Lucene search
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.SL_20201022_JAVA_11_OPENJDK_ON_SL7_X.NASLHistoryOct 23, 2020 - 12:00 a.m.
Scientific Linux Security Update : java-11-openjdk on SL7.x x86_64 (20201022)
2020-10-2300:00:00
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
31
scientific linux
security update
java-11-openjdk
sl7.x
x86_64
ldap
certificate blacklist
integer overflow
uri conversion
nio buffer
deserialization
permission check
CVSS2
5.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
AI Score
5.8
Confidence
Low
EPSS
0.005
Percentile
75.5%
Security Fix(es) :
-
OpenJDK: Credentials sent over unencrypted LDAP connection (JNDI, 8237990) (CVE-2020-14781)
-
OpenJDK: Certificate blacklist bypass via alternate certificate encodings (Libraries, 8237995) (CVE-2020-14782)
-
OpenJDK: Integer overflow leading to out-of-bounds access (Hotspot, 8241114) (CVE-2020-14792)
-
OpenJDK: Incomplete check for invalid characters in URI to path conversion (Libraries, 8242685) (CVE-2020-14797)
-
OpenJDK: Race condition in NIO Buffer boundary checks (Libraries, 8244136) (CVE-2020-14803)
-
OpenJDK: High memory usage during deserialization of Proxy class with many interfaces (Serialization, 8236862) (CVE-2020-14779)
-
OpenJDK: Missing permission check in path to URI conversion (Libraries, 8242680) (CVE-2020-14796)
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#
include('compat.inc');
if (description)
{
script_id(141842);
script_version("1.8");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/02/14");
script_cve_id(
"CVE-2020-14779",
"CVE-2020-14781",
"CVE-2020-14782",
"CVE-2020-14792",
"CVE-2020-14796",
"CVE-2020-14797",
"CVE-2020-14803"
);
script_xref(name:"CEA-ID", value:"CEA-2021-0004");
script_name(english:"Scientific Linux Security Update : java-11-openjdk on SL7.x x86_64 (20201022)");
script_set_attribute(attribute:"synopsis", value:
"The remote Scientific Linux host is missing one or more security
updates.");
script_set_attribute(attribute:"description", value:
"Security Fix(es) :
- OpenJDK: Credentials sent over unencrypted LDAP
connection (JNDI, 8237990) (CVE-2020-14781)
- OpenJDK: Certificate blacklist bypass via alternate
certificate encodings (Libraries, 8237995)
(CVE-2020-14782)
- OpenJDK: Integer overflow leading to out-of-bounds
access (Hotspot, 8241114) (CVE-2020-14792)
- OpenJDK: Incomplete check for invalid characters in URI
to path conversion (Libraries, 8242685) (CVE-2020-14797)
- OpenJDK: Race condition in NIO Buffer boundary checks
(Libraries, 8244136) (CVE-2020-14803)
- OpenJDK: High memory usage during deserialization of
Proxy class with many interfaces (Serialization,
8236862) (CVE-2020-14779)
- OpenJDK: Missing permission check in path to URI
conversion (Libraries, 8242680) (CVE-2020-14796)");
# https://listserv.fnal.gov/scripts/wa.exe?A2=ind2010&L=SCIENTIFIC-LINUX-ERRATA&P=26489
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?3a97904d");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-14792");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2020-14803");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2020/10/21");
script_set_attribute(attribute:"patch_publication_date", value:"2020/10/22");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/10/23");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:java-11-openjdk");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:java-11-openjdk-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:java-11-openjdk-demo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:java-11-openjdk-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:java-11-openjdk-headless");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:java-11-openjdk-javadoc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:java-11-openjdk-javadoc-zip");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:java-11-openjdk-jmods");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:java-11-openjdk-src");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:java-11-openjdk-static-libs");
script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Scientific Linux Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
os_ver = os_ver[1];
if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 7.x", "Scientific Linux " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);
flag = 0;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"java-11-openjdk-11.0.9.11-0.el7_9")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"java-11-openjdk-debuginfo-11.0.9.11-0.el7_9")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"java-11-openjdk-demo-11.0.9.11-0.el7_9")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"java-11-openjdk-devel-11.0.9.11-0.el7_9")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"java-11-openjdk-headless-11.0.9.11-0.el7_9")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"java-11-openjdk-javadoc-11.0.9.11-0.el7_9")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"java-11-openjdk-javadoc-zip-11.0.9.11-0.el7_9")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"java-11-openjdk-jmods-11.0.9.11-0.el7_9")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"java-11-openjdk-src-11.0.9.11-0.el7_9")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"java-11-openjdk-static-libs-11.0.9.11-0.el7_9")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-11-openjdk / java-11-openjdk-debuginfo / java-11-openjdk-demo / etc");
}
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14779
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14781
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14782
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14792
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14796
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14797
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14803
www.nessus.org/u?3a97904d
Related
redhat
redhat
(RHSA-2020:4305) Moderate: java-11-openjdk security and bug fix update
2020-10-22 10:29:05
(RHSA-2020:4348) Moderate: java-1.8.0-openjdk security update
2020-10-26 19:47:30
(RHSA-2020:4306) Moderate: java-11-openjdk security and bug fix update
2020-10-22 10:29:19
oraclelinux
oraclelinux
java-1.8.0-openjdk security update
2020-10-27 00:00:00
java-11-openjdk security and bug fix update
2020-10-22 00:00:00
java-11-openjdk security update
2020-10-23 00:00:00
nessus
nessus
RHEL 8 : java-1.8.0-openjdk (RHSA-2020:4349)
2020-10-28 00:00:00
RHEL 8 : java-1.8.0-openjdk (RHSA-2020:4352)
2020-10-28 00:00:00
CentOS 6 : java-1.8.0-openjdk (CESA-2020:4348)
2020-11-09 00:00:00
amazon
amazon
Medium: java-1.8.0-openjdk
2021-01-05 23:34:00
Medium: java-1.8.0-openjdk
2021-01-12 22:51:00
Medium: java-1.8.0-openjdk
2020-12-16 20:31:00
centos
centos
java security update
2020-11-09 13:12:26
java security update
2020-11-06 21:58:30
java security update
2020-11-06 21:59:28
openvas
openvas
Mageia: Security Advisory (MGASA-2020-0418)
2022-01-28 00:00:00
CentOS: Security Advisory for java (CESA-2020:4348)
2020-11-10 00:00:00
mageia
mageia
Updated java-1.8.0-openjdk packages fix security vulnerabilities
2020-11-14 00:20:36
ubuntu
ubuntu
OpenJDK regressions
2020-11-12 00:00:00
OpenJDK vulnerabilities
2020-10-27 00:00:00
fedora
fedora
[SECURITY] Fedora 32 Update: java-11-openjdk-11.0.9.11-0.fc32
2020-10-31 02:02:10
[SECURITY] Fedora 33 Update: java-1.8.0-openjdk-1.8.0.272.b10-0.fc33
2020-10-26 01:07:14
[SECURITY] Fedora 32 Update: java-1.8.0-openjdk-1.8.0.272.b10-0.fc32
2020-10-31 02:02:10
suse
suse
Security update for java-11-openjdk (moderate)
2020-11-21 00:00:00
Security update for java-11-openjdk (moderate)
2020-11-21 00:00:00
Security update for java-1_8_0-openjdk (moderate)
2020-11-26 00:00:00
osv
osv
openjdk-8 - security update
2020-10-23 00:00:00
openjdk-8, openjdk-lts regressions
2020-11-12 21:58:30
openjdk-11 - security update
2020-10-25 00:00:00
kaspersky
kaspersky
KLA11985 Multiple vulnerabilities in Oracle Java SE
2020-10-20 00:00:00
debian
debian
[SECURITY] [DLA 2412-1] openjdk-8 security update
2020-10-30 09:23:09
[SECURITY] [DSA 4779-1] openjdk-11 security update
2020-10-25 10:14:25
ibm
ibm
aix
aix
Multiple vulnerabilities in IBM Java SDK affect AIX
2021-03-15 10:22:29
gentoo
gentoo
OpenJDK: Multiple vulnerabilities
2021-01-25 00:00:00
f5
f5
K000135534 : Java vulnerabilities CVE-2020-14779, CVE-2020-14782
2023-07-19 00:00:00
CVSS2
5.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
AI Score
5.8
Confidence
Low
EPSS
0.005
Percentile
75.5%
Related for SL_20201022_JAVA_11_OPENJDK_ON_SL7_X.NASL