GLSA-201607-17 : BeanShell: Arbitrary code execution

This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.


Synopsis :

The remote Gentoo host is missing one or more security-related
patches.

Description :

The remote host is affected by the vulnerability described in GLSA-201607-17
(BeanShell: Arbitrary code execution)

An application that includes BeanShell on the classpath may be
vulnerable if another part of the application uses Java serialization or
XStream to deserialize data from an untrusted source.

Impact :

Remote attackers could execute arbitrary code including shell commands.

Workaround :

There is no known workaround at this time.

See also :

https://github.com/beanshell/beanshell/releases/tag/2.0b6
https://security.gentoo.org/glsa/201607-17

Solution :

All BeanShell users should upgrade to the latest version:
# emerge --sync
# emerge --ask --verbose --oneshot '>=dev-java/bsh-2.0_beta6'

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

Family: Gentoo Local Security Checks

Nessus Plugin ID: 92653 ()

Bugtraq ID:

CVE ID: CVE-2016-2510

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now