IBM Java 7.0 < 7.0.10.50 / 7.1 < 7.1.4.50 / 8.0 < 8.0.5.40 Multiple Vulnerabilities

critical Nessus Plugin ID 160339

Synopsis

IBM Java is affected by multiple vulnerabilities.

Description

The version of IBM Java installed on the remote host is prior to 7.0 < 7.0.10.50 / 7.1 < 7.1.4.50 / 8.0 < 8.0.5.40. It is, therefore, affected by multiple vulnerabilities as referenced in the IBM Security Update July 2019 advisory.

- Multiple binaries in IBM SDK, Java Technology Edition 7, 7R, and 8 on the AIX platform use insecure absolute RPATHs, which may facilitate code injection and privilege elevation by local users. IBM X-Force ID: 163984. (CVE-2019-4473)

- AIX builds of Eclipse OpenJ9 before 0.15.0 contain unused RPATHs which may facilitate code injection and privilege elevation by local users. (CVE-2019-11771)

- In Eclipse OpenJ9 prior to 0.15, the String.getBytes(int, int, byte[], int) method does not verify that the provided byte array is non-null nor that the provided index is in bounds when compiled by the JIT.
This allows arbitrary writes to any 32-bit address or beyond the end of a byte array within Java code run under a SecurityManager. (CVE-2019-11772)

- All builds of Eclipse OpenJ9 prior to 0.15 contain a bug where the loop versioner may fail to privatize a value that is pulled out of the loop by versioning - for example if there is a condition that is moved out of the loop that reads a field we may not privatize the value of that field in the modified copy of the loop allowing the test to see one value of the field and subsequently the loop to see a modified field value without retesting the condition moved out of the loop. This can lead to a variety of different issues but read out of array bounds is one major consequence of these problems. (CVE-2019-11775)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Apply the appropriate patch according to the IBM Security Update July 2019 advisory.

See Also

http://www-01.ibm.com/support/docview.wss?uid=swg1IJ17982

http://www-01.ibm.com/support/docview.wss?uid=swg1IJ17983

http://www-01.ibm.com/support/docview.wss?uid=swg1IJ17984

http://www-01.ibm.com/support/docview.wss?uid=swg1IJ18003

http://www.nessus.org/u?5ffdf7da

Plugin Details

Severity: Critical

ID: 160339

File Name: ibm_java_2019_07_01.nasl

Version: 1.2

Type: local

Agent: windows, macosx, unix

Family: Misc.

Published: 4/29/2022

Updated: 4/29/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2019-11772

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:ibm:java

Required KB Items: installed_sw/Java

Exploit Ease: No known exploits are available

Patch Publication Date: 7/1/2019

Vulnerability Publication Date: 7/17/2019

Reference Information

CVE: CVE-2019-11771, CVE-2019-11772, CVE-2019-11775, CVE-2019-4473