Vulnerabilities > CVE-2014-8892 - Remote Information Disclosure vulnerability in IBM Java SDK
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
NONE Availability impact
NONE Summary
Unspecified vulnerability in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 5.0 before SR16-FP9, 6 before SR16-FP3, 6R1 before SR8-FP3, 7 before SR8-FP10, and 7R1 before SR2-FP10 allows remote attackers to bypass intended access permissions and obtain sensitive information via unspecified vectors related to the security manager.
Vulnerable Configurations
Nessus
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2015-0263.NASL description Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Satellite 5.7. Red Hat Product Security has rated this update as having Low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. This update corrects several security vulnerabilities in the IBM Java Runtime Environment shipped as part of Red Hat Satellite 5.7. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. Several flaws were fixed in the IBM Java 2 Runtime Environment. (CVE-2014-6585, CVE-2014-6587, CVE-2014-6591, CVE-2014-6593, CVE-2014-8891, CVE-2014-8892, CVE-2015-0395, CVE-2015-0403, CVE-2015-0406, CVE-2015-0407, CVE-2015-0408, CVE-2015-0410, CVE-2015-0412) Users of Red Hat Satellite 5.7 are advised to upgrade to these updated packages, which contain the IBM Java SE 6 SR16-FP3 release. For this update to take effect, Red Hat Satellite must be restarted ( last seen 2020-06-01 modified 2020-06-02 plugin id 81504 published 2015-02-25 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81504 title RHEL 6 : Red Hat Satellite IBM Java Runtime (RHSA-2015:0263) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2015:0263. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(81504); script_version("1.15"); script_cvs_date("Date: 2019/10/24 15:35:39"); script_cve_id("CVE-2014-6585", "CVE-2014-6587", "CVE-2014-6591", "CVE-2014-6593", "CVE-2014-8891", "CVE-2014-8892", "CVE-2015-0395", "CVE-2015-0403", "CVE-2015-0406", "CVE-2015-0407", "CVE-2015-0408", "CVE-2015-0410", "CVE-2015-0412"); script_xref(name:"RHSA", value:"2015:0263"); script_name(english:"RHEL 6 : Red Hat Satellite IBM Java Runtime (RHSA-2015:0263)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Satellite 5.7. Red Hat Product Security has rated this update as having Low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. This update corrects several security vulnerabilities in the IBM Java Runtime Environment shipped as part of Red Hat Satellite 5.7. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. Several flaws were fixed in the IBM Java 2 Runtime Environment. (CVE-2014-6585, CVE-2014-6587, CVE-2014-6591, CVE-2014-6593, CVE-2014-8891, CVE-2014-8892, CVE-2015-0395, CVE-2015-0403, CVE-2015-0406, CVE-2015-0407, CVE-2015-0408, CVE-2015-0410, CVE-2015-0412) Users of Red Hat Satellite 5.7 are advised to upgrade to these updated packages, which contain the IBM Java SE 6 SR16-FP3 release. For this update to take effect, Red Hat Satellite must be restarted ('/usr/sbin/rhn-satellite restart'), as well as all running instances of IBM Java." ); # https://www.ibm.com/developerworks/java/jdk/alerts/ script_set_attribute( attribute:"see_also", value:"https://developer.ibm.com/javasdk/support/security-vulnerabilities/" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2015:0263" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2015-0406" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2015-0403" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2015-0408" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2015-0407" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2015-0395" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2015-0410" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-6591" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-6593" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-6587" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2015-0412" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-6585" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-8892" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-8891" ); script_set_attribute( attribute:"solution", value: "Update the affected java-1.6.0-ibm and / or java-1.6.0-ibm-devel packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6"); script_set_attribute(attribute:"vuln_publication_date", value:"2015/01/21"); script_set_attribute(attribute:"patch_publication_date", value:"2015/02/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/02/25"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2015:0263"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"java-1.6.0-ibm-1.6.0.16.3-1jpp.1.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.6.0-ibm-1.6.0.16.3-1jpp.1.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"java-1.6.0-ibm-devel-1.6.0.16.3-1jpp.1.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.6.0-ibm-devel-1.6.0.16.3-1jpp.1.el6")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1.6.0-ibm / java-1.6.0-ibm-devel"); } }NASL family SuSE Local Security Checks NASL id SUSE_SU-2015-0306-1.NASL description java-1_6_0-ibm was updated to fix two security issues. These security issues were fixed : - CVE-2014-8892: Unspecified vulnerability (bnc#916265). - CVE-2014-8891: Unspecified vulnerability (bnc#916266). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-24 modified 2019-01-02 plugin id 119960 published 2019-01-02 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119960 title SUSE SLES12 Security Update : java-1_6_0-ibm (SUSE-SU-2015:0306-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2015:0306-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(119960); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/23"); script_cve_id("CVE-2014-8891", "CVE-2014-8892"); script_bugtraq_id(73258, 73259); script_name(english:"SUSE SLES12 Security Update : java-1_6_0-ibm (SUSE-SU-2015:0306-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "java-1_6_0-ibm was updated to fix two security issues. These security issues were fixed : - CVE-2014-8892: Unspecified vulnerability (bnc#916265). - CVE-2014-8891: Unspecified vulnerability (bnc#916266). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=916265" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=916266" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2014-8891/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2014-8892/" ); # https://www.suse.com/support/update/announcement/2015/suse-su-20150306-1.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?b7353a60" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Module for Legacy Software 12 : zypper in -t patch SUSE-SLE-Module-Legacy-12-2015-79=1 To bring your system up-to-date, use 'zypper patch'." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_6_0-ibm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_6_0-ibm-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_6_0-ibm-jdbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_6_0-ibm-plugin"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12"); script_set_attribute(attribute:"vuln_publication_date", value:"2015/03/06"); script_set_attribute(attribute:"patch_publication_date", value:"2015/02/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/02"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES12" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP0", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"java-1_6_0-ibm-plugin-1.6.0_sr16.3-12.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"java-1_6_0-ibm-1.6.0_sr16.3-12.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"java-1_6_0-ibm-fonts-1.6.0_sr16.3-12.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"java-1_6_0-ibm-jdbc-1.6.0_sr16.3-12.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1_6_0-ibm"); }NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2015-0136.NASL description Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2014-6585, CVE-2014-6591, CVE-2014-6593, CVE-2014-8891, CVE-2014-8892, CVE-2015-0395, CVE-2015-0407, CVE-2015-0408, CVE-2015-0410) All users of java-1.5.0-ibm are advised to upgrade to these updated packages, containing the IBM J2SE 5.0 SR16-FP9 release. All running instances of IBM Java must be restarted for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 81204 published 2015-02-06 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81204 title RHEL 5 / 6 : java-1.5.0-ibm (RHSA-2015:0136) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2015:0136. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(81204); script_version("1.21"); script_cvs_date("Date: 2019/10/24 15:35:39"); script_cve_id("CVE-2014-6585", "CVE-2014-6591", "CVE-2014-6593", "CVE-2014-8891", "CVE-2014-8892", "CVE-2015-0395", "CVE-2015-0407", "CVE-2015-0408", "CVE-2015-0410"); script_bugtraq_id(72140, 72162, 72165, 72169, 72173, 72175, 73258, 73259); script_xref(name:"RHSA", value:"2015:0136"); script_name(english:"RHEL 5 / 6 : java-1.5.0-ibm (RHSA-2015:0136)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2014-6585, CVE-2014-6591, CVE-2014-6593, CVE-2014-8891, CVE-2014-8892, CVE-2015-0395, CVE-2015-0407, CVE-2015-0408, CVE-2015-0410) All users of java-1.5.0-ibm are advised to upgrade to these updated packages, containing the IBM J2SE 5.0 SR16-FP9 release. All running instances of IBM Java must be restarted for this update to take effect." ); # https://www.ibm.com/developerworks/java/jdk/alerts/ script_set_attribute( attribute:"see_also", value:"https://developer.ibm.com/javasdk/support/security-vulnerabilities/" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2015:0136" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2015-0408" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2015-0407" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2015-0395" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2015-0410" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-6591" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-6593" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-6585" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-8892" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-8891" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-accessibility"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-demo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-javacomm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-jdbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-plugin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-src"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6.6"); script_set_attribute(attribute:"vuln_publication_date", value:"2015/01/21"); script_set_attribute(attribute:"patch_publication_date", value:"2015/02/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/02/06"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^(5|6)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x / 6.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2015:0136"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL5", reference:"java-1.5.0-ibm-1.5.0.16.9-1jpp.1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"java-1.5.0-ibm-accessibility-1.5.0.16.9-1jpp.1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"java-1.5.0-ibm-accessibility-1.5.0.16.9-1jpp.1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.5.0-ibm-accessibility-1.5.0.16.9-1jpp.1.el5")) flag++; if (rpm_check(release:"RHEL5", reference:"java-1.5.0-ibm-demo-1.5.0.16.9-1jpp.1.el5")) flag++; if (rpm_check(release:"RHEL5", reference:"java-1.5.0-ibm-devel-1.5.0.16.9-1jpp.1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"java-1.5.0-ibm-javacomm-1.5.0.16.9-1jpp.1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.5.0-ibm-javacomm-1.5.0.16.9-1jpp.1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"java-1.5.0-ibm-jdbc-1.5.0.16.9-1jpp.1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390", reference:"java-1.5.0-ibm-jdbc-1.5.0.16.9-1jpp.1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"java-1.5.0-ibm-plugin-1.5.0.16.9-1jpp.1.el5")) flag++; if (rpm_check(release:"RHEL5", reference:"java-1.5.0-ibm-src-1.5.0.16.9-1jpp.1.el5")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.5.0-ibm-1.5.0.16.9-1jpp.1.el6_6")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"java-1.5.0-ibm-1.5.0.16.9-1jpp.1.el6_6")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.5.0-ibm-1.5.0.16.9-1jpp.1.el6_6")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.5.0-ibm-demo-1.5.0.16.9-1jpp.1.el6_6")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"java-1.5.0-ibm-demo-1.5.0.16.9-1jpp.1.el6_6")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.5.0-ibm-demo-1.5.0.16.9-1jpp.1.el6_6")) flag++; if (rpm_check(release:"RHEL6", reference:"java-1.5.0-ibm-devel-1.5.0.16.9-1jpp.1.el6_6")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.5.0-ibm-javacomm-1.5.0.16.9-1jpp.1.el6_6")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.5.0-ibm-javacomm-1.5.0.16.9-1jpp.1.el6_6")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.5.0-ibm-jdbc-1.5.0.16.9-1jpp.1.el6_6")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390", reference:"java-1.5.0-ibm-jdbc-1.5.0.16.9-1jpp.1.el6_6")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.5.0-ibm-plugin-1.5.0.16.9-1jpp.1.el6_6")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.5.0-ibm-src-1.5.0.16.9-1jpp.1.el6_6")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"java-1.5.0-ibm-src-1.5.0.16.9-1jpp.1.el6_6")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.5.0-ibm-src-1.5.0.16.9-1jpp.1.el6_6")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1.5.0-ibm / java-1.5.0-ibm-accessibility / java-1.5.0-ibm-demo / etc"); } }NASL family SuSE Local Security Checks NASL id SUSE_11_JAVA-1_7_0-IBM-150210.NASL description java-1_7_0-ibm was updated to fix two security issues : - Unspecified vulnerability. (CVE-2014-8891) - Unspecified vulnerability. (CVE-2014-8892) last seen 2020-06-01 modified 2020-06-02 plugin id 81436 published 2015-02-23 reporter This script is Copyright (C) 2015 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/81436 title SuSE 11.3 Security Update : java-1_7_0-ibm (SAT Patch Number 10300) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2015-0264.NASL description Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Satellite 5.6. Red Hat Product Security has rated this update as having Low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. This update corrects several security vulnerabilities in the IBM Java Runtime Environment shipped as part of Red Hat Satellite 5.6. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. Several flaws were fixed in the IBM Java 2 Runtime Environment. (CVE-2014-3065, CVE-2014-3068, CVE-2014-3566, CVE-2014-4209, CVE-2014-4218, CVE-2014-4219, CVE-2014-4227, CVE-2014-4244, CVE-2014-4252, CVE-2014-4262, CVE-2014-4263, CVE-2014-4265, CVE-2014-4288, CVE-2014-6457, CVE-2014-6458, CVE-2014-6492, CVE-2014-6493, CVE-2014-6502, CVE-2014-6503, CVE-2014-6506, CVE-2014-6511, CVE-2014-6512, CVE-2014-6515, CVE-2014-6531, CVE-2014-6532, CVE-2014-6558, CVE-2014-6585, CVE-2014-6587, CVE-2014-6591, CVE-2014-6593, CVE-2014-8891, CVE-2014-8892, CVE-2015-0395, CVE-2015-0403, CVE-2015-0406, CVE-2015-0407, CVE-2015-0408, CVE-2015-0410, CVE-2015-0412) The CVE-2014-4262 and CVE-2014-6512 issues were discovered by Florian Weimer of Red Hat Product Security. Users of Red Hat Satellite 5.6 are advised to upgrade to these updated packages, which contain the IBM Java SE 6 SR16-FP3 release. For this update to take effect, Red Hat Satellite must be restarted ( last seen 2020-06-01 modified 2020-06-02 plugin id 81505 published 2015-02-25 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81505 title RHEL 5 / 6 : Red Hat Satellite IBM Java Runtime (RHSA-2015:0264) (POODLE) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2015-0134.NASL description Updated java-1.7.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2014-6549, CVE-2014-6585, CVE-2014-6587, CVE-2014-6591, CVE-2014-6593, CVE-2014-8891, CVE-2014-8892, CVE-2015-0403, CVE-2015-0406, CVE-2015-0407, CVE-2015-0408, CVE-2015-0410, CVE-2015-0412) All users of java-1.7.0-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 7 SR8-FP10 release. All running instances of IBM Java must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 81202 published 2015-02-06 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81202 title RHEL 5 : java-1.7.0-ibm (RHSA-2015:0134) NASL family SuSE Local Security Checks NASL id SUSE_11_JAVA-1_6_0-IBM-150210.NASL description java-1_6_0-ibm was updated to fix two security issues : - Unspecified vulnerability. (CVE-2014-8891) - Unspecified vulnerability. (CVE-2014-8892) last seen 2020-06-01 modified 2020-06-02 plugin id 81435 published 2015-02-23 reporter This script is Copyright (C) 2015 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/81435 title SuSE 11.3 Security Update : java-1_6_0-ibm (SAT Patch Number 10299) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2015-0133.NASL description Updated java-1.7.1-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 6 and 7 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2014-6549, CVE-2014-6585, CVE-2014-6587, CVE-2014-6591, CVE-2014-6593, CVE-2014-8891, CVE-2014-8892, CVE-2015-0403, CVE-2015-0406, CVE-2015-0407, CVE-2015-0408, CVE-2015-0410, CVE-2015-0412) All users of java-1.7.1-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 7R1 SR2-FP10 release. All running instances of IBM Java must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 81201 published 2015-02-06 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81201 title RHEL 6 / 7 : java-1.7.1-ibm (RHSA-2015:0133) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2015-0135.NASL description Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2014-6585, CVE-2014-6587, CVE-2014-6591, CVE-2014-6593, CVE-2014-8891, CVE-2014-8892, CVE-2015-0395, CVE-2015-0403, CVE-2015-0406, CVE-2015-0407, CVE-2015-0408, CVE-2015-0410, CVE-2015-0412) All users of java-1.6.0-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 6 SR16-FP3 release. All running instances of IBM Java must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 81203 published 2015-02-06 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81203 title RHEL 5 / 6 : java-1.6.0-ibm (RHSA-2015:0135) NASL family SuSE Local Security Checks NASL id SUSE_SU-2015-1073-1.NASL description This update fixes the following security issues : - Version bump to 7.1-3.0 release bnc#930365 CVE-2015-0192 CVE-2015-2808 CVE-2015-1914 CVE-2015-0138 - Fix removeing links before update-alternatives run. bnc#931702 - Fix bnc#912434, javaws/plugin stuff should slave plugin update-alternatives - Fix bnc#912447, use system cacerts - Update to 7.1.2.10 for sec issues bnc#916266 and bnc#916265 CVE-2014-8892 CVE-2014-8891 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 84260 published 2015-06-18 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/84260 title SUSE SLES12 Security Update : java-1_7_0-ibm (SUSE-SU-2015:1073-1) (Bar Mitzvah)
Redhat
| advisories |
| ||||||||
| rpms |
|
References
- http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00021.html
- http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00022.html
- http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00025.html
- http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html
- http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00027.html
- http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00033.html
- http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.html
- http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html
- http://rhn.redhat.com/errata/RHSA-2015-0136.html
- http://rhn.redhat.com/errata/RHSA-2015-0264.html
- http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_February_2015
- http://www.securityfocus.com/bid/73259
- https://bugzilla.redhat.com/show_bug.cgi?id=1189145
- https://www-304.ibm.com/support/docview.wss?uid=swg21695474