Mandriva Linux Security Advisory : java-1.6.0-openjdk (MDVSA-2010:084)

high Nessus Plugin ID 46176

Language:

New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote Mandriva Linux host is missing one or more security updates.

Description

Multiple Java OpenJDK security vulnerabilities has been identified and fixed :

 - TLS: MITM attacks via session renegotiation (CVE-2009-3555).

 - Loader-constraint table allows arrays instead of only the b ase-classes (CVE-2010-0082).

 - Policy/PolicyFile leak dynamic ProtectionDomains.
 (CVE-2010-0084).

 - File TOCTOU deserialization vulnerability (CVE-2010-0085).

 - Inflater/Deflater clone issues (CVE-2010-0088).

 - Unsigned applet can retrieve the dragged information before drop action occurs (CVE-2010-0091).

 - AtomicReferenceArray causes SIGSEGV -> SEGV_MAPERR error (CVE-2010-0092).

 - System.arraycopy unable to reference elements beyond Integer.MAX_VALUE bytes (CVE-2010-0093).

 - Deserialization of RMIConnectionImpl objects should enforce stricter checks (CVE-2010-0094).

 - Subclasses of InetAddress may incorrectly interpret network addresses (CVE-2010-0095).

 - JAR unpack200 must verify input parameters (CVE-2010-0837).

 - CMM readMabCurveData Buffer Overflow Vulnerability (CVE-2010-0838).

 - Applet Trusted Methods Chaining Privilege Escalation Vulnerability (CVE-2010-0840).

 - No ClassCastException for HashAttributeSet constructors if run with -Xcomp (CVE-2010-0845)

 - ImagingLib arbitrary code execution vulnerability (CVE-2010-0847).

 - AWT Library Invalid Index Vulnerability (CVE-2010-0848).

Additional security issues that was fixed with IcedTea6 1.6.2 :

 - deprecate MD2 in SSL cert validation (CVE-2009-2409).

 - ICC_Profile file existence detection information leak (CVE-2009-3728).

 - JRE AWT setDifflCM stack overflow (CVE-2009-3869).

 - JRE AWT setBytePixels heap overflow (CVE-2009-3871).

 - JPEG Image Writer quantization problem (CVE-2009-3873).

 - ImageI/O JPEG heap overflow (CVE-2009-3874).

 - MessageDigest.isEqual introduces timing attack vulnerabilities (CVE-2009-3875).

 - OpenJDK ASN.1/DER input stream parser denial of service (CVE-2009-3876, CVE-2009-3877)

 - GraphicsConfiguration information leak (CVE-2009-3879).

 - UI logging information leakage (CVE-2009-3880).

 - resurrected classloaders can still have children (CVE-2009-3881).

 - Numerous static security flaws in Swing (findbugs) (CVE-2009-3882).

 - Mutable statics in Windows PL&F (findbugs) (CVE-2009-3883).

 - zoneinfo file existence information leak (CVE-2009-3884).

 - BMP parsing DoS with UNC ICC links (CVE-2009-3885).

Additionally Paulo Cesar Pereira de Andrade (pcpa) at Mandriva found and fixed a bug in IcedTea6 1.8 that is also applied to the provided packages :

 - plugin/icedteanp/IcedTeaNPPlugin.cc (plugin_filter_environment): Increment malloc size by one to account for NULL terminator. Bug# 474.

Packages for 2009.0 are provided due to the Extended Maintenance Program.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?5cab9dbb

http://www.nessus.org/u?c2055f25

http://icedtea.classpath.org/hg/release/icedtea6-1.8/rev/a6a02193b073

Plugin Details

Severity: High

ID: 46176

File Name: mandriva_MDVSA-2010-084.nasl

Version: 1.25

Type: local

Published: 4/29/2010

Updated: 1/6/2021

Dependencies: ssh_get_info.nasl

Risk Information

VPR

Risk Factor: Critical

Score: 9.8

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 8.1

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: E:H/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:java-1.6.0-openjdk, p-cpe:/a:mandriva:linux:java-1.6.0-openjdk-demo, p-cpe:/a:mandriva:linux:java-1.6.0-openjdk-devel, p-cpe:/a:mandriva:linux:java-1.6.0-openjdk-javadoc, p-cpe:/a:mandriva:linux:java-1.6.0-openjdk-plugin, p-cpe:/a:mandriva:linux:java-1.6.0-openjdk-src, cpe:/o:mandriva:linux:2009.0, cpe:/o:mandriva:linux:2009.1, cpe:/o:mandriva:linux:2010.0

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/28/2010

Exploitable With

CANVAS (CANVAS)

Core Impact

Metasploit (Java Statement.invoke() Trusted Method Chain Privilege Escalation)

Reference Information

CVE: CVE-2009-2409, CVE-2009-3555, CVE-2009-3728, CVE-2009-3869, CVE-2009-3871, CVE-2009-3873, CVE-2009-3874, CVE-2009-3875, CVE-2009-3876, CVE-2009-3877, CVE-2009-3879, CVE-2009-3880, CVE-2009-3881, CVE-2009-3882, CVE-2009-3883, CVE-2009-3884, CVE-2009-3885, CVE-2010-0082, CVE-2010-0084, CVE-2010-0085, CVE-2010-0088, CVE-2010-0091, CVE-2010-0092, CVE-2010-0093, CVE-2010-0094, CVE-2010-0095, CVE-2010-0837, CVE-2010-0838, CVE-2010-0840, CVE-2010-0845, CVE-2010-0847, CVE-2010-0848

BID: 36881, 36935, 39065, 39069, 39071, 39072, 39075, 39078, 39081, 39085, 39086, 39088, 39089, 39090, 39093, 39094, 39096

MDVSA: 2010:084

CWE: 22, 119, 189, 200, 264, 310, 399