Amazon Linux AMI : java-1.8.0-openjdk (ALAS-2017-860)

critical Nessus Plugin ID 101958

Synopsis

The remote Amazon Linux AMI host is missing a security update.

Description

Incorrect enforcement of certificate path restrictions :

It was discovered that the Security component of OpenJDK could fail to properly enforce restrictions defined for processing of X.509 certificate chains. A remote attacker could possibly use this flaw to make Java accept certificate using one of the disabled algorithms.
(CVE-2017-10198)

Insufficient access control checks in XML transformations (CVE-2017-10096)

Incorrect range checks in LambdaFormEditor (CVE-2017-10111)

Insufficient access control checks in AsynchronousChannelGroupImpl (CVE-2017-10090)

Incorrect key size constraint check (CVE-2017-10193)

Integer overflows in range check loop predicates (CVE-2017-10074)

PKCS#8 implementation timing attack :

A covert timing channel flaw was found in the PKCS#8 implementation in the JCE component of OpenJDK. A remote attacker able to make a Java application repeatedly compare PKCS#8 key against an attacker controlled value could possibly use this flaw to determine the key via a timing side channel. (CVE-2017-10135)

Incorrect handling of references in DGC :

It was discovered that the DCG implementation in the RMI component of OpenJDK failed to correctly handle references. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application. (CVE-2017-10102)

Insufficient access control checks in ImageWatched (CVE-2017-10110)

Unrestricted access to com.sun.org.apache.xml.internal.resolver (CVE-2017-10101)

DSA implementation timing attack :

A covert timing channel flaw was found in the DSA implementation in the JCE component of OpenJDK. A remote attacker able to make a Java application generate DSA signatures on demand could possibly use this flaw to extract certain information about the used key via a timing side channel. (CVE-2017-10115)

Insufficient access control checks in ActivationID (CVE-2017-10107)

LDAPCertStore following referrals to non-LDAP URLs :

It was discovered that the LDAPCertStore class in the Security component of OpenJDK followed LDAP referrals to arbitrary URLs. A specially crafted LDAP referral URL could cause LDAPCertStore to communicate with non-LDAP servers. (CVE-2017-10116)

JAR verifier incorrect handling of missing digest (CVE-2017-10067)

Reading of unprocessed image data in JPEGImageReader :

It was discovered that the JPEGImageReader implementation in the 2D component of OpenJDK would, in certain cases, read all image data even if it was not used later. A specially crafted image could cause a Java application to temporarily use an excessive amount of CPU and memory.
(CVE-2017-10053)

Unbounded memory allocation in CodeSource deserialization (CVE-2017-10109)

Unbounded memory allocation in BasicAttribute deserialization (CVE-2017-10108)

Solution

Run 'yum update java-1.8.0-openjdk' to update your system.

See Also

https://alas.aws.amazon.com/ALAS-2017-860.html

Plugin Details

Severity: Critical

ID: 101958

File Name: ala_ALAS-2017-860.nasl

Version: 3.8

Type: local

Agent: unix

Published: 7/26/2017

Updated: 7/10/2019

Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.3

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: Critical

Base Score: 9.6

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Vulnerability Information

CPE: p-cpe:/a:amazon:linux:java-1.8.0-openjdk, p-cpe:/a:amazon:linux:java-1.8.0-openjdk-debuginfo, p-cpe:/a:amazon:linux:java-1.8.0-openjdk-demo, p-cpe:/a:amazon:linux:java-1.8.0-openjdk-devel, p-cpe:/a:amazon:linux:java-1.8.0-openjdk-headless, p-cpe:/a:amazon:linux:java-1.8.0-openjdk-javadoc, p-cpe:/a:amazon:linux:java-1.8.0-openjdk-javadoc-zip, p-cpe:/a:amazon:linux:java-1.8.0-openjdk-src, cpe:/o:amazon:linux

Required KB Items: Host/local_checks_enabled, Host/AmazonLinux/release, Host/AmazonLinux/rpm-list

Patch Publication Date: 7/25/2017

Vulnerability Publication Date: 8/8/2017

Reference Information

CVE: CVE-2017-10053, CVE-2017-10067, CVE-2017-10074, CVE-2017-10090, CVE-2017-10096, CVE-2017-10101, CVE-2017-10102, CVE-2017-10107, CVE-2017-10108, CVE-2017-10109, CVE-2017-10110, CVE-2017-10111, CVE-2017-10115, CVE-2017-10116, CVE-2017-10135, CVE-2017-10193, CVE-2017-10198

ALAS: 2017-860