Vulnerabilities > CVE-2016-0603 - Unspecified vulnerability in Oracle JDK and JRE

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
oracle
nessus

Summary

Unspecified vulnerability in the Java SE component in Oracle Java SE 6u111, 7u95, 8u71, and 8u72, when running on Windows, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install. NOTE: the previous information is from Oracle's Security Alert for CVE-2016-0603. Oracle has not commented on third-party claims that this is an untrusted search path issue that allows local users to gain privileges via a Trojan horse dll in the "application directory."

Nessus

  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201610-08.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201610-08 (Oracle JRE/JDK: Multiple vulnerabilities) Multiple vulnerabilities exist in both Oracle’s JRE and JDK. Please review the referenced CVE’s for additional information. Impact : Remote attackers could gain access to information, remotely execute arbitrary code, or cause Denial of Service. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id94085
    published2016-10-17
    reporterThis script is Copyright (C) 2016 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/94085
    titleGLSA-201610-08 : Oracle JRE/JDK: Multiple vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 201610-08.
    #
    # The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(94085);
      script_version("$Revision: 2.2 $");
      script_cvs_date("$Date: 2016/10/19 14:14:42 $");
    
      script_cve_id("CVE-2016-0402", "CVE-2016-0448", "CVE-2016-0466", "CVE-2016-0475", "CVE-2016-0483", "CVE-2016-0494", "CVE-2016-0603", "CVE-2016-0636", "CVE-2016-3426", "CVE-2016-3458", "CVE-2016-3485", "CVE-2016-3498", "CVE-2016-3500", "CVE-2016-3503", "CVE-2016-3508", "CVE-2016-3511", "CVE-2016-3550", "CVE-2016-3552", "CVE-2016-3587", "CVE-2016-3598", "CVE-2016-3606", "CVE-2016-3610");
      script_xref(name:"GLSA", value:"201610-08");
    
      script_name(english:"GLSA-201610-08 : Oracle JRE/JDK: Multiple vulnerabilities");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-201610-08
    (Oracle JRE/JDK: Multiple vulnerabilities)
    
        Multiple vulnerabilities exist in both Oracle’s JRE and JDK. Please
          review the referenced CVE’s for additional information.
      
    Impact :
    
        Remote attackers could gain access to information, remotely execute
          arbitrary code, or cause Denial of Service.
      
    Workaround :
    
        There is no known workaround at this time."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/201610-08"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All Oracle JRE Users users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose '>=dev-java/oracle-jre-bin-1.8.0.101'
        All Oracle JDK Users users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose '>=dev-java/oracle-jdk-bin-1.8.0.101'"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:oracle-jdk-bin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:oracle-jre-bin");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2016/10/15");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/10/17");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016 Tenable Network Security, Inc.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"dev-java/oracle-jre-bin", unaffected:make_list("ge 1.8.0.101"), vulnerable:make_list("lt 1.8.0.101"))) flag++;
    if (qpkg_check(package:"dev-java/oracle-jdk-bin", unaffected:make_list("ge 1.8.0.101"), vulnerable:make_list("lt 1.8.0.101"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Oracle JRE/JDK");
    }
    
  • NASL familyWindows
    NASL idORACLE_JAVA_INSTALLER_CVE-2016-0603.NASL
    descriptionThe version of Oracle Java SE or Java for Business installed on the remote host is prior to 8 Update 73, 7 Update 97, or 6 Update 113. It is, therefore, affected by an arbitrary code execution vulnerability that may have been exploited when installing Java. If an attacker convinced a user to download a set of malicious files before Java was installed, then arbitrary code may have been executed during the installation. A system with the vulnerable versions of Java installed should be checked for malicious software or abnormal behaviors.
    last seen2020-06-01
    modified2020-06-02
    plugin id88755
    published2016-02-16
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/88755
    titleOracle Java SE Installer on Windows Arbitrary Code Execution
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include('compat.inc');
    
    if (description)
    {
      script_id(88755);
      script_version("1.5");
      script_cvs_date("Date: 2019/11/19");
    
      script_cve_id("CVE-2016-0603");
      script_bugtraq_id(83008);
    
      script_name(english:"Oracle Java SE Installer on Windows Arbitrary Code Execution");
      script_summary(english:"Checks the version of the JRE.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Windows host contains a programming platform that is
    affected by an arbitrary code execution vulnerability.");
      script_set_attribute(attribute:"description", value:
    "The version of Oracle Java SE or Java for Business installed on the
    remote host is prior to 8 Update 73, 7 Update 97, or 6 Update 113. It
    is, therefore, affected by an arbitrary code execution vulnerability
    that may have been exploited when installing Java. If an attacker
    convinced a user to download a set of malicious files before Java was
    installed, then arbitrary code may have been executed during the
    installation. A system with the vulnerable versions of Java installed
    should be checked for malicious software or abnormal behaviors.");
      script_set_attribute(attribute:"see_also", value:"https://blogs.oracle.com/oraclesecurity/");
      # https://www.oracle.com/technetwork/topics/security/alert-cve-2016-0603-2874360.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?eb8074f2");
      script_set_attribute(attribute:"solution", value:
    "Discard any installers for versions of Oracle JDK / JRE prior to 8
    Update 73, 7 Update 97, or 6 Update 113. Additionally, check for
    malicious software or abnormal behavior.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-0603");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/02/05");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/02/05");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/02/16");
    
      script_set_attribute(attribute:"potential_vulnerability", value:"true");
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:jre");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:jdk");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("sun_java_jre_installed.nasl");
      script_require_keys("SMB/Java/JRE/Installed", "Settings/ParanoidReport", "SMB/Registry/Enumerated");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    
    # Only windows
    get_kb_item_or_exit("SMB/Registry/Enumerated");
    
    # Exploitation occurs during installation process of
    # vulnerable version
    if (report_paranoia < 2) audit(AUDIT_PARANOID);
    
    # Check each installed JRE.
    installs = get_kb_list_or_exit("SMB/Java/JRE/*");
    
    info = "";
    vuln = 0;
    installed_versions = "";
    
    foreach install (list_uniq(keys(installs)))
    {
      ver = install - "SMB/Java/JRE/";
      if (ver !~ "^[0-9.]+") continue;
    
      installed_versions = installed_versions + " & " + ver;
    
      # Fixes : (JDK|JRE) 8 Update 73 / 7 Update 97 / 6 Update 113
      if (
        ver =~ '^1\\.6\\.0_([0-9]|[0-9][0-9]|10[0-9]|11[0-2])([^0-9]|$)' ||
        ver =~ '^1\\.7\\.0_([0-9]|[0-8][0-9]|9[0-6])([^0-9]|$)' ||
        ver =~ '^1\\.8\\.0_([0-9]|[0-6][0-9]|7[0-2])([^0-9]|$)'
      )
      {
        dirs = make_list(get_kb_list(install));
        vuln += max_index(dirs);
    
        foreach dir (dirs)
          info += '\n  Path              : ' + dir;
    
        info += '\n  Installed version : ' + ver;
        info += '\n  Fixed version     : 1.6.0_113 / 1.7.0_97 / 1.8.0_73\n';
      }
    }
    
    # Report if any were found to be vulnerable.
    if (info)
    {
      port = get_kb_item("SMB/transport");
      if (!port) port = 445;
    
      if (vuln > 1) s = "s of Java are";
      else s = " of Java is";
      report =
        '\n' +
        'The following vulnerable instance'+s+' installed on the\n' +
        'remote host :\n' +
        info +
        '\n' +
        'Note that the exploitation of this vulnerability would have occurred\n' +
        'during the installation process of this version of Java. Updates for\n' +
        'Java 6 and 7 require a support contract with Oracle.\n';
      security_report_v4(port:port, severity:SECURITY_HOLE, extra:report);
      exit(0);
    }
    else
    {
      installed_versions = substr(installed_versions, 3);
      if (" & " >< installed_versions)
        exit(0, "The Java "+installed_versions+" installs on the remote host are not affected.");
      else
        audit(AUDIT_INST_VER_NOT_VULN, "Java", installed_versions);
    }
    

The Hacker News

idTHN:1B849AAEACF7540F70CEA715C2579D8B
last seen2018-01-27
modified2016-02-08
published2016-02-07
reporterSwati Khandelwal
sourcehttps://thehackernews.com/2016/02/oracle-issues-emergency-java-update-for.html
titleOracle Issues Emergency Java Update for Windows