CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
98.6%
Updated java-1.5.0-sun packages that correct several security issues are now available for Red Hat Network Satellite Server 5.1.
This update has been rated as having low security impact by the Red Hat Security Response Team.
This update corrects several security vulnerabilities in the Sun Java Runtime Environment shipped as part of Red Hat Network Satellite Server 5.1. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets.
Several flaws were fixed in the Sun Java 5 Runtime Environment.
(CVE-2006-2426, CVE-2008-2086, CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, CVE-2009-1096, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100, CVE-2009-1103, CVE-2009-1104, CVE-2009-1107, CVE-2009-2409, CVE-2009-2475, CVE-2009-2625, CVE-2009-2670, CVE-2009-2671, CVE-2009-2672, CVE-2009-2673, CVE-2009-2675, CVE-2009-2676, CVE-2009-2689, CVE-2009-3728, CVE-2009-3873, CVE-2009-3876, CVE-2009-3877, CVE-2009-3879, CVE-2009-3880, CVE-2009-3881, CVE-2009-3882, CVE-2009-3883, CVE-2009-3884)
Note: This is the final update for the java-1.5.0-sun packages, as the Sun Java SE Release family 5.0 has now reached End of Service Life. An alternative to Sun Java SE 5.0 is the Java 2 Technology Edition of the IBM Developer Kit for Linux, which is available from the Satellite 5.1 channels on the Red Hat Network.
For a long term solution, Red Hat advises users to switch from Sun Java SE 5.0 to the Java 2 Technology Edition of the IBM Developer Kit for Linux. Refer to the Solution section for instructions.
Users of Red Hat Network Satellite Server 5.1 are advised to upgrade to these updated java-1.5.0-sun packages, which resolve these issues.
All running instances of Sun Java must be restarted for the update to take effect.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2009:1662. The text
# itself is copyright (C) Red Hat, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(53539);
script_version("1.25");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");
script_cve_id("CVE-2006-2426", "CVE-2008-2086", "CVE-2009-1093", "CVE-2009-1094", "CVE-2009-1095", "CVE-2009-1096", "CVE-2009-1097", "CVE-2009-1098", "CVE-2009-1099", "CVE-2009-1100", "CVE-2009-1103", "CVE-2009-1104", "CVE-2009-1107", "CVE-2009-2409", "CVE-2009-2475", "CVE-2009-2625", "CVE-2009-2670", "CVE-2009-2671", "CVE-2009-2672", "CVE-2009-2673", "CVE-2009-2675", "CVE-2009-2676", "CVE-2009-2689", "CVE-2009-3403", "CVE-2009-3728", "CVE-2009-3873", "CVE-2009-3876", "CVE-2009-3877", "CVE-2009-3879", "CVE-2009-3880", "CVE-2009-3881", "CVE-2009-3882", "CVE-2009-3883", "CVE-2009-3884", "CVE-2010-0079");
script_bugtraq_id(32620, 34240, 35922, 35939, 35943, 35944, 35946, 35958, 36881);
script_xref(name:"RHSA", value:"2009:1662");
script_name(english:"RHEL 4 : Sun Java Runtime in Satellite Server (RHSA-2009:1662)");
script_summary(english:"Checks the rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:"The remote Red Hat host is missing one or more security updates."
);
script_set_attribute(
attribute:"description",
value:
"Updated java-1.5.0-sun packages that correct several security issues
are now available for Red Hat Network Satellite Server 5.1.
This update has been rated as having low security impact by the Red
Hat Security Response Team.
This update corrects several security vulnerabilities in the Sun Java
Runtime Environment shipped as part of Red Hat Network Satellite
Server 5.1. In a typical operating environment, these are of low
security risk as the runtime is not used on untrusted applets.
Several flaws were fixed in the Sun Java 5 Runtime Environment.
(CVE-2006-2426, CVE-2008-2086, CVE-2009-1093, CVE-2009-1094,
CVE-2009-1095, CVE-2009-1096, CVE-2009-1098, CVE-2009-1099,
CVE-2009-1100, CVE-2009-1103, CVE-2009-1104, CVE-2009-1107,
CVE-2009-2409, CVE-2009-2475, CVE-2009-2625, CVE-2009-2670,
CVE-2009-2671, CVE-2009-2672, CVE-2009-2673, CVE-2009-2675,
CVE-2009-2676, CVE-2009-2689, CVE-2009-3728, CVE-2009-3873,
CVE-2009-3876, CVE-2009-3877, CVE-2009-3879, CVE-2009-3880,
CVE-2009-3881, CVE-2009-3882, CVE-2009-3883, CVE-2009-3884)
Note: This is the final update for the java-1.5.0-sun packages, as the
Sun Java SE Release family 5.0 has now reached End of Service Life. An
alternative to Sun Java SE 5.0 is the Java 2 Technology Edition of the
IBM Developer Kit for Linux, which is available from the Satellite 5.1
channels on the Red Hat Network.
For a long term solution, Red Hat advises users to switch from Sun
Java SE 5.0 to the Java 2 Technology Edition of the IBM Developer Kit
for Linux. Refer to the Solution section for instructions.
Users of Red Hat Network Satellite Server 5.1 are advised to upgrade
to these updated java-1.5.0-sun packages, which resolve these issues.
All running instances of Sun Java must be restarted for the update to
take effect."
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2006-2426"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2008-2086"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2009-1093"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2009-1094"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2009-1095"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2009-1096"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2009-1098"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2009-1099"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2009-1100"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2009-1103"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2009-1104"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2009-1107"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2009-2409"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2009-2475"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2009-2625"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2009-2670"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2009-2671"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2009-2672"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2009-2673"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2009-2675"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2009-2676"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2009-2689"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2009-3728"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2009-3873"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2009-3876"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2009-3877"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2009-3879"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2009-3880"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2009-3881"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2009-3882"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2009-3883"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2009-3884"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/errata/RHSA-2009:1662"
);
script_set_attribute(
attribute:"solution",
value:
"Update the affected java-1.5.0-sun and / or java-1.5.0-sun-devel
packages."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"metasploit_name", value:'Sun Java JRE AWT setDiffICM Buffer Overflow');
script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
script_cwe_id(16, 22, 94, 119, 189, 200, 264, 310, 399);
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun-devel");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4");
script_set_attribute(attribute:"vuln_publication_date", value:"2006/05/17");
script_set_attribute(attribute:"patch_publication_date", value:"2009/12/11");
script_set_attribute(attribute:"plugin_publication_date", value:"2011/04/23");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Red Hat Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 4.x", "Red Hat " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo))
{
rhsa = "RHSA-2009:1662";
yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
if (!empty_or_null(yum_report))
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : yum_report
);
exit(0);
}
else
{
audit_message = "affected by Red Hat security advisory " + rhsa;
audit(AUDIT_OS_NOT, audit_message);
}
}
else
{
flag = 0;
if (! (rpm_exists(release:"RHEL4", rpm:"spacewalk-admin-"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, "Satellite Server");
if (rpm_check(release:"RHEL4", cpu:"i586", reference:"java-1.5.0-sun-1.5.0.22-1jpp.1.el4")) flag++;
if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"java-1.5.0-sun-1.5.0.22-1jpp.1.el4")) flag++;
if (rpm_check(release:"RHEL4", cpu:"i586", reference:"java-1.5.0-sun-devel-1.5.0.22-1jpp.1.el4")) flag++;
if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"java-1.5.0-sun-devel-1.5.0.22-1jpp.1.el4")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get() + redhat_report_package_caveat()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1.5.0-sun / java-1.5.0-sun-devel");
}
}
Vendor | Product | Version | CPE |
---|---|---|---|
redhat | enterprise_linux | java-1.5.0-sun | p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun |
redhat | enterprise_linux | java-1.5.0-sun-devel | p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun-devel |
redhat | enterprise_linux | 4 | cpe:/o:redhat:enterprise_linux:4 |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2426
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2086
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1093
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1094
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1095
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1096
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1097
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1098
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1099
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1100
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1103
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1104
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1107
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2409
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2475
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2625
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2670
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2671
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2672
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2673
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2675
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2676
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2689
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3403
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3728
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3873
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3876
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3877
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3879
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3880
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3881
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3882
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3883
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3884
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0079
access.redhat.com/errata/RHSA-2009:1662
access.redhat.com/security/cve/cve-2006-2426
access.redhat.com/security/cve/cve-2008-2086
access.redhat.com/security/cve/cve-2009-1093
access.redhat.com/security/cve/cve-2009-1094
access.redhat.com/security/cve/cve-2009-1095
access.redhat.com/security/cve/cve-2009-1096
access.redhat.com/security/cve/cve-2009-1098
access.redhat.com/security/cve/cve-2009-1099
access.redhat.com/security/cve/cve-2009-1100
access.redhat.com/security/cve/cve-2009-1103
access.redhat.com/security/cve/cve-2009-1104
access.redhat.com/security/cve/cve-2009-1107
access.redhat.com/security/cve/cve-2009-2409
access.redhat.com/security/cve/cve-2009-2475
access.redhat.com/security/cve/cve-2009-2625
access.redhat.com/security/cve/cve-2009-2670
access.redhat.com/security/cve/cve-2009-2671
access.redhat.com/security/cve/cve-2009-2672
access.redhat.com/security/cve/cve-2009-2673
access.redhat.com/security/cve/cve-2009-2675
access.redhat.com/security/cve/cve-2009-2676
access.redhat.com/security/cve/cve-2009-2689
access.redhat.com/security/cve/cve-2009-3728
access.redhat.com/security/cve/cve-2009-3873
access.redhat.com/security/cve/cve-2009-3876
access.redhat.com/security/cve/cve-2009-3877
access.redhat.com/security/cve/cve-2009-3879
access.redhat.com/security/cve/cve-2009-3880
access.redhat.com/security/cve/cve-2009-3881
access.redhat.com/security/cve/cve-2009-3882
access.redhat.com/security/cve/cve-2009-3883
access.redhat.com/security/cve/cve-2009-3884