10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.971 High
EPSS
Percentile
99.8%
USN-1505-1 fixed vulnerabilities in OpenJDK 6. As part of the update, IcedTea-Web packages were upgraded to a new version. That upgrade introduced a regression which prevented the IcedTea-Web plugin from working with the Chromium web browser in Ubuntu 11.04 and Ubuntu 11.10. This update fixes the problem.
We apologize for the inconvenience.
It was discovered that multiple flaws existed in the CORBA (Common Object Request Broker Architecture) implementation in OpenJDK. An attacker could create a Java application or applet that used these flaws to bypass Java sandbox restrictions or modify immutable object data. (CVE-2012-1711, CVE-2012-1719)
It was discovered that multiple flaws existed in the OpenJDK font manager’s layout lookup implementation. A attacker could specially craft a font file that could cause a denial of service through crashing the JVM (Java Virtual Machine) or possibly execute arbitrary code. (CVE-2012-1713)
It was discovered that the SynthLookAndFeel class from Swing in OpenJDK did not properly prevent access to certain UI elements from outside the current application context. An attacker could create a Java application or applet that used this flaw to cause a denial of service through crashing the JVM or bypass Java sandbox restrictions. (CVE-2012-1716)
It was discovered that OpenJDK runtime library classes could create temporary files with insecure permissions. A local attacker could use this to gain access to sensitive information. (CVE-2012-1717)
It was discovered that OpenJDK did not handle CRLs (Certificate Revocation Lists) properly. A remote attacker could use this to gain access to sensitive information.
(CVE-2012-1718)
It was discovered that the OpenJDK HotSpot Virtual Machine did not properly verify the bytecode of the class to be executed. A remote attacker could create a Java application or applet that used this to cause a denial of service through crashing the JVM or bypass Java sandbox restrictions. (CVE-2012-1723, CVE-2012-1725)
It was discovered that the OpenJDK XML (Extensible Markup Language) parser did not properly handle some XML documents.
An attacker could create an XML document that caused a denial of service in a Java application or applet parsing the document. (CVE-2012-1724)
As part of this update, the IcedTea web browser applet plugin was updated for Ubuntu 10.04 LTS, Ubuntu 11.04, and Ubuntu 11.10.
Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-1505-2. The text
# itself is copyright (C) Canonical, Inc. See
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered
# trademark of Canonical, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(61729);
script_version("1.14");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/03/08");
script_cve_id(
"CVE-2012-1711",
"CVE-2012-1713",
"CVE-2012-1716",
"CVE-2012-1717",
"CVE-2012-1718",
"CVE-2012-1719",
"CVE-2012-1723",
"CVE-2012-1724",
"CVE-2012-1725"
);
script_bugtraq_id(
53946,
53947,
53949,
53950,
53951,
53952,
53954,
53958,
53960
);
script_xref(name:"USN", value:"1505-2");
script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/03/24");
script_name(english:"Ubuntu 11.04 / 11.10 : icedtea-web regression (USN-1505-2)");
script_set_attribute(attribute:"synopsis", value:
"The remote Ubuntu host is missing a security-related patch.");
script_set_attribute(attribute:"description", value:
"USN-1505-1 fixed vulnerabilities in OpenJDK 6. As part of the update,
IcedTea-Web packages were upgraded to a new version. That upgrade
introduced a regression which prevented the IcedTea-Web plugin from
working with the Chromium web browser in Ubuntu 11.04 and Ubuntu
11.10. This update fixes the problem.
We apologize for the inconvenience.
It was discovered that multiple flaws existed in the CORBA (Common
Object Request Broker Architecture) implementation in OpenJDK. An
attacker could create a Java application or applet that used these
flaws to bypass Java sandbox restrictions or modify immutable object
data. (CVE-2012-1711, CVE-2012-1719)
It was discovered that multiple flaws existed in the OpenJDK
font manager's layout lookup implementation. A attacker
could specially craft a font file that could cause a denial
of service through crashing the JVM (Java Virtual Machine)
or possibly execute arbitrary code. (CVE-2012-1713)
It was discovered that the SynthLookAndFeel class from Swing
in OpenJDK did not properly prevent access to certain UI
elements from outside the current application context. An
attacker could create a Java application or applet that used
this flaw to cause a denial of service through crashing the
JVM or bypass Java sandbox restrictions. (CVE-2012-1716)
It was discovered that OpenJDK runtime library classes could
create temporary files with insecure permissions. A local
attacker could use this to gain access to sensitive
information. (CVE-2012-1717)
It was discovered that OpenJDK did not handle CRLs
(Certificate Revocation Lists) properly. A remote attacker
could use this to gain access to sensitive information.
(CVE-2012-1718)
It was discovered that the OpenJDK HotSpot Virtual Machine
did not properly verify the bytecode of the class to be
executed. A remote attacker could create a Java application
or applet that used this to cause a denial of service
through crashing the JVM or bypass Java sandbox
restrictions. (CVE-2012-1723, CVE-2012-1725)
It was discovered that the OpenJDK XML (Extensible Markup
Language) parser did not properly handle some XML documents.
An attacker could create an XML document that caused a
denial of service in a Java application or applet parsing
the document. (CVE-2012-1724)
As part of this update, the IcedTea web browser applet
plugin was updated for Ubuntu 10.04 LTS, Ubuntu 11.04, and
Ubuntu 11.10.
Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
script_set_attribute(attribute:"see_also", value:"https://usn.ubuntu.com/1505-2/");
script_set_attribute(attribute:"solution", value:
"Update the affected icedtea-6-plugin package.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"metasploit_name", value:'Java Applet Field Bytecode Verifier Cache Remote Code Execution');
script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2012/06/16");
script_set_attribute(attribute:"patch_publication_date", value:"2012/08/29");
script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/30");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:icedtea-6-plugin");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:11.04");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:11.10");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Ubuntu Local Security Checks");
script_copyright(english:"Ubuntu Security Notice (C) 2012-2022 Canonical, Inc. / NASL script (C) 2012-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
exit(0);
}
include("audit.inc");
include("ubuntu.inc");
include("misc_func.inc");
if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! preg(pattern:"^(11\.04|11\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 11.04 / 11.10", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
flag = 0;
if (ubuntu_check(osver:"11.04", pkgname:"icedtea-6-plugin", pkgver:"1.2-2ubuntu0.11.04.3")) flag++;
if (ubuntu_check(osver:"11.10", pkgname:"icedtea-6-plugin", pkgver:"1.2-2ubuntu0.11.10.3")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : ubuntu_report_get()
);
exit(0);
}
else
{
tested = ubuntu_pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "icedtea-6-plugin");
}
Vendor | Product | Version | CPE |
---|---|---|---|
canonical | ubuntu_linux | icedtea-6-plugin | p-cpe:/a:canonical:ubuntu_linux:icedtea-6-plugin |
canonical | ubuntu_linux | 11.04 | cpe:/o:canonical:ubuntu_linux:11.04 |
canonical | ubuntu_linux | 11.10 | cpe:/o:canonical:ubuntu_linux:11.10 |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1711
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1713
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1716
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1717
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1718
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1719
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1723
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1724
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1725
usn.ubuntu.com/1505-2/