GLSA-200911-02 : Sun JDK/JRE: Multiple vulnerabilities

critical Nessus Plugin ID 42834
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote Gentoo host is missing one or more security-related patches.

Description

The remote host is affected by the vulnerability described in GLSA-200911-02 (Sun JDK/JRE: Multiple vulnerabilities)

Multiple vulnerabilities have been reported in the Sun Java implementation. Please review the CVE identifiers referenced below and the associated Sun Alerts for details.
Impact :

A remote attacker could entice a user to open a specially crafted JAR archive, applet, or Java Web Start application, possibly resulting in the execution of arbitrary code with the privileges of the user running the application. Furthermore, a remote attacker could cause a Denial of Service affecting multiple services via several vectors, disclose information and memory contents, write or execute local files, conduct session hijacking attacks via GIFAR files, steal cookies, bypass the same-origin policy, load untrusted JAR files, establish network connections to arbitrary hosts and posts via several vectors, modify the list of supported graphics configurations, bypass HMAC-based authentication systems, escalate privileges via several vectors and cause applet code to be executed with older, possibly vulnerable versions of the JRE.
NOTE: Some vulnerabilities require a trusted environment, user interaction, a DNS Man-in-the-Middle or Cross-Site-Scripting attack.
Workaround :

There is no known workaround at this time.

Solution

All Sun JRE 1.5.x users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=dev-java/sun-jre-bin-1.5.0.22' All Sun JRE 1.6.x users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=dev-java/sun-jre-bin-1.6.0.17' All Sun JDK 1.5.x users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=dev-java/sun-jdk-1.5.0.22' All Sun JDK 1.6.x users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=dev-java/sun-jdk-1.6.0.17' All users of the precompiled 32bit Sun JRE 1.5.x should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=app-emulation/emul-linux-x86-java-1.5.0.22' All users of the precompiled 32bit Sun JRE 1.6.x should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=app-emulation/emul-linux-x86-java-1.6.0.17' All Sun JRE 1.4.x, Sun JDK 1.4.x, Blackdown JRE, Blackdown JDK and precompiled 32bit Sun JRE 1.4.x users are strongly advised to unmerge Java 1.4:
# emerge --unmerge =app-emulation/emul-linux-x86-java-1.4* # emerge --unmerge =dev-java/sun-jre-bin-1.4* # emerge --unmerge =dev-java/sun-jdk-1.4* # emerge --unmerge dev-java/blackdown-jdk # emerge --unmerge dev-java/blackdown-jre Gentoo is ceasing support for the 1.4 generation of the Sun Java Platform in accordance with upstream. All 1.4 JRE and JDK versions are masked and will be removed shortly.

See Also

https://security.gentoo.org/glsa/200911-02

Plugin Details

Severity: Critical

ID: 42834

File Name: gentoo_GLSA-200911-02.nasl

Version: 1.32

Type: local

Published: 11/18/2009

Updated: 1/6/2021

Dependencies: ssh_get_info.nasl

Risk Information

VPR

Risk Factor: Critical

Score: 9.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.7

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: E:H/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:gentoo:linux:blackdown-jdk, p-cpe:/a:gentoo:linux:blackdown-jre, p-cpe:/a:gentoo:linux:emul-linux-x86-java, p-cpe:/a:gentoo:linux:sun-jdk, p-cpe:/a:gentoo:linux:sun-jre-bin, cpe:/o:gentoo:linux

Required KB Items: Host/local_checks_enabled, Host/Gentoo/release, Host/Gentoo/qpkg-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 11/17/2009

Exploitable With

CANVAS (CANVAS)

Core Impact

Metasploit (Sun Java JRE AWT setDiffICM Buffer Overflow)

Reference Information

CVE: CVE-2008-2086, CVE-2008-3103, CVE-2008-3104, CVE-2008-3105, CVE-2008-3106, CVE-2008-3107, CVE-2008-3108, CVE-2008-3109, CVE-2008-3110, CVE-2008-3111, CVE-2008-3112, CVE-2008-3113, CVE-2008-3114, CVE-2008-3115, CVE-2008-5339, CVE-2008-5340, CVE-2008-5341, CVE-2008-5342, CVE-2008-5343, CVE-2008-5344, CVE-2008-5345, CVE-2008-5346, CVE-2008-5347, CVE-2008-5348, CVE-2008-5349, CVE-2008-5350, CVE-2008-5351, CVE-2008-5352, CVE-2008-5353, CVE-2008-5354, CVE-2008-5355, CVE-2008-5356, CVE-2008-5357, CVE-2008-5358, CVE-2008-5359, CVE-2008-5360, CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100, CVE-2009-1101, CVE-2009-1102, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, CVE-2009-1107, CVE-2009-2409, CVE-2009-2475, CVE-2009-2476, CVE-2009-2670, CVE-2009-2671, CVE-2009-2672, CVE-2009-2673, CVE-2009-2674, CVE-2009-2675, CVE-2009-2676, CVE-2009-2689, CVE-2009-2690, CVE-2009-2716, CVE-2009-2718, CVE-2009-2719, CVE-2009-2720, CVE-2009-2721, CVE-2009-2722, CVE-2009-2723, CVE-2009-2724, CVE-2009-3728, CVE-2009-3729, CVE-2009-3865, CVE-2009-3866, CVE-2009-3867, CVE-2009-3868, CVE-2009-3869, CVE-2009-3871, CVE-2009-3872, CVE-2009-3873, CVE-2009-3874, CVE-2009-3875, CVE-2009-3876, CVE-2009-3877, CVE-2009-3879, CVE-2009-3880, CVE-2009-3881, CVE-2009-3882, CVE-2009-3883, CVE-2009-3884, CVE-2009-3886

BID: 30140, 30141, 30142, 30143, 30146, 30147, 30148, 32608, 32620, 32892, 34240, 35922, 35939, 35942, 35943, 35944, 35946, 36881

GLSA: 200911-02

CWE: 16, 20, 22, 94, 119, 189, 200, 264, 287, 310, 362, 399