SynopsisThe remote Debian host is missing a security-related update.
DescriptionSeveral vulnerabilities have been discovered in OpenJDK, an implementation of the Java platform :
- CVE-2011-3389 The TLS implementation does not guard properly against certain chosen-plaintext attacks when block ciphers are used in CBC mode.
- CVE-2011-3521 The CORBA implementation contains a deserialization vulnerability in the IIOP implementation, allowing untrusted Java code (such as applets) to elevate its privileges.
- CVE-2011-3544 The Java scripting engine lacks necessary security manager checks, allowing untrusted Java code (such as applets) to elevate its privileges.
- CVE-2011-3547 The skip() method in java.io.InputStream uses a shared buffer, allowing untrusted Java code (such as applets) to access data that is skipped by other code.
- CVE-2011-3548 The java.awt.AWTKeyStroke class contains a flaw which allows untrusted Java code (such as applets) to elevate its privileges.
- CVE-2011-3551 The Java2D C code contains an integer overflow which results in a heap-based buffer overflow, potentially allowing untrusted Java code (such as applets) to elevate its privileges.
- CVE-2011-3552 Malicous Java code can use up an excessive amount of UDP ports, leading to a denial of service.
- CVE-2011-3553 JAX-WS enables stack traces for certain server responses by default, potentially leaking sensitive information.
- CVE-2011-3554 JAR files in pack200 format are not properly checked for errors, potentially leading to arbitrary code execution when unpacking crafted pack200 files.
- CVE-2011-3556 The RMI Registry server lacks access restrictions on certain methods, allowing a remote client to execute arbitary code.
- CVE-2011-3557 The RMI Registry server fails to properly restrict privileges of untrusted Java code, allowing RMI clients to elevate their privileges on the RMI Registry server.
- CVE-2011-3560 The com.sun.net.ssl.HttpsURLConnection class does not perform proper security manager checks in the setSSLSocketFactory() method, allowing untrusted Java code to bypass security policy restrictions.
SolutionUpgrade the openjdk-6 packages.
For the stable distribution (squeeze), this problem has been fixed in version 6b18-1.8.10-0+squeeze2.
File Name: debian_DSA-2356.nasl
Supported Sensors: Frictionless Assessment Agent, Nessus Agent
Temporal Vector: E:H/RL:OF/RC:C
CPE: p-cpe:/a:debian:debian_linux:openjdk-6, cpe:/o:debian:debian_linux:6.0
Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l
Exploit Ease: Exploits are available
Patch Publication Date: 12/1/2011
CISA Known Exploited Dates: 3/24/2022
Metasploit (Java RMI Server Insecure Default Configuration Java Code Execution)
CVE: CVE-2011-3389, CVE-2011-3521, CVE-2011-3544, CVE-2011-3547, CVE-2011-3548, CVE-2011-3551, CVE-2011-3552, CVE-2011-3553, CVE-2011-3554, CVE-2011-3556, CVE-2011-3557, CVE-2011-3560
BID: 49388, 49778, 50211, 50215, 50216, 50218, 50224, 50231, 50234, 50236, 50243, 50246, 50248