Debian DSA-2356-1 : openjdk-6 - several vulnerabilities (BEAST)

Critical Nessus Plugin ID 56987

Synopsis

The remote Debian host is missing a security-related update.

Description

Several vulnerabilities have been discovered in OpenJDK, an
implementation of the Java platform :

- CVE-2011-3389
The TLS implementation does not guard properly against
certain chosen-plaintext attacks when block ciphers are
used in CBC mode.

- CVE-2011-3521
The CORBA implementation contains a deserialization
vulnerability in the IIOP implementation, allowing
untrusted Java code (such as applets) to elevate its
privileges.

- CVE-2011-3544
The Java scripting engine lacks necessary security
manager checks, allowing untrusted Java code (such as
applets) to elevate its privileges.

- CVE-2011-3547
The skip() method in java.io.InputStream uses a shared
buffer, allowing untrusted Java code (such as applets)
to access data that is skipped by other code.

- CVE-2011-3548
The java.awt.AWTKeyStroke class contains a flaw which
allows untrusted Java code (such as applets) to elevate
its privileges.

- CVE-2011-3551
The Java2D C code contains an integer overflow which
results in a heap-based buffer overflow, potentially
allowing untrusted Java code (such as applets) to
elevate its privileges.

- CVE-2011-3552
Malicous Java code can use up an excessive amount of UDP
ports, leading to a denial of service.

- CVE-2011-3553
JAX-WS enables stack traces for certain server responses
by default, potentially leaking sensitive information.

- CVE-2011-3554
JAR files in pack200 format are not properly checked for
errors, potentially leading to arbitrary code execution
when unpacking crafted pack200 files.

- CVE-2011-3556
The RMI Registry server lacks access restrictions on
certain methods, allowing a remote client to execute
arbitary code.

- CVE-2011-3557
The RMI Registry server fails to properly restrict
privileges of untrusted Java code, allowing RMI clients
to elevate their privileges on the RMI Registry server.

- CVE-2011-3560
The com.sun.net.ssl.HttpsURLConnection class does not
perform proper security manager checks in the
setSSLSocketFactory() method, allowing untrusted Java
code to bypass security policy restrictions.

Solution

Upgrade the openjdk-6 packages.

For the stable distribution (squeeze), this problem has been fixed in
version 6b18-1.8.10-0+squeeze2.

See Also

https://security-tracker.debian.org/tracker/CVE-2011-3389

https://security-tracker.debian.org/tracker/CVE-2011-3521

https://security-tracker.debian.org/tracker/CVE-2011-3544

https://security-tracker.debian.org/tracker/CVE-2011-3547

https://security-tracker.debian.org/tracker/CVE-2011-3548

https://security-tracker.debian.org/tracker/CVE-2011-3551

https://security-tracker.debian.org/tracker/CVE-2011-3552

https://security-tracker.debian.org/tracker/CVE-2011-3553

https://security-tracker.debian.org/tracker/CVE-2011-3554

https://security-tracker.debian.org/tracker/CVE-2011-3556

https://security-tracker.debian.org/tracker/CVE-2011-3557

https://security-tracker.debian.org/tracker/CVE-2011-3560

https://packages.debian.org/source/squeeze/openjdk-6

https://www.debian.org/security/2011/dsa-2356

Plugin Details

Severity: Critical

ID: 56987

File Name: debian_DSA-2356.nasl

Version: 1.24

Type: local

Agent: unix

Published: 2011/12/02

Modified: 2018/11/10

Dependencies: 12634

Risk Information

Risk Factor: Critical

CVSS v2.0

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:H/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:openjdk-6, cpe:/o:debian:debian_linux:6.0

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2011/12/01

Exploitable With

CANVAS (CANVAS)

Core Impact

Metasploit (Java RMI Server Insecure Default Configuration Java Code Execution)

Reference Information

CVE: CVE-2011-3389, CVE-2011-3521, CVE-2011-3544, CVE-2011-3547, CVE-2011-3548, CVE-2011-3551, CVE-2011-3552, CVE-2011-3553, CVE-2011-3554, CVE-2011-3556, CVE-2011-3557, CVE-2011-3560

BID: 49388, 49778, 50211, 50215, 50216, 50218, 50224, 50231, 50234, 50236, 50243, 50246, 50248

DSA: 2356