Vulnerabilities > CVE-2016-0603 - Unspecified vulnerability in Oracle JDK and JRE
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Unspecified vulnerability in the Java SE component in Oracle Java SE 6u111, 7u95, 8u71, and 8u72, when running on Windows, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install. NOTE: the previous information is from Oracle's Security Alert for CVE-2016-0603. Oracle has not commented on third-party claims that this is an untrusted search path issue that allows local users to gain privileges via a Trojan horse dll in the "application directory."
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 1 | |
| Application | 7 |
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201610-08.NASL description The remote host is affected by the vulnerability described in GLSA-201610-08 (Oracle JRE/JDK: Multiple vulnerabilities) Multiple vulnerabilities exist in both Oracle’s JRE and JDK. Please review the referenced CVE’s for additional information. Impact : Remote attackers could gain access to information, remotely execute arbitrary code, or cause Denial of Service. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 94085 published 2016-10-17 reporter This script is Copyright (C) 2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/94085 title GLSA-201610-08 : Oracle JRE/JDK: Multiple vulnerabilities code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201610-08. # # The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(94085); script_version("$Revision: 2.2 $"); script_cvs_date("$Date: 2016/10/19 14:14:42 $"); script_cve_id("CVE-2016-0402", "CVE-2016-0448", "CVE-2016-0466", "CVE-2016-0475", "CVE-2016-0483", "CVE-2016-0494", "CVE-2016-0603", "CVE-2016-0636", "CVE-2016-3426", "CVE-2016-3458", "CVE-2016-3485", "CVE-2016-3498", "CVE-2016-3500", "CVE-2016-3503", "CVE-2016-3508", "CVE-2016-3511", "CVE-2016-3550", "CVE-2016-3552", "CVE-2016-3587", "CVE-2016-3598", "CVE-2016-3606", "CVE-2016-3610"); script_xref(name:"GLSA", value:"201610-08"); script_name(english:"GLSA-201610-08 : Oracle JRE/JDK: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201610-08 (Oracle JRE/JDK: Multiple vulnerabilities) Multiple vulnerabilities exist in both Oracle’s JRE and JDK. Please review the referenced CVE’s for additional information. Impact : Remote attackers could gain access to information, remotely execute arbitrary code, or cause Denial of Service. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201610-08" ); script_set_attribute( attribute:"solution", value: "All Oracle JRE Users users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-java/oracle-jre-bin-1.8.0.101' All Oracle JDK Users users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-java/oracle-jdk-bin-1.8.0.101'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:oracle-jdk-bin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:oracle-jre-bin"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2016/10/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/10/17"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"dev-java/oracle-jre-bin", unaffected:make_list("ge 1.8.0.101"), vulnerable:make_list("lt 1.8.0.101"))) flag++; if (qpkg_check(package:"dev-java/oracle-jdk-bin", unaffected:make_list("ge 1.8.0.101"), vulnerable:make_list("lt 1.8.0.101"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Oracle JRE/JDK"); }NASL family Windows NASL id ORACLE_JAVA_INSTALLER_CVE-2016-0603.NASL description The version of Oracle Java SE or Java for Business installed on the remote host is prior to 8 Update 73, 7 Update 97, or 6 Update 113. It is, therefore, affected by an arbitrary code execution vulnerability that may have been exploited when installing Java. If an attacker convinced a user to download a set of malicious files before Java was installed, then arbitrary code may have been executed during the installation. A system with the vulnerable versions of Java installed should be checked for malicious software or abnormal behaviors. last seen 2020-06-01 modified 2020-06-02 plugin id 88755 published 2016-02-16 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/88755 title Oracle Java SE Installer on Windows Arbitrary Code Execution code # # (C) Tenable Network Security, Inc. # include('compat.inc'); if (description) { script_id(88755); script_version("1.5"); script_cvs_date("Date: 2019/11/19"); script_cve_id("CVE-2016-0603"); script_bugtraq_id(83008); script_name(english:"Oracle Java SE Installer on Windows Arbitrary Code Execution"); script_summary(english:"Checks the version of the JRE."); script_set_attribute(attribute:"synopsis", value: "The remote Windows host contains a programming platform that is affected by an arbitrary code execution vulnerability."); script_set_attribute(attribute:"description", value: "The version of Oracle Java SE or Java for Business installed on the remote host is prior to 8 Update 73, 7 Update 97, or 6 Update 113. It is, therefore, affected by an arbitrary code execution vulnerability that may have been exploited when installing Java. If an attacker convinced a user to download a set of malicious files before Java was installed, then arbitrary code may have been executed during the installation. A system with the vulnerable versions of Java installed should be checked for malicious software or abnormal behaviors."); script_set_attribute(attribute:"see_also", value:"https://blogs.oracle.com/oraclesecurity/"); # https://www.oracle.com/technetwork/topics/security/alert-cve-2016-0603-2874360.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?eb8074f2"); script_set_attribute(attribute:"solution", value: "Discard any installers for versions of Oracle JDK / JRE prior to 8 Update 73, 7 Update 97, or 6 Update 113. Additionally, check for malicious software or abnormal behavior."); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-0603"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/02/05"); script_set_attribute(attribute:"patch_publication_date", value:"2016/02/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/02/16"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:jre"); script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:jdk"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("sun_java_jre_installed.nasl"); script_require_keys("SMB/Java/JRE/Installed", "Settings/ParanoidReport", "SMB/Registry/Enumerated"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); # Only windows get_kb_item_or_exit("SMB/Registry/Enumerated"); # Exploitation occurs during installation process of # vulnerable version if (report_paranoia < 2) audit(AUDIT_PARANOID); # Check each installed JRE. installs = get_kb_list_or_exit("SMB/Java/JRE/*"); info = ""; vuln = 0; installed_versions = ""; foreach install (list_uniq(keys(installs))) { ver = install - "SMB/Java/JRE/"; if (ver !~ "^[0-9.]+") continue; installed_versions = installed_versions + " & " + ver; # Fixes : (JDK|JRE) 8 Update 73 / 7 Update 97 / 6 Update 113 if ( ver =~ '^1\\.6\\.0_([0-9]|[0-9][0-9]|10[0-9]|11[0-2])([^0-9]|$)' || ver =~ '^1\\.7\\.0_([0-9]|[0-8][0-9]|9[0-6])([^0-9]|$)' || ver =~ '^1\\.8\\.0_([0-9]|[0-6][0-9]|7[0-2])([^0-9]|$)' ) { dirs = make_list(get_kb_list(install)); vuln += max_index(dirs); foreach dir (dirs) info += '\n Path : ' + dir; info += '\n Installed version : ' + ver; info += '\n Fixed version : 1.6.0_113 / 1.7.0_97 / 1.8.0_73\n'; } } # Report if any were found to be vulnerable. if (info) { port = get_kb_item("SMB/transport"); if (!port) port = 445; if (vuln > 1) s = "s of Java are"; else s = " of Java is"; report = '\n' + 'The following vulnerable instance'+s+' installed on the\n' + 'remote host :\n' + info + '\n' + 'Note that the exploitation of this vulnerability would have occurred\n' + 'during the installation process of this version of Java. Updates for\n' + 'Java 6 and 7 require a support contract with Oracle.\n'; security_report_v4(port:port, severity:SECURITY_HOLE, extra:report); exit(0); } else { installed_versions = substr(installed_versions, 3); if (" & " >< installed_versions) exit(0, "The Java "+installed_versions+" installs on the remote host are not affected."); else audit(AUDIT_INST_VER_NOT_VULN, "Java", installed_versions); }
The Hacker News
| id | THN:1B849AAEACF7540F70CEA715C2579D8B |
| last seen | 2018-01-27 |
| modified | 2016-02-08 |
| published | 2016-02-07 |
| reporter | Swati Khandelwal |
| source | https://thehackernews.com/2016/02/oracle-issues-emergency-java-update-for.html |
| title | Oracle Issues Emergency Java Update for Windows |
References
- http://www.oracle.com/technetwork/topics/security/alert-cve-2016-0603-2874360.html
- http://www.securityfocus.com/bid/83008
- http://seclists.org/fulldisclosure/2016/Feb/54
- https://security.gentoo.org/glsa/201610-08
- http://www.securitytracker.com/id/1034969
- https://security.netapp.com/advisory/ntap-20160217-0001/
- http://www.securityfocus.com/archive/1/537462/100/0/threaded