BeanShell (bsh) before 2.0b6, when included on the classpath by an application that uses Java serialization or XStream, allows remote attackers to execute arbitrary code via crafted serialized data, related to XThis.Handler.

The remote host is affected by the vulnerability described in GLSA-201607-17 (BeanShell: Arbitrary code execution)

    An application that includes BeanShell on the classpath may be       vulnerable if another part of the application uses Java serialization or       XStream to deserialize data from an untrusted source.
  Impact :

    Remote attackers could execute arbitrary code including shell commands.
  Workaround :

    There is no known workaround at this time.

This update for bsh2 fixes the following issues :

  - Version update to 2.0b6 boo#967593 CVE-2016-2510

  - Upstream developement moved to github

  - No obvious changelog apart from the above

This update for bsh2 fixes the following issues :

  - CVE-2016-2510: An application that includes BeanShell on     the classpath may be vulnerable if another part of the     application uses Java serialization or XStream to     deserialize data from an untrusted source.

Please see https://github.com/beanshell/beanshell/releases/tag/2.0b6 for more information.

This update was imported from the SUSE:SLE-12:Update update project.

The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2923-1 advisory.

    Alvaro Muoz and Christian Schneider discovered that BeanShell incorrectly handled deserialization. A     remote attacker could possibly use this issue to execute arbitrary code.

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Alvaro Munoz and Christian Schneider discovered that BeanShell, an embeddable Java source interpreter, could be leveraged to execute arbitrary commands: applications including BeanShell in their classpath are vulnerable to this flaw if they deserialize data from an untrusted source.

A remote code execution vulnerability was found in BeanShell, an embeddable Java source interpreter with object scripting language features.

CVE-2016-2510:   An application that includes BeanShell on the classpath may be   vulnerable if another part of the application uses Java   serialization or XStream to deserialize data from an untrusted   source. A vulnerable application could be exploited for remote   code execution, including executing arbitrary shell commands.

For Debian 6 'Squeeze', these problems have been fixed in version 2.0b4-12+deb6u1.

We recommend that you upgrade your bsh packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Stian Soiland-Reyes reports :

This release fixes a remote code execution vulnerability that was identified in BeanShell by Alvaro Munoz and Christian Schneider. The BeanShell team would like to thank them for their help and contributions to this fix!

An application that includes BeanShell on the classpath may be vulnerable if another part of the application uses Java serialization or XStream to deserialize data from an untrusted source.

A vulnerable application could be exploited for remote code execution, including executing arbitrary shell commands.

This update fixes the vulnerability in BeanShell, but it is worth noting that applications doing such deserialization might still be insecure through other libraries. It is recommended that application developers take further measures such as using a restricted class loader when deserializing. See notes on Java serialization security XStream security and How to secure deserialization from untrusted input without using encryption or sealing.

ID	Name	Product	Family	Severity
92653	GLSA-201607-17 : BeanShell: Arbitrary code execution	Nessus	Gentoo Local Security Checks	high
90062	openSUSE Security Update : bsh2 (openSUSE-2016-370)	Nessus	SuSE Local Security Checks	high
89976	openSUSE Security Update : bsh2 (openSUSE-2016-351)	Nessus	SuSE Local Security Checks	high
89778	Ubuntu 14.04 LTS : BeanShell vulnerability (USN-2923-1)	Nessus	Ubuntu Local Security Checks	high
89694	Debian DSA-3504-1 : bsh - security update	Nessus	Debian Local Security Checks	high
89043	Debian DLA-443-1 : bsh security update	Nessus	Debian Local Security Checks	high
88877	FreeBSD : bsh -- remote code execution vulnerability (9e5bbffc-d8ac-11e5-b2bd-002590263bf5)	Nessus	FreeBSD Local Security Checks	high

Detections

Analytics

CVE-2016-2510

high

Tenable Plugins

high

high

high

high

high

high

high