HashAttributeSet constructors if run with -Xcomp (6894807) CVE-2010-0838 OpenJDK CMM readMabCurveData Buffer Overflow Vulnerability (6899653) CVE-2010-0837 OpenJDK JAR
    last seen2020-06-01
    modified2020-06-02
    plugin id60777
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60777
    titleScientific Linux Security Update : java (jdk 1.6.0) on SL4.x, SL5.x i386/x86_64
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text is (C) Scientific Linux.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(60777);
      script_version("1.9");
      script_cvs_date("Date: 2019/10/25 13:36:18");
    
      script_cve_id("CVE-2009-3555", "CVE-2010-0082", "CVE-2010-0084", "CVE-2010-0085", "CVE-2010-0087", "CVE-2010-0088", "CVE-2010-0089", "CVE-2010-0090", "CVE-2010-0091", "CVE-2010-0092", "CVE-2010-0093", "CVE-2010-0094", "CVE-2010-0095", "CVE-2010-0837", "CVE-2010-0838", "CVE-2010-0839", "CVE-2010-0840", "CVE-2010-0841", "CVE-2010-0842", "CVE-2010-0843", "CVE-2010-0844", "CVE-2010-0845", "CVE-2010-0846", "CVE-2010-0847", "CVE-2010-0848", "CVE-2010-0849");
    
      script_name(english:"Scientific Linux Security Update : java (jdk 1.6.0) on SL4.x, SL5.x i386/x86_64");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Scientific Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "CVE-2009-3555 TLS: MITM attacks via session renegotiation
    
    CVE-2010-0082 OpenJDK Loader-constraint table allows arrays instead of
    only the base-classes (6626217)
    
    CVE-2010-0084 OpenJDK Policy/PolicyFile leak dynamic
    ProtectionDomains. (6633872)
    
    CVE-2010-0085 OpenJDK File TOCTOU deserialization vulnerability
    (6736390)
    
    CVE-2010-0088 OpenJDK Inflater/Deflater clone issues (6745393)
    
    CVE-2010-0091 OpenJDK Unsigned applet can retrieve the dragged
    information before drop action occurs(6887703)
    
    CVE-2010-0092 OpenJDK AtomicReferenceArray causes SIGSEGV ->
    SEGV_MAPERR error (6888149)
    
    CVE-2010-0093 OpenJDK System.arraycopy unable to reference elements
    beyond Integer.MAX_VALUE bytes (6892265)
    
    CVE-2010-0094 OpenJDK Deserialization of RMIConnectionImpl objects
    should enforce stricter checks (6893947)
    
    CVE-2010-0095 OpenJDK Subclasses of InetAddress may incorrectly
    interpret network addresses (6893954)
    
    CVE-2010-0845 OpenJDK No ClassCastException for HashAttributeSet
    constructors if run with -Xcomp (6894807)
    
    CVE-2010-0838 OpenJDK CMM readMabCurveData Buffer Overflow
    Vulnerability (6899653)
    
    CVE-2010-0837 OpenJDK JAR 'unpack200' must verify input parameters
    (6902299)
    
    CVE-2010-0840 OpenJDK Applet Trusted Methods Chaining Privilege
    Escalation Vulnerability (6904691)
    
    CVE-2010-0841 OpenJDK JPEGImageReader stepX Integer Overflow
    Vulnerability (6909597)
    
    CVE-2010-0848 OpenJDK AWT Library Invalid Index Vulnerability
    (6914823)
    
    CVE-2010-0847 OpenJDK ImagingLib arbitrary code execution
    vulnerability (6914866)
    
    CVE-2010-0846 JDK unspecified vulnerability in ImageIO component
    
    CVE-2010-0849 JDK unspecified vulnerability in Java2D component
    
    CVE-2010-0087 JDK unspecified vulnerability in JWS/Plugin component
    
    CVE-2010-0839 CVE-2010-0842 CVE-2010-0843 CVE-2010-0844 JDK multiple
    unspecified vulnerabilities
    
    CVE-2010-0090 JDK unspecified vulnerability in JavaWS/Plugin component
    
    CVE-2010-0089 JDK unspecified vulnerability in JavaWS/Plugin component
    
    This update fixes several vulnerabilities in the Sun Java 6 Runtime
    Environment and the Sun Java 6 Software Development Kit. Further
    information about these flaws can be found on the 'Oracle Java SE and
    Java for Business Critical Patch Update Advisory' page, listed in the
    References section. (CVE-2009-3555, CVE-2010-0082, CVE-2010-0084,
    
    CVE-2010-0085, CVE-2010-0087, CVE-2010-0088, CVE-2010-0089,
    
    CVE-2010-0090, CVE-2010-0091, CVE-2010-0092, CVE-2010-0093,
    
    CVE-2010-0094, CVE-2010-0095, CVE-2010-0837, CVE-2010-0838,
    
    CVE-2010-0839, CVE-2010-0840, CVE-2010-0841, CVE-2010-0842,
    
    CVE-2010-0843, CVE-2010-0844, CVE-2010-0845, CVE-2010-0846,
    
    CVE-2010-0847, CVE-2010-0848, CVE-2010-0849)
    
    For the CVE-2009-3555 issue, this update disables renegotiation in the
    Java Secure Socket Extension (JSSE) component. Unsafe renegotiation
    can be re-enabled using the sun.security.ssl.allowUnsafeRenegotiation
    property.
    
    All running instances of Sun Java must be restarted for the update to
    take effect."
      );
      # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1004&L=scientific-linux-errata&T=0&P=1274
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?30226ac8"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected java-1.6.0-sun-compat and / or jdk packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Java MixerSequencer Object GM_Song Structure Handling Vulnerability');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
      script_cwe_id(310);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2009/11/09");
      script_set_attribute(attribute:"patch_publication_date", value:"2010/03/31");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Scientific Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"SL4", reference:"java-1.6.0-sun-compat-1.6.0.19-1.sl4.jpp")) flag++;
    if (rpm_check(release:"SL4", reference:"jdk-1.6.0_19-fcs")) flag++;
    
    if (rpm_check(release:"SL5", reference:"java-1.6.0-sun-compat-1.6.0.19-1.sl5.jpp")) flag++;
    if (rpm_check(release:"SL5", reference:"jdk-1.6.0_19-fcs")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_JAVA-1_6_0-IBM-100525.NASL
    descriptionThis update of IBM Java 6 to Service Request 8 to fixes the following security issues : - Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality via unknown vectors. (CVE-2010-0084) - Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.225, and 1.3.127 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. (CVE-2010-0085) - Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.225, and 1.3.127 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. (CVE-2010-0087) - Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.225, and 1.3.127 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. (CVE-2010-0088) - Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect availability via unknown vectors. (CVE-2010-0089) - Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18 allows remote attackers to affect integrity and availability via unknown vectors. (CVE-2010-0090) - Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality via unknown vectors. (CVE-2010-0091) - Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, and 5.0 Update 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. (CVE-2010-0092) - Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18 and 5.0 Update 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is due to missing privilege checks during deserialization of RMIConnectionImpl objects, which allows remote attackers to call system-level Java functions via the class loader of a constructor that is being deserialized. (CVE-2010-0094) - Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. (CVE-2010-0095) - Unspecified vulnerability in the Pack200 component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. (CVE-2010-0837) - Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a stack-based buffer overflow using an untrusted size value in the readMabCurveData function in the CMM module of the JVM. (CVE-2010-0838) - Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.225, and 1.3.1 27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. (CVE-2010-0839) - Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to improper checks when executing privileged methods in the Java Runtime Environment (JRE), which allows attackers to execute arbitrary code via (1) an untrusted object that extends the trusted class but has not modified a certain method, or (2)
    last seen2020-06-01
    modified2020-06-02
    plugin id51606
    published2011-01-21
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/51606
    titleSuSE 11.1 Security Update : IBM Java 6 (SAT Patch Number 2553)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from SuSE 11 update information. The text itself is
    # copyright (C) Novell, Inc.
    #
    
    if (NASL_LEVEL < 3000) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(51606);
      script_version("1.14");
      script_cvs_date("Date: 2019/10/25 13:36:39");
    
      script_cve_id("CVE-2010-0084", "CVE-2010-0085", "CVE-2010-0087", "CVE-2010-0088", "CVE-2010-0089", "CVE-2010-0090", "CVE-2010-0091", "CVE-2010-0092", "CVE-2010-0094", "CVE-2010-0095", "CVE-2010-0837", "CVE-2010-0838", "CVE-2010-0839", "CVE-2010-0840", "CVE-2010-0841", "CVE-2010-0842", "CVE-2010-0843", "CVE-2010-0844", "CVE-2010-0846", "CVE-2010-0847", "CVE-2010-0848", "CVE-2010-0849");
    
      script_name(english:"SuSE 11.1 Security Update : IBM Java 6 (SAT Patch Number 2553)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 11 host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update of IBM Java 6 to Service Request 8 to fixes the following
    security issues :
    
      - Unspecified vulnerability in the Java Runtime
        Environment component in Oracle Java SE and Java for
        Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows
        remote attackers to affect confidentiality via unknown
        vectors. (CVE-2010-0084)
    
      - Unspecified vulnerability in the Java Runtime
        Environment component in Oracle Java SE and Java for
        Business 6 Update 18, 5.0 Update 23, 1.4.225, and
        1.3.127 allows remote attackers to affect
        confidentiality, integrity, and availability via unknown
        vectors. (CVE-2010-0085)
    
      - Unspecified vulnerability in the Java Web Start, Java
        Plug-in component in Oracle Java SE and Java for
        Business 6 Update 18, 5.0 Update 23, 1.4.225, and
        1.3.127 allows remote attackers to affect
        confidentiality, integrity, and availability via unknown
        vectors. (CVE-2010-0087)
    
      - Unspecified vulnerability in the Java Runtime
        Environment component in Oracle Java SE and Java for
        Business 6 Update 18, 5.0 Update 23, 1.4.225, and
        1.3.127 allows remote attackers to affect
        confidentiality, integrity, and availability via unknown
        vectors. (CVE-2010-0088)
    
      - Unspecified vulnerability in the Java Web Start, Java
        Plug-in component in Oracle Java SE and Java for
        Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows
        remote attackers to affect availability via unknown
        vectors. (CVE-2010-0089)
    
      - Unspecified vulnerability in the Java Web Start, Java
        Plug-in component in Oracle Java SE and Java for
        Business 6 Update 18 allows remote attackers to affect
        integrity and availability via unknown vectors.
        (CVE-2010-0090)
    
      - Unspecified vulnerability in the Java Runtime
        Environment component in Oracle Java SE and Java for
        Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows
        remote attackers to affect confidentiality via unknown
        vectors. (CVE-2010-0091)
    
      - Unspecified vulnerability in the Java Runtime
        Environment component in Oracle Java SE and Java for
        Business 6 Update 18, and 5.0 Update 23 allows remote
        attackers to affect confidentiality, integrity, and
        availability via unknown vectors. (CVE-2010-0092)
    
      - Unspecified vulnerability in the Java Runtime
        Environment component in Oracle Java SE and Java for
        Business 6 Update 18 and 5.0 Update 23 allows remote
        attackers to affect confidentiality, integrity, and
        availability via unknown vectors. NOTE: the previous
        information was obtained from the March 2010 CPU. Oracle
        has not commented on claims from a reliable researcher
        that this is due to missing privilege checks during
        deserialization of RMIConnectionImpl objects, which
        allows remote attackers to call system-level Java
        functions via the class loader of a constructor that is
        being deserialized. (CVE-2010-0094)
    
      - Unspecified vulnerability in the Java Runtime
        Environment component in Oracle Java SE and Java for
        Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows
        remote attackers to affect confidentiality, integrity,
        and availability via unknown vectors. (CVE-2010-0095)
    
      - Unspecified vulnerability in the Pack200 component in
        Oracle Java SE and Java for Business 6 Update 18, 5.0,
        Update, and 23 allows remote attackers to affect
        confidentiality, integrity, and availability via unknown
        vectors. (CVE-2010-0837)
    
      - Unspecified vulnerability in the Java 2D component in
        Oracle Java SE and Java for Business 6 Update 18, 5.0,
        Update, and 23 allows remote attackers to affect
        confidentiality, integrity, and availability via unknown
        vectors. NOTE: the previous information was obtained
        from the March 2010 CPU. Oracle has not commented on
        claims from a reliable researcher that this is a
        stack-based buffer overflow using an untrusted size
        value in the readMabCurveData function in the CMM module
        of the JVM. (CVE-2010-0838)
    
      - Unspecified vulnerability in the Sound component in
        Oracle Java SE and Java for Business 6 Update 18, 5.0
        Update 23, 1.4.225, and 1.3.1 27 allows remote attackers
        to affect confidentiality, integrity, and availability
        via unknown vectors. (CVE-2010-0839)
    
      - Unspecified vulnerability in the Java Runtime
        Environment component in Oracle Java SE and Java for
        Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows
        remote attackers to affect confidentiality, integrity,
        and availability via unknown vectors. NOTE: the previous
        information was obtained from the March 2010 CPU. Oracle
        has not commented on claims from a reliable researcher
        that this is related to improper checks when executing
        privileged methods in the Java Runtime Environment
        (JRE), which allows attackers to execute arbitrary code
        via (1) an untrusted object that extends the trusted
        class but has not modified a certain method, or (2) 'a
        similar trust issue with interfaces,' aka 'Trusted
        Methods Chaining Remote Code Execution Vulnerability.'.
        (CVE-2010-0840)
    
      - Unspecified vulnerability in the ImageIO component in
        Oracle Java SE and Java for Business 6 Update 18, 5.0
        Update 23, and 1.4.2_25 allows remote attackers to
        affect confidentiality, integrity, and availability via
        unknown vectors. NOTE: the previous information was
        obtained from the March 2010 CPU. Oracle has not
        commented on claims from a reliable researcher that this
        is an integer overflow in the Java Runtime Environment
        that allows remote attackers to execute arbitrary code
        via a JPEG image that contains subsample dimensions with
        large values, related to JPEGImageReader and 'stepX'.
        (CVE-2010-0841)
    
      - Unspecified vulnerability in the Sound component in
        Oracle Java SE and Java for Business 6 Update 18, 5.0
        Update 23, 1.4.225, and 1.3.1 27 allows remote attackers
        to affect confidentiality, integrity, and availability
        via unknown vectors. NOTE: the previous information was
        obtained from the March 2010 CPU. Oracle has not
        commented on claims from a reliable researcher that this
        is an uncontrolled array index that allows remote
        attackers to execute arbitrary code via a MIDI file with
        a crafted MixerSequencer object, related to the GM_Song
        structure. (CVE-2010-0842)
    
      - Unspecified vulnerability in the Sound component in
        Oracle Java SE and Java for Business 6 Update 18, 5.0
        Update 23, 1.4.225, and 1.3.1 27 allows remote attackers
        to affect confidentiality, integrity, and availability
        via unknown vectors. NOTE: the previous information was
        obtained from the March 2010 CPU. Oracle has not
        commented on claims from a reliable researcher that this
        is related to XNewPtr and improper handling of an
        integer parameter when allocating heap memory in the
        com.sun.media.sound libraries, which allows remote
        attackers to execute arbitrary code. (CVE-2010-0843)
    
      - Unspecified vulnerability in the Sound component in
        Oracle Java SE and Java for Business 6 Update 18, 5.0
        Update 23, 1.4.225, and 1.3.1 27 allows remote attackers
        to affect confidentiality, integrity, and availability
        via unknown vectors. NOTE: the previous information was
        obtained from the March 2010 CPU. Oracle has not
        commented on claims from a reliable researcher that this
        is for improper parsing of a crafted MIDI stream when
        creating a MixerSequencer object, which causes a pointer
        to be corrupted and allows a NULL byte to be written to
        arbitrary memory. (CVE-2010-0844)
    
      - Unspecified vulnerability in the ImageIO component in
        Oracle Java SE and Java for Business 6 Update 18, 5.0
        Update 23, 1.4.2_25, and 1.3.1_27 allows remote
        attackers to affect confidentiality, integrity, and
        availability via unknown vectors. NOTE: the previous
        information was obtained from the March 2010 CPU. Oracle
        has not commented on claims from a reliable researcher
        that this is a heap-based buffer overflow that allows
        remote attackers to execute arbitrary code, related to
        an 'invalid assignment' and inconsistent length values
        in a JPEG image encoder (JPEGImageEncoderImpl).
        (CVE-2010-0846)
    
      - Unspecified vulnerability in the Java 2D component in
        Oracle Java SE and Java for Business 6 Update 18, 5.0
        Update 23, 1.4.2_25, and 1.3.1_27 allows remote
        attackers to affect confidentiality, integrity, and
        availability via unknown vectors. NOTE: the previous
        information was obtained from the March 2010 CPU. Oracle
        has not commented on claims from a reliable researcher
        that this is a heap-based buffer overflow that allows
        arbitrary code execution via a crafted image.
        (CVE-2010-0847)
    
      - Unspecified vulnerability in the Java 2D component in
        Oracle Java SE and Java for Business 6 Update 18, 5.0
        Update 23, 1.4.2_25, and 1.3.1_27 allows remote
        attackers to affect confidentiality, integrity, and
        availability via unknown vectors. (CVE-2010-0848)
    
      - Unspecified vulnerability in the Java 2D component in
        Oracle Java SE and Java for Business 6 Update 18, 5.0
        Update 23, 1.4.2_25, and 1.3.1_27 allows remote
        attackers to affect confidentiality, integrity, and
        availability via unknown vectors. NOTE: the previous
        information was obtained from the March 2010 CPU. Oracle
        has not commented on claims from a reliable researcher
        that this is a heap-based buffer overflow in a decoding
        routine used by the JPEGImageDecoderImpl interface,
        which allows code execution via a crafted JPEG image.
        (CVE-2010-0849)
    
    Please also see http://www.ibm.com/developerworks/java/jdk/alerts/ for
    a more up to date list on what was fixed."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=603283"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2010-0084.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2010-0085.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2010-0087.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2010-0088.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2010-0089.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2010-0090.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2010-0091.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2010-0092.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2010-0094.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2010-0095.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2010-0837.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2010-0838.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2010-0839.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2010-0840.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2010-0841.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2010-0842.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2010-0843.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2010-0844.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2010-0846.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2010-0847.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2010-0848.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2010-0849.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply SAT patch number 2553.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Java MixerSequencer Object GM_Song Structure Handling Vulnerability');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm-alsa");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm-fonts");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm-jdbc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm-plugin");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2010/05/25");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/01/21");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2011-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11");
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu);
    
    pl = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, "SuSE 11.1");
    
    
    flag = 0;
    if (rpm_check(release:"SLES11", sp:1, reference:"java-1_6_0-ibm-1.6.0_sr8.0-0.7.1")) flag++;
    if (rpm_check(release:"SLES11", sp:1, reference:"java-1_6_0-ibm-fonts-1.6.0_sr8.0-0.7.1")) flag++;
    if (rpm_check(release:"SLES11", sp:1, reference:"java-1_6_0-ibm-jdbc-1.6.0_sr8.0-0.7.1")) flag++;
    if (rpm_check(release:"SLES11", sp:1, cpu:"i586", reference:"java-1_6_0-ibm-alsa-1.6.0_sr8.0-0.7.1")) flag++;
    if (rpm_check(release:"SLES11", sp:1, cpu:"i586", reference:"java-1_6_0-ibm-plugin-1.6.0_sr8.0-0.7.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_1_JAVA-1_6_0-OPENJDK-100428.NASL
    descriptionjava-1_6_0-openjdk version 1.7.3 fixes serveral security issues : - CVE-2010-0837: JAR
    last seen2020-06-01
    modified2020-06-02
    plugin id46189
    published2010-04-30
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/46189
    titleopenSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2010:0182-1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update java-1_6_0-openjdk-2362.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(46189);
      script_version("1.15");
      script_cvs_date("Date: 2019/10/25 13:36:38");
    
      script_cve_id("CVE-2009-3555", "CVE-2010-0082", "CVE-2010-0084", "CVE-2010-0085", "CVE-2010-0088", "CVE-2010-0091", "CVE-2010-0092", "CVE-2010-0093", "CVE-2010-0094", "CVE-2010-0095", "CVE-2010-0837", "CVE-2010-0838", "CVE-2010-0840", "CVE-2010-0845", "CVE-2010-0847", "CVE-2010-0848");
    
      script_name(english:"openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2010:0182-1)");
      script_summary(english:"Check for the java-1_6_0-openjdk-2362 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "java-1_6_0-openjdk version 1.7.3 fixes serveral security issues :
    
      - CVE-2010-0837: JAR 'unpack200' must verify input
        parameters
    
      - CVE-2010-0845: No ClassCastException for
        HashAttributeSet constructors if run with -Xcomp
    
      - CVE-2010-0838: CMM readMabCurveData Buffer Overflow
        Vulnerability
    
      - CVE-2010-0082: Loader-constraint table allows arrays
        instead of only the base-classes
    
      - CVE-2010-0095: Subclasses of InetAddress may incorrectly
        interpret network addresses
    
      - CVE-2010-0085: File TOCTOU deserialization vulnerability
    
      - CVE-2010-0091: Unsigned applet can retrieve the dragged
        information before drop action occurs
    
      - CVE-2010-0088: Inflater/Deflater clone issues
    
      - CVE-2010-0084: Policy/PolicyFile leak dynamic
        ProtectionDomains.
    
      - CVE-2010-0092: AtomicReferenceArray causes SIGSEGV ->
        SEGV_MAPERR error
    
      - CVE-2010-0094: Deserialization of RMIConnectionImpl
        objects should enforce stricter checks
    
      - CVE-2010-0093: System.arraycopy unable to reference
        elements beyond Integer.MAX_VALUE bytes
    
      - CVE-2010-0840: Applet Trusted Methods Chaining Privilege
        Escalation Vulnerability
    
      - CVE-2010-0848: AWT Library Invalid Index Vulnerability
    
      - CVE-2010-0847: ImagingLib arbitrary code execution
        vulnerability
    
      - CVE-2009-3555: TLS: MITM attacks via session
        renegotiation"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=594415"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.opensuse.org/opensuse-updates/2010-04/msg00090.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected java-1_6_0-openjdk packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Java Statement.invoke() Trusted Method Chain Privilege Escalation');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
      script_cwe_id(310);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-demo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-javadoc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-plugin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-1_6_0-openjdk-src");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2010/04/28");
      script_set_attribute(attribute:"plugin_publication_date", value:"2010/04/30");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE11\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.1", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE11.1", reference:"java-1_6_0-openjdk-1.6.0.0_b17-2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE11.1", reference:"java-1_6_0-openjdk-demo-1.6.0.0_b17-2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE11.1", reference:"java-1_6_0-openjdk-devel-1.6.0.0_b17-2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE11.1", reference:"java-1_6_0-openjdk-javadoc-1.6.0.0_b17-2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE11.1", reference:"java-1_6_0-openjdk-plugin-1.6.0.0_b17-2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE11.1", reference:"java-1_6_0-openjdk-src-1.6.0.0_b17-2.3.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1_6_0-openjdk / java-1_6_0-openjdk-demo / etc");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2010-0489.NASL
    descriptionUpdated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. Detailed vulnerability descriptions are linked from the IBM
    last seen2020-06-01
    modified2020-06-02
    plugin id47043
    published2010-06-18
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/47043
    titleRHEL 4 / 5 : java-1.5.0-ibm (RHSA-2010:0489)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2010:0489. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(47043);
      script_version ("1.36");
      script_cvs_date("Date: 2019/10/25 13:36:15");
    
      script_cve_id("CVE-2010-0840", "CVE-2010-0841", "CVE-2010-0842", "CVE-2010-0843", "CVE-2010-0844", "CVE-2010-0846", "CVE-2010-0847", "CVE-2010-0848", "CVE-2010-0849");
      script_bugtraq_id(39062, 39065, 39067, 39071, 39073, 39077, 39078, 39083, 39084);
      script_xref(name:"RHSA", value:"2010:0489");
    
      script_name(english:"RHEL 4 / 5 : java-1.5.0-ibm (RHSA-2010:0489)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated java-1.5.0-ibm packages that fix several security issues are
    now available for Red Hat Enterprise Linux 4 Extras and 5
    Supplementary.
    
    The Red Hat Security Response Team has rated this update as having
    critical security impact. Common Vulnerability Scoring System (CVSS)
    base scores, which give detailed severity ratings, are available for
    each vulnerability from the CVE links in the References section.
    
    The IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment
    and the IBM Java 2 Software Development Kit.
    
    This update fixes several vulnerabilities in the IBM Java 2 Runtime
    Environment and the IBM Java 2 Software Development Kit. Detailed
    vulnerability descriptions are linked from the IBM 'Security alerts'
    page, listed in the References section. (CVE-2010-0840, CVE-2010-0841,
    CVE-2010-0842, CVE-2010-0843, CVE-2010-0844, CVE-2010-0846,
    CVE-2010-0847, CVE-2010-0848, CVE-2010-0849)
    
    All users of java-1.5.0-ibm are advised to upgrade to these updated
    packages, containing the IBM 1.5.0 SR11-FP2 Java release. All running
    instances of IBM Java must be restarted for this update to take
    effect."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2010-0840"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2010-0841"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2010-0842"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2010-0843"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2010-0844"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2010-0846"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2010-0847"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2010-0848"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2010-0849"
      );
      # http://www.ibm.com/developerworks/java/jdk/alerts/
      script_set_attribute(
        attribute:"see_also",
        value:"https://developer.ibm.com/javasdk/support/security-vulnerabilities/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2010:0489"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Java MixerSequencer Object GM_Song Structure Handling Vulnerability');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-accessibility");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-demo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-javacomm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-jdbc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-plugin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-src");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4.8");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5.4");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2010/04/01");
      script_set_attribute(attribute:"patch_publication_date", value:"2010/06/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2010/06/18");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(4|5)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 4.x / 5.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2010:0489";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL4", reference:"java-1.5.0-ibm-1.5.0.11.2-1jpp.1.el4")) flag++;
    
      if (rpm_check(release:"RHEL4", reference:"java-1.5.0-ibm-demo-1.5.0.11.2-1jpp.1.el4")) flag++;
    
      if (rpm_check(release:"RHEL4", reference:"java-1.5.0-ibm-devel-1.5.0.11.2-1jpp.1.el4")) flag++;
    
      if (rpm_check(release:"RHEL4", cpu:"i386", reference:"java-1.5.0-ibm-javacomm-1.5.0.11.2-1jpp.1.el4")) flag++;
    
      if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"java-1.5.0-ibm-javacomm-1.5.0.11.2-1jpp.1.el4")) flag++;
    
      if (rpm_check(release:"RHEL4", cpu:"i386", reference:"java-1.5.0-ibm-jdbc-1.5.0.11.2-1jpp.1.el4")) flag++;
    
      if (rpm_check(release:"RHEL4", cpu:"s390", reference:"java-1.5.0-ibm-jdbc-1.5.0.11.2-1jpp.1.el4")) flag++;
    
      if (rpm_check(release:"RHEL4", cpu:"i386", reference:"java-1.5.0-ibm-plugin-1.5.0.11.2-1jpp.1.el4")) flag++;
    
      if (rpm_check(release:"RHEL4", reference:"java-1.5.0-ibm-src-1.5.0.11.2-1jpp.1.el4")) flag++;
    
    
      if (rpm_check(release:"RHEL5", reference:"java-1.5.0-ibm-1.5.0.11.2-1jpp.1.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"java-1.5.0-ibm-accessibility-1.5.0.11.2-1jpp.1.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"java-1.5.0-ibm-accessibility-1.5.0.11.2-1jpp.1.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.5.0-ibm-accessibility-1.5.0.11.2-1jpp.1.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", reference:"java-1.5.0-ibm-demo-1.5.0.11.2-1jpp.1.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", reference:"java-1.5.0-ibm-devel-1.5.0.11.2-1jpp.1.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"java-1.5.0-ibm-javacomm-1.5.0.11.2-1jpp.1.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.5.0-ibm-javacomm-1.5.0.11.2-1jpp.1.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"java-1.5.0-ibm-jdbc-1.5.0.11.2-1jpp.1.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"s390", reference:"java-1.5.0-ibm-jdbc-1.5.0.11.2-1jpp.1.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"java-1.5.0-ibm-plugin-1.5.0.11.2-1jpp.1.el5")) flag++;
    
      if (rpm_check(release:"RHEL5", reference:"java-1.5.0-ibm-src-1.5.0.11.2-1jpp.1.el5")) flag++;
    
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1.5.0-ibm / java-1.5.0-ibm-accessibility / java-1.5.0-ibm-demo / etc");
      }
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE9_12626.NASL
    descriptionThis update brings IBM Java 1.4.2 to SR13 FP5, fixing various bugs and security issues : - Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality via unknown vectors. (CVE-2010-0084) - Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.225, and 1.3.127 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. (CVE-2010-0085) - Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.225, and 1.3.127 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. (CVE-2010-0087) - Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.225, and 1.3.127 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. (CVE-2010-0088) - Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect availability via unknown vectors. (CVE-2010-0089) - Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality via unknown vectors. (CVE-2010-0091) - Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. (CVE-2010-0095) - Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. (CVE-2010-0839) - Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to improper checks when executing privileged methods in the Java Runtime Environment (JRE), which allows attackers to execute arbitrary code via (1) an untrusted object that extends the trusted class but has not modified a certain method, or (2)
    last seen2020-06-01
    modified2020-06-02
    plugin id49101
    published2010-09-03
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/49101
    titleSuSE9 Security Update : IBM Java (YOU Patch Number 12626)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The text description of this plugin is (C) Novell, Inc.
    #
    
    if (NASL_LEVEL < 3000) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(49101);
      script_version("1.15");
      script_cvs_date("Date: 2019/10/25 13:36:37");
    
      script_cve_id("CVE-2010-0084", "CVE-2010-0085", "CVE-2010-0087", "CVE-2010-0088", "CVE-2010-0089", "CVE-2010-0091", "CVE-2010-0095", "CVE-2010-0839", "CVE-2010-0840", "CVE-2010-0841", "CVE-2010-0842", "CVE-2010-0843", "CVE-2010-0844", "CVE-2010-0846", "CVE-2010-0847", "CVE-2010-0848", "CVE-2010-0849");
    
      script_name(english:"SuSE9 Security Update : IBM Java (YOU Patch Number 12626)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 9 host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update brings IBM Java 1.4.2 to SR13 FP5, fixing various bugs and
    security issues :
    
      - Unspecified vulnerability in the Java Runtime
        Environment component in Oracle Java SE and Java for
        Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows
        remote attackers to affect confidentiality via unknown
        vectors. (CVE-2010-0084)
    
      - Unspecified vulnerability in the Java Runtime
        Environment component in Oracle Java SE and Java for
        Business 6 Update 18, 5.0 Update 23, 1.4.225, and
        1.3.127 allows remote attackers to affect
        confidentiality, integrity, and availability via unknown
        vectors. (CVE-2010-0085)
    
      - Unspecified vulnerability in the Java Web Start, Java
        Plug-in component in Oracle Java SE and Java for
        Business 6 Update 18, 5.0 Update 23, 1.4.225, and
        1.3.127 allows remote attackers to affect
        confidentiality, integrity, and availability via unknown
        vectors. (CVE-2010-0087)
    
      - Unspecified vulnerability in the Java Runtime
        Environment component in Oracle Java SE and Java for
        Business 6 Update 18, 5.0 Update 23, 1.4.225, and
        1.3.127 allows remote attackers to affect
        confidentiality, integrity, and availability via unknown
        vectors. (CVE-2010-0088)
    
      - Unspecified vulnerability in the Java Web Start, Java
        Plug-in component in Oracle Java SE and Java for
        Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows
        remote attackers to affect availability via unknown
        vectors. (CVE-2010-0089)
    
      - Unspecified vulnerability in the Java Runtime
        Environment component in Oracle Java SE and Java for
        Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows
        remote attackers to affect confidentiality via unknown
        vectors. (CVE-2010-0091)
    
      - Unspecified vulnerability in the Java Runtime
        Environment component in Oracle Java SE and Java for
        Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows
        remote attackers to affect confidentiality, integrity,
        and availability via unknown vectors. (CVE-2010-0095)
    
      - Unspecified vulnerability in the Sound component in
        Oracle Java SE and Java for Business 6 Update 18, 5.0
        Update 23, 1.4.2_25, and 1.3.1_27 allows remote
        attackers to affect confidentiality, integrity, and
        availability via unknown vectors. (CVE-2010-0839)
    
      - Unspecified vulnerability in the Java Runtime
        Environment component in Oracle Java SE and Java for
        Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows
        remote attackers to affect confidentiality, integrity,
        and availability via unknown vectors. NOTE: the previous
        information was obtained from the March 2010 CPU. Oracle
        has not commented on claims from a reliable researcher
        that this is related to improper checks when executing
        privileged methods in the Java Runtime Environment
        (JRE), which allows attackers to execute arbitrary code
        via (1) an untrusted object that extends the trusted
        class but has not modified a certain method, or (2) 'a
        similar trust issue with interfaces,' aka 'Trusted
        Methods Chaining Remote Code Execution Vulnerability.'.
        (CVE-2010-0840)
    
      - Unspecified vulnerability in the ImageIO component in
        Oracle Java SE and Java for Business 6 Update 18, 5.0
        Update 23, and 1.4.2_25 allows remote attackers to
        affect confidentiality, integrity, and availability via
        unknown vectors. NOTE: the previous information was
        obtained from the March 2010 CPU. Oracle has not
        commented on claims from a reliable researcher that this
        is an integer overflow in the Java Runtime Environment
        that allows remote attackers to execute arbitrary code
        via a JPEG image that contains subsample dimensions with
        large values, related to JPEGImageReader and 'stepX'.
        (CVE-2010-0841)
    
      - Unspecified vulnerability in the Sound component in
        Oracle Java SE and Java for Business 6 Update 18, 5.0
        Update 23, 1.4.2_25, and 1.3.1_27 allows remote
        attackers to affect confidentiality, integrity, and
        availability via unknown vectors. NOTE: the previous
        information was obtained from the March 2010 CPU. Oracle
        has not commented on claims from a reliable researcher
        that this is an uncontrolled array index that allows
        remote attackers to execute arbitrary code via a MIDI
        file with a crafted MixerSequencer object, related to
        the GM_Song structure. (CVE-2010-0842)
    
      - Unspecified vulnerability in the Sound component in
        Oracle Java SE and Java for Business 6 Update 18, 5.0
        Update 23, 1.4.2_25, and 1.3.1_27 allows remote
        attackers to affect confidentiality, integrity, and
        availability via unknown vectors. NOTE: the previous
        information was obtained from the March 2010 CPU. Oracle
        has not commented on claims from a reliable researcher
        that this is related to XNewPtr and improper handling of
        an integer parameter when allocating heap memory in the
        com.sun.media.sound libraries, which allows remote
        attackers to execute arbitrary code. (CVE-2010-0843)
    
      - Unspecified vulnerability in the Sound component in
        Oracle Java SE and Java for Business 6 Update 18, 5.0
        Update 23, 1.4.2_25, and 1.3.1_27 allows remote
        attackers to affect confidentiality, integrity, and
        availability via unknown vectors. NOTE: the previous
        information was obtained from the March 2010 CPU. Oracle
        has not commented on claims from a reliable researcher
        that this is for improper parsing of a crafted MIDI
        stream when creating a MixerSequencer object, which
        causes a pointer to be corrupted and allows a NULL byte
        to be written to arbitrary memory. (CVE-2010-0844)
    
      - Unspecified vulnerability in the ImageIO component in
        Oracle Java SE and Java for Business 6 Update 18, 5.0
        Update 23, 1.4.2_25, and 1.3.1_27 allows remote
        attackers to affect confidentiality, integrity, and
        availability via unknown vectors. NOTE: the previous
        information was obtained from the March 2010 CPU. Oracle
        has not commented on claims from a reliable researcher
        that this is a heap-based buffer overflow that allows
        remote attackers to execute arbitrary code, related to
        an 'invalid assignment' and inconsistent length values
        in a JPEG image encoder (JPEGImageEncoderImpl).
        (CVE-2010-0846)
    
      - Unspecified vulnerability in the Java 2D component in
        Oracle Java SE and Java for Business 6 Update 18, 5.0
        Update 23, 1.4.2_25, and 1.3.1_27 allows remote
        attackers to affect confidentiality, integrity, and
        availability via unknown vectors. NOTE: the previous
        information was obtained from the March 2010 CPU. Oracle
        has not commented on claims from a reliable researcher
        that this is a heap-based buffer overflow that allows
        arbitrary code execution via a crafted image.
        (CVE-2010-0847)
    
      - Unspecified vulnerability in the Java 2D component in
        Oracle Java SE and Java for Business 6 Update 18, 5.0
        Update 23, 1.4.2_25, and 1.3.1_27 allows remote
        attackers to affect confidentiality, integrity, and
        availability via unknown vectors. (CVE-2010-0848)
    
      - Unspecified vulnerability in the Java 2D component in
        Oracle Java SE and Java for Business 6 Update 18, 5.0
        Update 23, 1.4.2_25, and 1.3.1_27 allows remote
        attackers to affect confidentiality, integrity, and
        availability via unknown vectors. NOTE: the previous
        information was obtained from the March 2010 CPU. Oracle
        has not commented on claims from a reliable researcher
        that this is a heap-based buffer overflow in a decoding
        routine used by the JPEGImageDecoderImpl interface,
        which allows code execution via a crafted JPEG image.
        (CVE-2010-0849)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2010-0084.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2010-0085.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2010-0087.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2010-0088.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2010-0089.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2010-0091.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2010-0095.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2010-0839.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2010-0840.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2010-0841.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2010-0842.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2010-0843.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2010-0844.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2010-0846.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2010-0847.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2010-0848.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2010-0849.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply YOU patch number 12626.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Java MixerSequencer Object GM_Song Structure Handling Vulnerability');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2010/07/28");
      script_set_attribute(attribute:"plugin_publication_date", value:"2010/09/03");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2010-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
    if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE.");
    if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages.");
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) exit(1, "Failed to determine the architecture type.");
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 9 on the '"+cpu+"' architecture have not been implemented.");
    
    
    flag = 0;
    if (rpm_check(release:"SUSE9", reference:"IBMJava2-JRE-1.4.2_sr13.5-0.7")) flag++;
    if (rpm_check(release:"SUSE9", reference:"IBMJava2-SDK-1.4.2_sr13.5-0.7")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else exit(0, "The host is not affected.");
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2010-0383.NASL
    descriptionUpdated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The IBM 1.6.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. These vulnerabilities are summarized on the IBM
    last seen2020-06-01
    modified2020-06-02
    plugin id46304
    published2010-05-11
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/46304
    titleRHEL 4 / 5 : java-1.6.0-ibm (RHSA-2010:0383)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2010-6039.NASL
    descriptionAdd latest security patches. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id47411
    published2010-07-01
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/47411
    titleFedora 11 : java-1.6.0-openjdk-1.6.0.0-34.b17.fc11 (2010-6039)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_JAVA_10_5_UPDATE7.NASL
    descriptionThe remote Mac OS X host is running a version of Java for Mac OS X 10.5 that is missing Update 7. The remote version of this software contains several security vulnerabilities, including some that may allow untrusted Java applets to obtain elevated privileges and lead to execution of arbitrary code with the privileges of the current user.
    last seen2020-03-18
    modified2010-05-19
    plugin id46673
    published2010-05-19
    reporterThis script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/46673
    titleMac OS X : Java for Mac OS X 10.5 Update 7
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2010-0339.NASL
    descriptionUpdated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE) contains the software and tools that users need to run applications written using the Java programming language. A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols handle session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client
    last seen2020-06-01
    modified2020-06-02
    plugin id46873
    published2010-06-14
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/46873
    titleCentOS 5 : java-1.6.0-openjdk (CESA-2010:0339)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2010-0337.NASL
    descriptionUpdated java-1.6.0-sun packages that correct several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. This update fixes several vulnerabilities in the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. Further information about these flaws can be found on the
    last seen2020-06-01
    modified2020-06-02
    plugin id46293
    published2010-05-11
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/46293
    titleRHEL 4 / 5 : java-1.6.0-sun (RHSA-2010:0337)
  • NASL familyVMware ESX Local Security Checks
    NASL idVMWARE_VMSA-2011-0003.NASL
    descriptiona. vCenter Server and vCenter Update Manager update Microsoft SQL Server 2005 Express Edition to Service Pack 3 Microsoft SQL Server 2005 Express Edition (SQL Express) distributed with vCenter Server 4.1 Update 1 and vCenter Update Manager 4.1 Update 1 is upgraded from SQL Express Service Pack 2 to SQL Express Service Pack 3, to address multiple security issues that exist in the earlier releases of Microsoft SQL Express. Customers using other database solutions need not update for these issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-5416, CVE-2008-0085, CVE-2008-0086, CVE-2008-0107 and CVE-2008-0106 to the issues addressed in MS SQL Express Service Pack 3. b. vCenter Apache Tomcat Management Application Credential Disclosure The Apache Tomcat Manager application configuration file contains logon credentials that can be read by unprivileged local users. The issue is resolved by removing the Manager application in vCenter 4.1 Update 1. If vCenter 4.1 is updated to vCenter 4.1 Update 1 the logon credentials are not present in the configuration file after the update. VMware would like to thank Claudio Criscione of Secure Networking for reporting this issue to us. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2010-2928 to this issue. c. vCenter Server and ESX, Oracle (Sun) JRE is updated to version 1.6.0_21 Oracle (Sun) JRE update to version 1.6.0_21, which addresses multiple security issues that existed in earlier releases of Oracle (Sun) JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Oracle (Sun) JRE 1.6.0_19: CVE-2009-3555, CVE-2010-0082, CVE-2010-0084, CVE-2010-0085, CVE-2010-0087, CVE-2010-0088, CVE-2010-0089, CVE-2010-0090, CVE-2010-0091, CVE-2010-0092, CVE-2010-0093, CVE-2010-0094, CVE-2010-0095, CVE-2010-0837, CVE-2010-0838, CVE-2010-0839, CVE-2010-0840, CVE-2010-0841, CVE-2010-0842, CVE-2010-0843, CVE-2010-0844, CVE-2010-0845, CVE-2010-0846, CVE-2010-0847, CVE-2010-0848, CVE-2010-0849, CVE-2010-0850. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following name to the security issue fixed in Oracle (Sun) JRE 1.6.0_20: CVE-2010-0886. d. vCenter Update Manager Oracle (Sun) JRE is updated to version 1.5.0_26 Oracle (Sun) JRE update to version 1.5.0_26, which addresses multiple security issues that existed in earlier releases of Oracle (Sun) JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Oracle (Sun) JRE 1.5.0_26: CVE-2010-3556, CVE-2010-3566, CVE-2010-3567, CVE-2010-3550, CVE-2010-3561, CVE-2010-3573, CVE-2010-3565,CVE-2010-3568, CVE-2010-3569, CVE-2009-3555, CVE-2010-1321, CVE-2010-3548, CVE-2010-3551, CVE-2010-3562, CVE-2010-3571, CVE-2010-3554, CVE-2010-3559, CVE-2010-3572, CVE-2010-3553, CVE-2010-3549, CVE-2010-3557, CVE-2010-3541, CVE-2010-3574. e. vCenter Server and ESX Apache Tomcat updated to version 6.0.28 Apache Tomcat updated to version 6.0.28, which addresses multiple security issues that existed in earlier releases of Apache Tomcat The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.24: CVE-2009-2693, CVE-2009-2901, CVE-2009-2902,i and CVE-2009-3548. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.28: CVE-2010-2227, CVE-2010-1157. f. vCenter Server third-party component OpenSSL updated to version 0.9.8n The version of the OpenSSL library in vCenter Server is updated to 0.9.8n. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-0740 and CVE-2010-0433 to the issues addressed in this version of OpenSSL. g. ESX third-party component OpenSSL updated to version 0.9.8p The version of the ESX OpenSSL library is updated to 0.9.8p. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-3864 and CVE-2010-2939 to the issues addressed in this update. h. ESXi third-party component cURL updated The version of cURL library in ESXi is updated. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-0734 to the issues addressed in this update. i. ESX third-party component pam_krb5 updated The version of pam_krb5 library is updated. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-3825 and CVE-2009-1384 to the issues addressed in the update. j. ESX third-party update for Service Console kernel The Service Console kernel is updated to include kernel version 2.6.18-194.11.1. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-1084, CVE-2010-2066, CVE-2010-2070, CVE-2010-2226, CVE-2010-2248, CVE-2010-2521, CVE-2010-2524, CVE-2010-0008, CVE-2010-0415, CVE-2010-0437, CVE-2009-4308, CVE-2010-0003, CVE-2010-0007, CVE-2010-0307, CVE-2010-1086, CVE-2010-0410, CVE-2010-0730, CVE-2010-1085, CVE-2010-0291, CVE-2010-0622, CVE-2010-1087, CVE-2010-1173, CVE-2010-1437, CVE-2010-1088, CVE-2010-1187, CVE-2010-1436, CVE-2010-1641, and CVE-2010-3081 to the issues addressed in the update. Notes : - The update also addresses the 64-bit compatibility mode stack pointer underflow issue identified by CVE-2010-3081. This issue was patched in an ESX 4.1 patch prior to the release of ESX 4.1 Update 1 and in a previous ESX 4.0 patch release. - The update also addresses CVE-2010-2240 for ESX 4.0.
    last seen2020-06-01
    modified2020-06-02
    plugin id51971
    published2011-02-14
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/51971
    titleVMSA-2011-0003 : Third-party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2010-0471.NASL
    descriptionUpdated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Network Satellite Server 5.3. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. This update corrects several security vulnerabilities in the IBM Java Runtime Environment shipped as part of Red Hat Network Satellite Server 5.3. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. Several flaws were fixed in the IBM Java 2 Runtime Environment. (CVE-2010-0084, CVE-2010-0085, CVE-2010-0087, CVE-2010-0088, CVE-2010-0089, CVE-2010-0090, CVE-2010-0091, CVE-2010-0092, CVE-2010-0094, CVE-2010-0095, CVE-2010-0837, CVE-2010-0838, CVE-2010-0839, CVE-2010-0840, CVE-2010-0841, CVE-2010-0842, CVE-2010-0843, CVE-2010-0844, CVE-2010-0846, CVE-2010-0848, CVE-2010-0849) Users of Red Hat Network Satellite Server 5.3 are advised to upgrade to these updated java-1.6.0-ibm packages, which resolve these issues. For this update to take effect, Red Hat Network Satellite Server must be restarted (
    last seen2020-06-01
    modified2020-06-02
    plugin id47017
    published2010-06-15
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/47017
    titleRHEL 4 / 5 : IBM Java Runtime in Satellite Server (RHSA-2010:0471)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_JAVA-1_4_2-IBM-100728.NASL
    descriptionThis update brings IBM Java 1.4.2 to SR13 FP5, fixing various bugs and security issues : - Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality via unknown vectors. (CVE-2010-0084) - Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.225, and 1.3.127 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. (CVE-2010-0085) - Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.225, and 1.3.127 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. (CVE-2010-0087) - Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.225, and 1.3.127 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. (CVE-2010-0088) - Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect availability via unknown vectors. (CVE-2010-0089) - Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality via unknown vectors. (CVE-2010-0091) - Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. (CVE-2010-0095) - Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. (CVE-2010-0839) - Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to improper checks when executing privileged methods in the Java Runtime Environment (JRE), which allows attackers to execute arbitrary code via (1) an untrusted object that extends the trusted class but has not modified a certain method, or (2)
    last seen2020-06-01
    modified2020-06-02
    plugin id50915
    published2010-12-02
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/50915
    titleSuSE 11 / 11.1 Security Update : IBM Java / Java (SAT Patch Numbers 2812 / 2813)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2010-0339.NASL
    descriptionFrom Red Hat Security Advisory 2010:0339 : Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE) contains the software and tools that users need to run applications written using the Java programming language. A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols handle session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client
    last seen2020-06-01
    modified2020-06-02
    plugin id68028
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68028
    titleOracle Linux 5 : java-1.6.0-openjdk (ELSA-2010-0339)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_0_JAVA-1_6_0-OPENJDK-100428.NASL
    descriptionjava-1_6_0-openjdk version 1.7.3 fixes serveral security issues : - CVE-2010-0837: JAR
    last seen2020-06-01
    modified2020-06-02
    plugin id46187
    published2010-04-30
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/46187
    titleopenSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2010:0182-1)
  • NASL familyMisc.
    NASL idORACLE_JAVA_CPU_MAR_2010_UNIX.NASL
    descriptionThe version of Oracle (formerly Sun) Java Runtime Environment (JRE) installed on the remote host is earlier than 6 Update 19 / 5.0 Update 24 / 1.4.2_26. Such versions are potentially affected by security issues in the following components : - ImageIO - Java 2D - JRE - Java Web Start, Java Plug-in - Pack200 - Sound - JSSE - HotSpot Server
    last seen2020-06-01
    modified2020-06-02
    plugin id64842
    published2013-02-22
    reporterThis script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/64842
    titleOracle Java SE Multiple Vulnerabilities (March 2010 CPU) (Unix)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_0_JAVA-1_6_0-SUN-100331.NASL
    descriptionSun Java 6 was updated to Update 19, fixing a large number of security issues. CVE-2009-3555 CVE-2010-0082 CVE-2010-0084 CVE-2010-0085 CVE-2010-0087 CVE-2010-0088 CVE-2010-0089 CVE-2010-0090 CVE-2010-0091 CVE-2010-0092 CVE-2010-0093 CVE-2010-0094 CVE-2010-0095 CVE-2010-0837 CVE-2010-0838 CVE-2010-0839 CVE-2010-0840 CVE-2010-0841 CVE-2010-0842 CVE-2010-0843 CVE-2010-0844 CVE-2010-0845 CVE-2010-0846 CVE-2010-0847 CVE-2010-0848 CVE-2010-0849 CVE-2010-0850
    last seen2020-06-01
    modified2020-06-02
    plugin id45454
    published2010-04-09
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/45454
    titleopenSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-2228)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_JAVA-1_6_0-SUN-100331.NASL
    descriptionSun Java 6 was updated to Update 19, fixing a large number of security issues: CVE-2009-3555 / CVE-2010-0082 / CVE-2010-0084 / CVE-2010-0085 / CVE-2010-0087 / CVE-2010-0088 / CVE-2010-0089 / CVE-2010-0090 / CVE-2010-0091 / CVE-2010-0092 / CVE-2010-0093 / CVE-2010-0094 / CVE-2010-0095 / CVE-2010-0837 / CVE-2010-0838 / CVE-2010-0839 / CVE-2010-0840 / CVE-2010-0841 / CVE-2010-0842 / CVE-2010-0843 / CVE-2010-0844 / CVE-2010-0845 / CVE-2010-0846 / CVE-2010-0847 / CVE-2010-0848 / CVE-2010-0849 / CVE-2010-0850.
    last seen2020-06-01
    modified2020-06-02
    plugin id50917
    published2010-12-02
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/50917
    titleSuSE 11 Security Update : Sun Java 6 (SAT Patch Number 2225)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201006-18.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201006-18 (Oracle JRE/JDK: Multiple vulnerabilities) Multiple vulnerabilities have been reported in the Oracle Java implementation. Please review the CVE identifiers referenced below and the associated Oracle Critical Patch Update Advisory for details. Impact : A remote attacker could exploit these vulnerabilities to cause unspecified impact, possibly including remote execution of arbitrary code. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id46807
    published2010-06-04
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/46807
    titleGLSA-201006-18 : Oracle JRE/JDK: Multiple vulnerabilities
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20100331_JAVA_1_6_0_OPENJDK_ON_SL5_X.NASL
    descriptionA flaw was found in the way the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols handle session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client
    last seen2020-06-01
    modified2020-06-02
    plugin id60776
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60776
    titleScientific Linux Security Update : java-1.6.0-openjdk on SL5.x i386/x86_64
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_1_JAVA-1_6_0-SUN-100331.NASL
    descriptionSun Java 6 was updated to Update 19, fixing a large number of security issues. CVE-2009-3555 CVE-2010-0082 CVE-2010-0084 CVE-2010-0085 CVE-2010-0087 CVE-2010-0088 CVE-2010-0089 CVE-2010-0090 CVE-2010-0091 CVE-2010-0092 CVE-2010-0093 CVE-2010-0094 CVE-2010-0095 CVE-2010-0837 CVE-2010-0838 CVE-2010-0839 CVE-2010-0840 CVE-2010-0841 CVE-2010-0842 CVE-2010-0843 CVE-2010-0844 CVE-2010-0845 CVE-2010-0846 CVE-2010-0847 CVE-2010-0848 CVE-2010-0849 CVE-2010-0850
    last seen2020-06-01
    modified2020-06-02
    plugin id45459
    published2010-04-09
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/45459
    titleopenSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-2228)
  • NASL familyMisc.
    NASL idVMWARE_VMSA-2011-0003_REMOTE.NASL
    descriptionThe remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several third-party components and libraries : - Apache Tomcat - Apache Tomcat Manager - cURL - Java Runtime Environment (JRE) - Kernel - Microsoft SQL Express - OpenSSL - pam_krb5
    last seen2020-06-01
    modified2020-06-02
    plugin id89674
    published2016-03-04
    reporterThis script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/89674
    titleVMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2011-0003) (remote check)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2010-6279.NASL
    descriptionAdd latest security updates. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id47426
    published2010-07-01
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/47426
    titleFedora 13 : java-1.6.0-openjdk-1.6.0.0-37.b17.fc13 (2010-6279)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_JAVA-1_5_0-IBM-7077.NASL
    descriptionThis update of IBM Java 1.5.0 to SR11 FP2 to fixes the following security issues : - Various unspecified and undocumented vulnerabilities that allows remote attackers to affect confidentiality, integrity and availability via various unknown vectors. (CVE-2010-0084 / CVE-2010-0085 / CVE-2010-0087 / CVE-2010-0088 / CVE-2010-0089 / CVE-2010-0091 / CVE-2010-0092 / CVE-2010-0095 / CVE-2010-0837 / CVE-2010-0839) - Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18 and 5.0 Update 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is due to missing privilege checks during deserialization of RMIConnectionImpl objects, which allows remote attackers to call system-level Java functions via the class loader of a constructor that is being deserialized. (CVE-2010-0094) - Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a stack-based buffer overflow using an untrusted size value in the readMabCurveData function in the CMM module of the JVM. (CVE-2010-0838) - Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to improper checks when executing privileged methods in the Java Runtime Environment (JRE), which allows attackers to execute arbitrary code via (1) an untrusted object that extends the trusted class but has not modified a certain method, or (2)
    last seen2020-06-01
    modified2020-06-02
    plugin id49864
    published2010-10-11
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/49864
    titleSuSE 10 Security Update : IBM Java 1.5.0 (ZYPP Patch Number 7077)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2010-0574.NASL
    descriptionUpdated java-1.4.2-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The IBM 1.4.2 SR13-FP5 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. These vulnerabilities are summarized on the IBM
    last seen2020-06-01
    modified2020-06-02
    plugin id47905
    published2010-07-30
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/47905
    titleRHEL 3 / 4 / 5 : java-1.4.2-ibm (RHSA-2010:0574)
  • NASL familyWindows
    NASL idORACLE_JAVA_CPU_MAR_2010.NASL
    descriptionThe version of Oracle (formerly Sun) Java Runtime Environment (JRE) installed on the remote host is earlier than 6 Update 19 / 5.0 Update 24 / 1.4.2_26. Such versions are potentially affected by security issues in the following components : - ImageIO - Java 2D - JRE - Java Web Start, Java Plug-in - Pack200 - Sound - JSSE - HotSpot Server
    last seen2020-06-01
    modified2020-06-02
    plugin id45379
    published2010-03-30
    reporterThis script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/45379
    titleOracle Java SE Multiple Vulnerabilities (March 2010 CPU)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_JAVA-1_6_0-IBM-100610.NASL
    descriptionThis update of IBM Java 6 to SR 8 to fixes the following security issues : - Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality via unknown vectors. (CVE-2010-0084) - Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.225, and 1.3.127 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. (CVE-2010-0085) - Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.225, and 1.3.127 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. (CVE-2010-0087) - Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.225, and 1.3.127 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. (CVE-2010-0088) - Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect availability via unknown vectors. (CVE-2010-0089) - Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18 allows remote attackers to affect integrity and availability via unknown vectors. (CVE-2010-0090) - Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality via unknown vectors. (CVE-2010-0091) - Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, and 5.0 Update 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. (CVE-2010-0092) - Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18 and 5.0 Update 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is due to missing privilege checks during deserialization of RMIConnectionImpl objects, which allows remote attackers to call system-level Java functions via the class loader of a constructor that is being deserialized. (CVE-2010-0094) - Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. (CVE-2010-0095) - Unspecified vulnerability in the Pack200 component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. (CVE-2010-0837) - Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a stack-based buffer overflow using an untrusted size value in the readMabCurveData function in the CMM module of the JVM. (CVE-2010-0838) - Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.225, and 1.3.1 27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. (CVE-2010-0839) - Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to improper checks when executing privileged methods in the Java Runtime Environment (JRE), which allows attackers to execute arbitrary code via (1) an untrusted object that extends the trusted class but has not modified a certain method, or (2)
    last seen2020-06-01
    modified2020-06-02
    plugin id50916
    published2010-12-02
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/50916
    titleSuSE 11 Security Update : IBM Java 6 (SAT Patch Number 2548)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2010-0338.NASL
    descriptionThe java-1.5.0-sun packages as shipped in Red Hat Enterprise Linux 4 Extras and 5 Supplementary contain security flaws and should not be used. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The Sun 1.5.0 Java release includes the Sun Java 5 Runtime Environment and the Sun Java 5 Software Development Kit. The java-1.5.0-sun packages are vulnerable to a number of security flaws and should no longer be used. (CVE-2009-3555, CVE-2010-0082, CVE-2010-0084, CVE-2010-0085, CVE-2010-0087, CVE-2010-0088, CVE-2010-0089, CVE-2010-0091, CVE-2010-0092, CVE-2010-0093, CVE-2010-0094, CVE-2010-0095, CVE-2010-0837, CVE-2010-0838, CVE-2010-0839, CVE-2010-0840, CVE-2010-0841, CVE-2010-0842, CVE-2010-0843, CVE-2010-0844, CVE-2010-0845, CVE-2010-0846, CVE-2010-0847, CVE-2010-0848, CVE-2010-0849) The Sun Java SE Release family 5.0 reached its End of Service Life on November 3, 2009. The RHSA-2009:1571 update provided the final publicly available update of version 5.0 (Update 22). Users interested in continuing to receive critical fixes for Sun Java SE 5.0 should contact Oracle : http://www.sun.com/software/javaforbusiness/index.jsp An alternative to Sun Java SE 5.0 is the Java 2 Technology Edition of the IBM Developer Kit for Linux, which is available from the Extras and Supplementary channels on the Red Hat Network. Applications capable of using the Java 6 runtime can be migrated to Java 6 on: OpenJDK (java-1.6.0-openjdk), an open source JDK included in Red Hat Enterprise Linux 5, since 5.3; the IBM JDK, java-1.6.0-ibm; or the Sun JDK, java-1.6.0-sun. This update removes the java-1.5.0-sun packages as they have reached their End of Service Life.
    last seen2020-06-01
    modified2020-06-02
    plugin id46294
    published2010-05-11
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/46294
    titleRHEL 4 / 5 : java-1.5.0-sun (RHSA-2010:0338)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_2_JAVA-1_6_0-SUN-100331.NASL
    descriptionSun Java 6 was updated to Update 19, fixing a large number of security issues. CVE-2009-3555 CVE-2010-0082 CVE-2010-0084 CVE-2010-0085 CVE-2010-0087 CVE-2010-0088 CVE-2010-0089 CVE-2010-0090 CVE-2010-0091 CVE-2010-0092 CVE-2010-0093 CVE-2010-0094 CVE-2010-0095 CVE-2010-0837 CVE-2010-0838 CVE-2010-0839 CVE-2010-0840 CVE-2010-0841 CVE-2010-0842 CVE-2010-0843 CVE-2010-0844 CVE-2010-0845 CVE-2010-0846 CVE-2010-0847 CVE-2010-0848 CVE-2010-0849 CVE-2010-0850
    last seen2020-06-01
    modified2020-06-02
    plugin id45465
    published2010-04-09
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/45465
    titleopenSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-2228)
  • NASL familySuSE Local Security Checks
    NASL idSUSE9_12623.NASL
    descriptionThis update of IBM Java 1.5.0 to SR11 FP2 to fixes the following security issues : - Various unspecified and undocumented vulnerabilities that allows remote attackers to affect confidentiality, integrity and availability via various unknown vectors. (CVE-2010-0084, CVE-2010-0085, CVE-2010-0087, CVE-2010-0088, CVE-2010-0089, CVE-2010-0091, CVE-2010-0092, CVE-2010-0095, CVE-2010-0837, CVE-2010-0839) - Unspecified vulnerability that allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is due to missing privilege checks during deserialization of RMIConnectionImpl objects, which allows remote attackers to call system-level Java functions via the class loader of a constructor that is being deserialized. (CVE-2010-0094) - Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a stack-based buffer overflow using an untrusted size value in the readMabCurveData function in the CMM module of the JVM. (CVE-2010-0838) - Unspecified vulnerability that allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to improper checks when executing privileged methods in the Java Runtime Environment (JRE), which allows attackers to execute arbitrary code via (1) an untrusted object that extends the trusted class but has not modified a certain method, or (2)
    last seen2020-06-01
    modified2020-06-02
    plugin id47617
    published2010-07-07
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/47617
    titleSuSE9 Security Update : IBM Java 1.5.0 (YOU Patch Number 12623)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_JAVA_10_6_UPDATE2.NASL
    descriptionThe remote Mac OS X host is running a version of Java for Mac OS X 10.6 that is missing Update 2. The remote version of this software contains several security vulnerabilities, including some that may allow untrusted Java applets to obtain elevated privileges and lead to execution of arbitrary code with the privileges of the current user.
    last seen2020-03-18
    modified2010-05-19
    plugin id46674
    published2010-05-19
    reporterThis script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/46674
    titleMac OS X : Java for Mac OS X 10.6 Update 2
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_2_JAVA-1_6_0-OPENJDK-100412.NASL
    descriptionjava-1_6_0-openjdk version 1.7.3 fixes serveral security issues : - CVE-2010-0837: JAR
    last seen2020-06-01
    modified2020-06-02
    plugin id46191
    published2010-04-30
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/46191
    titleopenSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2010:0182-1)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2010-084.NASL
    descriptionMultiple Java OpenJDK security vulnerabilities has been identified and fixed : - TLS: MITM attacks via session renegotiation (CVE-2009-3555). - Loader-constraint table allows arrays instead of only the b ase-classes (CVE-2010-0082). - Policy/PolicyFile leak dynamic ProtectionDomains. (CVE-2010-0084). - File TOCTOU deserialization vulnerability (CVE-2010-0085). - Inflater/Deflater clone issues (CVE-2010-0088). - Unsigned applet can retrieve the dragged information before drop action occurs (CVE-2010-0091). - AtomicReferenceArray causes SIGSEGV -> SEGV_MAPERR error (CVE-2010-0092). - System.arraycopy unable to reference elements beyond Integer.MAX_VALUE bytes (CVE-2010-0093). - Deserialization of RMIConnectionImpl objects should enforce stricter checks (CVE-2010-0094). - Subclasses of InetAddress may incorrectly interpret network addresses (CVE-2010-0095). - JAR unpack200 must verify input parameters (CVE-2010-0837). - CMM readMabCurveData Buffer Overflow Vulnerability (CVE-2010-0838). - Applet Trusted Methods Chaining Privilege Escalation Vulnerability (CVE-2010-0840). - No ClassCastException for HashAttributeSet constructors if run with -Xcomp (CVE-2010-0845) - ImagingLib arbitrary code execution vulnerability (CVE-2010-0847). - AWT Library Invalid Index Vulnerability (CVE-2010-0848). Additional security issues that was fixed with IcedTea6 1.6.2 : - deprecate MD2 in SSL cert validation (CVE-2009-2409). - ICC_Profile file existence detection information leak (CVE-2009-3728). - JRE AWT setDifflCM stack overflow (CVE-2009-3869). - JRE AWT setBytePixels heap overflow (CVE-2009-3871). - JPEG Image Writer quantization problem (CVE-2009-3873). - ImageI/O JPEG heap overflow (CVE-2009-3874). - MessageDigest.isEqual introduces timing attack vulnerabilities (CVE-2009-3875). - OpenJDK ASN.1/DER input stream parser denial of service (CVE-2009-3876, CVE-2009-3877) - GraphicsConfiguration information leak (CVE-2009-3879). - UI logging information leakage (CVE-2009-3880). - resurrected classloaders can still have children (CVE-2009-3881). - Numerous static security flaws in Swing (findbugs) (CVE-2009-3882). - Mutable statics in Windows PL&amp;F (findbugs) (CVE-2009-3883). - zoneinfo file existence information leak (CVE-2009-3884). - BMP parsing DoS with UNC ICC links (CVE-2009-3885). Additionally Paulo Cesar Pereira de Andrade (pcpa) at Mandriva found and fixed a bug in IcedTea6 1.8 that is also applied to the provided packages : - plugin/icedteanp/IcedTeaNPPlugin.cc (plugin_filter_environment): Increment malloc size by one to account for NULL terminator. Bug# 474. Packages for 2009.0 are provided due to the Extended Maintenance Program.
    last seen2020-06-01
    modified2020-06-02
    plugin id46176
    published2010-04-29
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/46176
    titleMandriva Linux Security Advisory : java-1.6.0-openjdk (MDVSA-2010:084)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_JAVA-1_4_2-IBM-7106.NASL
    descriptionThis update brings IBM Java 1.4.2 to SR13 FP5, fixing various bugs and
    last seen2020-06-01
    modified2020-06-02
    plugin id49862
    published2010-10-11
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/49862
    titleSuSE 10 Security Update : IBM Java (ZYPP Patch Number 7106)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2010-6025.NASL
    descriptionAdd latest security updates. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id47410
    published2010-07-01
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/47410
    titleFedora 12 : java-1.6.0-openjdk-1.6.0.0-37.b17.fc12 (2010-6025)

Oval

  • accepted2015-03-23T04:00:33.787-04:00
    classvulnerability
    contributors
    • nameAharon Chernin
      organizationDTCC
    • nameDragos Prisaca
      organizationG2, Inc.
    • nameMaria Mikhno
      organizationALTX-SOFT
    • nameMaria Mikhno
      organizationALTX-SOFT
    definition_extensions
    • commentJava SE Development Kit 6 is installed
      ovaloval:org.mitre.oval:def:15831
    • commentJava SE Runtime Environment 6 is installed
      ovaloval:org.mitre.oval:def:16362
    • commentJava SE Runtime Environment 5 is installed
      ovaloval:org.mitre.oval:def:15748
    • commentJava SE Development Kit 5 is installed
      ovaloval:org.mitre.oval:def:16292
    descriptionUnspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to improper checks when executing privileged methods in the Java Runtime Environment (JRE), which allows attackers to execute arbitrary code via (1) an untrusted object that extends the trusted class but has not modified a certain method, or (2) "a similar trust issue with interfaces," aka "Trusted Methods Chaining Remote Code Execution Vulnerability."
    familywindows
    idoval:org.mitre.oval:def:13971
    statusaccepted
    submitted2011-11-25T18:03:41.000-05:00
    titleUnspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to improper checks when executing privileged methods in the Java Runtime Environment (JRE), which allows attackers to execute arbitrary code via (1) an untrusted object that extends the trusted class but has not modified a certain method, or (2) "a similar trust issue with interfaces," aka "Trusted Methods Chaining Remote Code Execution Vulnerability."
    version11
  • accepted2013-04-29T04:23:48.590-04:00
    classvulnerability
    contributors
    • nameAharon Chernin
      organizationSCAP.com, LLC
    • nameDragos Prisaca
      organizationG2, Inc.
    definition_extensions
    • commentThe operating system installed on the system is Red Hat Enterprise Linux 5
      ovaloval:org.mitre.oval:def:11414
    • commentThe operating system installed on the system is CentOS Linux 5.x
      ovaloval:org.mitre.oval:def:15802
    • commentOracle Linux 5.x
      ovaloval:org.mitre.oval:def:15459
    description Remote Code Execution Vulnerability."
    familyunix
    idoval:org.mitre.oval:def:9974
    statusaccepted
    submitted2010-07-09T03:56:16-04:00
    title Remote Code Execution Vulnerability."
    version18

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/92972/java_trusted_chain.rb.txt
idPACKETSTORM:92972
last seen2016-12-05
published2010-08-24
reporteregypt
sourcehttps://packetstormsecurity.com/files/92972/Java-Statement.invoke-Trusted-Method-Chain-Exploit.html
titleJava Statement.invoke() Trusted Method Chain Exploit

Redhat

advisories
  • rhsa
    idRHSA-2010:0337
  • rhsa
    idRHSA-2010:0338
  • rhsa
    idRHSA-2010:0339
  • rhsa
    idRHSA-2010:0383
  • rhsa
    idRHSA-2010:0471
  • rhsa
    idRHSA-2010:0489
rpms
  • java-1.6.0-sun-1:1.6.0.19-1jpp.1.el4
  • java-1.6.0-sun-1:1.6.0.19-1jpp.1.el5
  • java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el4
  • java-1.6.0-sun-demo-1:1.6.0.19-1jpp.1.el5
  • java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el4
  • java-1.6.0-sun-devel-1:1.6.0.19-1jpp.1.el5
  • java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el4
  • java-1.6.0-sun-jdbc-1:1.6.0.19-1jpp.1.el5
  • java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el4
  • java-1.6.0-sun-plugin-1:1.6.0.19-1jpp.1.el5
  • java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el4
  • java-1.6.0-sun-src-1:1.6.0.19-1jpp.1.el5
  • java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el4
  • java-1.5.0-sun-uninstall-0:1.5.0.22-1jpp.3.el5
  • java-1.6.0-openjdk-1:1.6.0.0-1.11.b16.el5
  • java-1.6.0-openjdk-debuginfo-1:1.6.0.0-1.11.b16.el5
  • java-1.6.0-openjdk-demo-1:1.6.0.0-1.11.b16.el5
  • java-1.6.0-openjdk-devel-1:1.6.0.0-1.11.b16.el5
  • java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.11.b16.el5
  • java-1.6.0-openjdk-src-1:1.6.0.0-1.11.b16.el5
  • java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4
  • java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5
  • java-1.6.0-ibm-accessibility-1:1.6.0.8-1jpp.1.el5
  • java-1.6.0-ibm-demo-1:1.6.0.8-1jpp.1.el4
  • java-1.6.0-ibm-demo-1:1.6.0.8-1jpp.1.el5
  • java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4
  • java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5
  • java-1.6.0-ibm-javacomm-1:1.6.0.8-1jpp.1.el4
  • java-1.6.0-ibm-javacomm-1:1.6.0.8-1jpp.1.el5
  • java-1.6.0-ibm-jdbc-1:1.6.0.8-1jpp.1.el4
  • java-1.6.0-ibm-jdbc-1:1.6.0.8-1jpp.1.el5
  • java-1.6.0-ibm-plugin-1:1.6.0.8-1jpp.1.el4
  • java-1.6.0-ibm-plugin-1:1.6.0.8-1jpp.1.el5
  • java-1.6.0-ibm-src-1:1.6.0.8-1jpp.1.el4
  • java-1.6.0-ibm-src-1:1.6.0.8-1jpp.1.el5
  • java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el4
  • java-1.6.0-ibm-1:1.6.0.8-1jpp.1.el5
  • java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el4
  • java-1.6.0-ibm-devel-1:1.6.0.8-1jpp.1.el5
  • java-1.5.0-ibm-1:1.5.0.11.2-1jpp.1.el4
  • java-1.5.0-ibm-1:1.5.0.11.2-1jpp.1.el5
  • java-1.5.0-ibm-accessibility-1:1.5.0.11.2-1jpp.1.el5
  • java-1.5.0-ibm-demo-1:1.5.0.11.2-1jpp.1.el4
  • java-1.5.0-ibm-demo-1:1.5.0.11.2-1jpp.1.el5
  • java-1.5.0-ibm-devel-1:1.5.0.11.2-1jpp.1.el4
  • java-1.5.0-ibm-devel-1:1.5.0.11.2-1jpp.1.el5
  • java-1.5.0-ibm-javacomm-1:1.5.0.11.2-1jpp.1.el4
  • java-1.5.0-ibm-javacomm-1:1.5.0.11.2-1jpp.1.el5
  • java-1.5.0-ibm-jdbc-1:1.5.0.11.2-1jpp.1.el4
  • java-1.5.0-ibm-jdbc-1:1.5.0.11.2-1jpp.1.el5
  • java-1.5.0-ibm-plugin-1:1.5.0.11.2-1jpp.1.el4
  • java-1.5.0-ibm-plugin-1:1.5.0.11.2-1jpp.1.el5
  • java-1.5.0-ibm-src-1:1.5.0.11.2-1jpp.1.el4
  • java-1.5.0-ibm-src-1:1.5.0.11.2-1jpp.1.el5
  • java-1.4.2-ibm-0:1.4.2.13.5-1jpp.1.el3
  • java-1.4.2-ibm-0:1.4.2.13.5-1jpp.1.el4
  • java-1.4.2-ibm-0:1.4.2.13.5-1jpp.1.el5
  • java-1.4.2-ibm-demo-0:1.4.2.13.5-1jpp.1.el3
  • java-1.4.2-ibm-demo-0:1.4.2.13.5-1jpp.1.el4
  • java-1.4.2-ibm-demo-0:1.4.2.13.5-1jpp.1.el5
  • java-1.4.2-ibm-devel-0:1.4.2.13.5-1jpp.1.el3
  • java-1.4.2-ibm-devel-0:1.4.2.13.5-1jpp.1.el4
  • java-1.4.2-ibm-devel-0:1.4.2.13.5-1jpp.1.el5
  • java-1.4.2-ibm-javacomm-0:1.4.2.13.5-1jpp.1.el4
  • java-1.4.2-ibm-javacomm-0:1.4.2.13.5-1jpp.1.el5
  • java-1.4.2-ibm-jdbc-0:1.4.2.13.5-1jpp.1.el3
  • java-1.4.2-ibm-jdbc-0:1.4.2.13.5-1jpp.1.el4
  • java-1.4.2-ibm-jdbc-0:1.4.2.13.5-1jpp.1.el5
  • java-1.4.2-ibm-plugin-0:1.4.2.13.5-1jpp.1.el3
  • java-1.4.2-ibm-plugin-0:1.4.2.13.5-1jpp.1.el4
  • java-1.4.2-ibm-plugin-0:1.4.2.13.5-1jpp.1.el5
  • java-1.4.2-ibm-src-0:1.4.2.13.5-1jpp.1.el3
  • java-1.4.2-ibm-src-0:1.4.2.13.5-1jpp.1.el4
  • java-1.4.2-ibm-src-0:1.4.2.13.5-1jpp.1.el5
  • java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el4_8
  • java-1.4.2-ibm-sap-0:1.4.2.13.5.sap-1jpp.1.el5
  • java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el4_8
  • java-1.4.2-ibm-sap-demo-0:1.4.2.13.5.sap-1jpp.1.el5
  • java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el4_8
  • java-1.4.2-ibm-sap-devel-0:1.4.2.13.5.sap-1jpp.1.el5
  • java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el4_8
  • java-1.4.2-ibm-sap-javacomm-0:1.4.2.13.5.sap-1jpp.1.el5
  • java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el4_8
  • java-1.4.2-ibm-sap-src-0:1.4.2.13.5.sap-1jpp.1.el5

Seebug

bulletinFamilyexploit
descriptionNo description provided by source.
idSSV:70815
last seen2017-11-19
modified2014-07-01
published2014-07-01
reporterRoot
sourcehttps://www.seebug.org/vuldb/ssvid-70815
titleJava Statement.invoke() Trusted Method Chain Exploit

References