Lucene search
This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.ALA_ALAS-2012-119.NASLHistorySep 04, 2013 - 12:00 a.m.
Amazon Linux AMI : java-1.6.0-openjdk (ALAS-2012-119)
2013-09-0400:00:00
This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
www.tenable.com
23
CVSS2
10
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
0.121
Percentile
95.4%
It was discovered that the Beans component in OpenJDK did not perform permission checks properly. An untrusted Java application or applet could use this flaw to use classes from restricted packages, allowing it to bypass Java sandbox restrictions. (CVE-2012-1682)
A hardening fix was applied to the AWT component in OpenJDK, removing functionality from the restricted SunToolkit class that was used in combination with other flaws to bypass Java sandbox restrictions.
(CVE-2012-0547)
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux AMI Security Advisory ALAS-2012-119.
#
include("compat.inc");
if (description)
{
script_id(69609);
script_version("1.5");
script_cvs_date("Date: 2018/04/18 15:09:34");
script_cve_id("CVE-2012-0547", "CVE-2012-1682");
script_xref(name:"ALAS", value:"2012-119");
script_xref(name:"RHSA", value:"2012:1221");
script_name(english:"Amazon Linux AMI : java-1.6.0-openjdk (ALAS-2012-119)");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:"The remote Amazon Linux AMI host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"It was discovered that the Beans component in OpenJDK did not perform
permission checks properly. An untrusted Java application or applet
could use this flaw to use classes from restricted packages, allowing
it to bypass Java sandbox restrictions. (CVE-2012-1682)
A hardening fix was applied to the AWT component in OpenJDK, removing
functionality from the restricted SunToolkit class that was used in
combination with other flaws to bypass Java sandbox restrictions.
(CVE-2012-0547)"
);
script_set_attribute(
attribute:"see_also",
value:"https://alas.aws.amazon.com/ALAS-2012-119.html"
);
script_set_attribute(
attribute:"solution",
value:"Run 'yum update java-1.6.0-openjdk' to update your system."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:java-1.6.0-openjdk");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:java-1.6.0-openjdk-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:java-1.6.0-openjdk-demo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:java-1.6.0-openjdk-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:java-1.6.0-openjdk-javadoc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:java-1.6.0-openjdk-src");
script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");
script_set_attribute(attribute:"patch_publication_date", value:"2012/09/04");
script_set_attribute(attribute:"plugin_publication_date", value:"2013/09/04");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.");
script_family(english:"Amazon Linux Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/AmazonLinux/release");
if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "A")
{
if (os_ver == 'A') os_ver = 'AMI';
audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
}
if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (rpm_check(release:"ALA", reference:"java-1.6.0-openjdk-1.6.0.0-52.1.11.4.46.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"java-1.6.0-openjdk-debuginfo-1.6.0.0-52.1.11.4.46.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"java-1.6.0-openjdk-demo-1.6.0.0-52.1.11.4.46.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"java-1.6.0-openjdk-devel-1.6.0.0-52.1.11.4.46.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"java-1.6.0-openjdk-javadoc-1.6.0.0-52.1.11.4.46.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"java-1.6.0-openjdk-src-1.6.0.0-52.1.11.4.46.amzn1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1.6.0-openjdk / java-1.6.0-openjdk-debuginfo / etc");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| amazon | linux | java-1.6.0-openjdk | p-cpe:/a:amazon:linux:java-1.6.0-openjdk |
| amazon | linux | java-1.6.0-openjdk-debuginfo | p-cpe:/a:amazon:linux:java-1.6.0-openjdk-debuginfo |
| amazon | linux | java-1.6.0-openjdk-demo | p-cpe:/a:amazon:linux:java-1.6.0-openjdk-demo |
| amazon | linux | java-1.6.0-openjdk-devel | p-cpe:/a:amazon:linux:java-1.6.0-openjdk-devel |
| amazon | linux | java-1.6.0-openjdk-javadoc | p-cpe:/a:amazon:linux:java-1.6.0-openjdk-javadoc |
| amazon | linux | java-1.6.0-openjdk-src | p-cpe:/a:amazon:linux:java-1.6.0-openjdk-src |
| amazon | linux | cpe:/o:amazon:linux |
Related
nessus
nessus
openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2012:1175-1)
2014-06-13 00:00:00
Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : openjdk-6 vulnerabilities (USN-1553-1)
2012-09-04 00:00:00
CentOS 6 : java-1.6.0-openjdk (CESA-2012:1221)
2012-09-04 00:00:00
centos
centos
java security update
2012-09-03 14:36:46
java security update
2012-09-03 14:26:49
java security update
2012-09-03 14:37:23
oraclelinux
oraclelinux
java-1.6.0-openjdk security update
2012-09-03 00:00:00
java-1.6.0-openjdk security update
2012-09-03 00:00:00
java-1.7.0-openjdk security update
2012-09-03 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-1553-1)
2012-09-04 00:00:00
RedHat Update for java-1.6.0-openjdk RHSA-2012:1221-01
2012-09-04 00:00:00
CentOS Update for java CESA-2012:1221 centos6
2012-09-04 00:00:00
suse
suse
Security update for OpenJDK (critical)
2012-09-12 06:08:36
java-1_6_0-openjdk: icedtea-web update to 1.11.4 (bnc#) (critical)
2012-09-14 14:13:53
java-1_7_0-openjdk: security fix for remote exploit (critical)
2012-09-12 19:08:39
redhat
redhat
(RHSA-2012:1222) Important: java-1.6.0-openjdk security update
2012-09-03 00:00:00
(RHSA-2012:1221) Critical: java-1.6.0-openjdk security update
2012-09-03 00:00:00
(RHSA-2012:1223) Important: java-1.7.0-openjdk security update
2012-09-03 00:00:00
amazon
amazon
Important: java-1.6.0-openjdk
2012-09-04 10:22:00
ubuntu
ubuntu
OpenJDK 6 vulnerabilities
2012-09-03 00:00:00
ubuntucve
ubuntucve
cve
cve
cvelist
cvelist
prion
prion
Design/Logic Flaw
2012-08-30 23:55:00
Design/Logic Flaw
2012-08-30 23:55:00
Design/Logic Flaw
2012-08-30 23:55:00
nvd
nvd
securityvulns
securityvulns
zdi
zdi
Oracle Java java.beans.Statement Remote Code Execution Vulnerability
2012-12-21 00:00:00
seebug
seebug
Oracle Sun JRE 1.x θΏη¨JREζΌζ΄
2012-09-04 00:00:00
veracode
veracode
Information Disclosure
2019-05-02 04:41:06
Arbitrary Code Execution
2019-05-02 04:41:05
Authorization Bypass
2019-05-02 04:41:06
gentoo
gentoo
Oracle JRE/JDK: Multiple vulnerabilities
2014-01-27 00:00:00
IcedTea JDK: Multiple vulnerabilities
2014-06-29 00:00:00
CVSS2
10
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
0.121
Percentile
95.4%
Related for ALA_ALAS-2012-119.NASL