10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.972 High
EPSS
Percentile
99.8%
Update to latest upstream bugfix release
Security fixes
S7000600, CVE-2011-3547: InputStream skip() information leak
S7019773, CVE-2011-3548: mutable static AWTKeyStroke.ctor
S7023640, CVE-2011-3551: Java2D TransformHelper integer overflow
S7032417, CVE-2011-3552: excessive default UDP socket limit under SecurityManager
S7046794, CVE-2011-3553: JAX-WS stack-traces information leak
S7046823, CVE-2011-3544: missing SecurityManager checks in scripting engine
S7055902, CVE-2011-3521: IIOP deserialization code execution
S7057857, CVE-2011-3554: insufficient pack200 JAR files uncompress error checks
S7064341, CVE-2011-3389: HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)
S7070134, CVE-2011-3558: HotSpot crashes with sigsegv from PorterStemmer
S7077466, CVE-2011-3556: RMI DGC server remote code execution
S7083012, CVE-2011-3557: RMI registry privileged code execution
S7096936, CVE-2011-3560: missing checkSetFactory calls in HttpsURLConnection
Bug fixes
RH727195: Japanese font mappings are broken
Backports
S6826104, RH730015: Getting a NullPointer exception when clicked on Application & Toolkit Modal dialog
Zero/Shark
PR690: Shark fails to JIT using hs20.
PR696: Zero fails to handle fast_aldc and fast_aldc_w in hs20.
Added Patch6 as (probably temporally) solution for S7103224 for buildability on newest glibc libraries.
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory 2011-15020.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(56719);
script_version("1.26");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/12/05");
script_cve_id(
"CVE-2011-3389",
"CVE-2011-3521",
"CVE-2011-3544",
"CVE-2011-3547",
"CVE-2011-3548",
"CVE-2011-3551",
"CVE-2011-3552",
"CVE-2011-3553",
"CVE-2011-3554",
"CVE-2011-3556",
"CVE-2011-3557",
"CVE-2011-3558",
"CVE-2011-3560"
);
script_bugtraq_id(
49778,
50211,
50215,
50216,
50218,
50224,
50231,
50234,
50236,
50242,
50243,
50246,
50248
);
script_xref(name:"FEDORA", value:"2011-15020");
script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/03/24");
script_xref(name:"CEA-ID", value:"CEA-2019-0547");
script_name(english:"Fedora 16 : java-1.6.0-openjdk-1.6.0.0-60.1.10.4.fc16 (2011-15020) (BEAST)");
script_set_attribute(attribute:"synopsis", value:
"The remote Fedora host is missing a security update.");
script_set_attribute(attribute:"description", value:
"Update to latest upstream bugfix release
- Security fixes
- S7000600, CVE-2011-3547: InputStream skip()
information leak
- S7019773, CVE-2011-3548: mutable static
AWTKeyStroke.ctor
- S7023640, CVE-2011-3551: Java2D TransformHelper
integer overflow
- S7032417, CVE-2011-3552: excessive default UDP socket
limit under SecurityManager
- S7046794, CVE-2011-3553: JAX-WS stack-traces
information leak
- S7046823, CVE-2011-3544: missing SecurityManager
checks in scripting engine
- S7055902, CVE-2011-3521: IIOP deserialization code
execution
- S7057857, CVE-2011-3554: insufficient pack200 JAR
files uncompress error checks
- S7064341, CVE-2011-3389: HTTPS: block-wise
chosen-plaintext attack against SSL/TLS (BEAST)
- S7070134, CVE-2011-3558: HotSpot crashes with sigsegv
from PorterStemmer
- S7077466, CVE-2011-3556: RMI DGC server remote code
execution
- S7083012, CVE-2011-3557: RMI registry privileged code
execution
- S7096936, CVE-2011-3560: missing checkSetFactory calls
in HttpsURLConnection
- Bug fixes
- RH727195: Japanese font mappings are broken
- Backports
- S6826104, RH730015: Getting a NullPointer exception
when clicked on Application & Toolkit Modal dialog
- Zero/Shark
- PR690: Shark fails to JIT using hs20.
- PR696: Zero fails to handle fast_aldc and fast_aldc_w
in hs20.
- Added Patch6 as (probably temporally) solution for
S7103224 for buildability on newest glibc libraries.
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=737506");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=745379");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=745387");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=745391");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=745397");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=745399");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=745442");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=745447");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=745459");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=745464");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=745473");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=745476");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=745492");
# https://lists.fedoraproject.org/pipermail/package-announce/2011-November/068806.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?245b2342");
script_set_attribute(attribute:"solution", value:
"Update the affected java-1.6.0-openjdk package.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"metasploit_name", value:'Java RMI Server Insecure Default Configuration Java Code Execution');
script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
script_set_attribute(attribute:"canvas_package", value:"CANVAS");
script_set_attribute(attribute:"in_the_news", value:"true");
script_set_attribute(attribute:"patch_publication_date", value:"2011/10/28");
script_set_attribute(attribute:"plugin_publication_date", value:"2011/11/07");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:java-1.6.0-openjdk");
script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:16");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Fedora Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2011-2022 Tenable Network Security, Inc.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^16([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 16.x", "Fedora " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
flag = 0;
if (rpm_check(release:"FC16", reference:"java-1.6.0-openjdk-1.6.0.0-60.1.10.4.fc16")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1.6.0-openjdk");
}
Vendor | Product | Version | CPE |
---|---|---|---|
fedoraproject | fedora | java-1.6.0-openjdk | p-cpe:/a:fedoraproject:fedora:java-1.6.0-openjdk |
fedoraproject | fedora | 16 | cpe:/o:fedoraproject:fedora:16 |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3521
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3544
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3547
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3548
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3551
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3552
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3553
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3554
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3556
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3557
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3558
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3560
www.nessus.org/u?245b2342
bugzilla.redhat.com/show_bug.cgi?id=737506
bugzilla.redhat.com/show_bug.cgi?id=745379
bugzilla.redhat.com/show_bug.cgi?id=745387
bugzilla.redhat.com/show_bug.cgi?id=745391
bugzilla.redhat.com/show_bug.cgi?id=745397
bugzilla.redhat.com/show_bug.cgi?id=745399
bugzilla.redhat.com/show_bug.cgi?id=745442
bugzilla.redhat.com/show_bug.cgi?id=745447
bugzilla.redhat.com/show_bug.cgi?id=745459
bugzilla.redhat.com/show_bug.cgi?id=745464
bugzilla.redhat.com/show_bug.cgi?id=745473
bugzilla.redhat.com/show_bug.cgi?id=745476
bugzilla.redhat.com/show_bug.cgi?id=745492