Mandriva Linux Security Advisory : java-1.6.0-openjdk (MDVSA-2011:170)

Critical Nessus Plugin ID 56809

Synopsis

The remote Mandriva Linux host is missing one or more security
updates.

Description

Security issues were identified and fixed in openjdk (icedtea6) and
icedtea-web :

IcedTea6 prior to 1.10.4 allows remote untrusted Java Web Start
applications and untrusted Java applets to affect confidentiality via
unknown vectors related to Networking (CVE-2011-3547).

IcedTea6 prior to 1.10.4 allows remote untrusted Java Web Start
applications and untrusted Java applets to affect confidentiality,
integrity, and availability, related to AWT (CVE-2011-3548).

IcedTea6 prior to 1.10.4 allows remote attackers to affect
confidentiality, integrity, and availability via unknown vectors
related to 2D (CVE-2011-3551).

IcedTea6 prior to 1.10.4 allows remote attackers to affect integrity
via unknown vectors related to Networking (CVE-2011-3552).

IcedTea6 prior to 1.10.4 allows remote authenticated users to affect
confidentiality, related to JAXWS (CVE-2011-3553).

IcedTea6 prior to 1.10.4 allows remote untrusted Java Web Start
applications and untrusted Java applets to affect confidentiality,
integrity, and availability via unknown vectors related to Scripting
(CVE-2011-3544).

IcedTea6 prior to 1.10.4 allows remote untrusted Java Web Start
applications and untrusted Java applets to affect confidentiality,
integrity, and availability via unknown vectors related to
Deserialization (CVE-2011-3521).

IcedTea6 prior to 1.10.4 allows remote untrusted Java Web Start
applications and untrusted Java applets to affect confidentiality,
integrity, and availability via unknown vectors (CVE-2011-3554).

A flaw was found in the way the SSL 3 and TLS 1.0 protocols used block
ciphers in cipher-block chaining (CBC) mode. An attacker able to
perform a chosen plain text attack against a connection mixing trusted
and untrusted data could use this flaw to recover portions of the
trusted data sent over the connection (CVE-2011-3389).

Note: This update mitigates the CVE-2011-3389 issue by splitting the
first application data record byte to a separate SSL/TLS protocol
record. This mitigation may cause compatibility issues with some
SSL/TLS implementations and can be disabled using the
jsse.enableCBCProtection boolean property. This can be done on the
command line by appending the flag -Djsse.enableCBCProtection=false to
the java command.

IcedTea6 prior to 1.10.4 allows remote untrusted Java Web Start
applications and untrusted Java applets to affect confidentiality via
unknown vectors related to HotSpot (CVE-2011-3558).

IcedTea6 prior to 1.10.4 allows remote attackers to affect
confidentiality, integrity, and availability, related to RMI
(CVE-2011-3556).

IcedTea6 prior to 1.10.4 allows remote attackers to affect
confidentiality, integrity, and availability, related to RMI
(CVE-2011-3557).

IcedTea6 prior to 1.10.4 allows remote untrusted Java Web Start
applications and untrusted Java applets to affect confidentiality and
integrity, related to JSSE (CVE-2011-3560).

Deepak Bhole discovered a flaw in the Same Origin Policy (SOP)
implementation in the IcedTea project Web browser plugin. A malicious
applet could use this flaw to bypass SOP protection and open
connections to any sub-domain of the second-level domain of the
applet's origin, as well as any sub-domain of the domain that is the
suffix of the origin second-level domain. For example, IcedTea-Web
plugin allowed applet from some.host.example.com to connect to
other.host.example.com, www.example.com, and example.com, as well as
www.ample.com or ample.com. (CVE-2011-3377).

Solution

Update the affected packages.

Plugin Details

Severity: Critical

ID: 56809

File Name: mandriva_MDVSA-2011-170.nasl

Version: 1.20

Type: local

Published: 2011/11/14

Modified: 2018/07/19

Dependencies: 12634

Risk Information

Risk Factor: Critical

CVSS v2.0

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:H/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:icedtea-web, p-cpe:/a:mandriva:linux:java-1.6.0-openjdk, p-cpe:/a:mandriva:linux:java-1.6.0-openjdk-demo, p-cpe:/a:mandriva:linux:java-1.6.0-openjdk-devel, p-cpe:/a:mandriva:linux:java-1.6.0-openjdk-javadoc, p-cpe:/a:mandriva:linux:java-1.6.0-openjdk-src, cpe:/o:mandriva:linux:2010.1, cpe:/o:mandriva:linux:2011

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2011/11/11

Exploitable With

CANVAS (CANVAS)

Core Impact

Metasploit (Java RMI Server Insecure Default Configuration Java Code Execution)

Reference Information

CVE: CVE-2011-3377, CVE-2011-3389, CVE-2011-3521, CVE-2011-3544, CVE-2011-3547, CVE-2011-3548, CVE-2011-3551, CVE-2011-3552, CVE-2011-3553, CVE-2011-3554, CVE-2011-3556, CVE-2011-3557, CVE-2011-3558, CVE-2011-3560

BID: 49778, 50211, 50215, 50216, 50218, 50224, 50231, 50234, 50236, 50242, 50243, 50246, 50248, 50610

MDVSA: 2011:170