RHEL 6 : java-1.6.0-openjdk (RHSA-2012:0135)

critical Nessus Plugin ID 57956

Synopsis

The remote Red Hat host is missing one or more security updates for java-1.6.0-openjdk.

Description

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2012:0135 advisory.

These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit.

It was discovered that Java2D did not properly check graphics rendering objects before passing them to the native renderer. Malicious input, or an untrusted Java application or applet could use this flaw to crash the Java Virtual Machine (JVM), or bypass Java sandbox restrictions. (CVE-2012-0497)

It was discovered that the exception thrown on deserialization failure did not always contain a proper identification of the cause of the failure. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2012-0505)

The AtomicReferenceArray class implementation did not properly check if the array was of the expected Object[] type. A malicious Java application or applet could use this flaw to bypass Java sandbox restrictions.
(CVE-2011-3571)

It was discovered that the use of TimeZone.setDefault() was not restricted by the SecurityManager, allowing an untrusted Java application or applet to set a new default time zone, and hence bypass Java sandbox restrictions.
(CVE-2012-0503)

The HttpServer class did not limit the number of headers read from HTTP requests. A remote attacker could use this flaw to make an application using HttpServer use an excessive amount of CPU time via a specially-crafted request. This update introduces a header count limit controlled using the sun.net.httpserver.maxReqHeaders property. The default value is 200. (CVE-2011-5035)

The Java Sound component did not properly check buffer boundaries.
Malicious input, or an untrusted Java application or applet could use this flaw to cause the Java Virtual Machine (JVM) to crash or disclose a portion of its memory. (CVE-2011-3563)

A flaw was found in the AWT KeyboardFocusManager that could allow an untrusted Java application or applet to acquire keyboard focus and possibly steal sensitive information. (CVE-2012-0502)

It was discovered that the CORBA (Common Object Request Broker Architecture) implementation in Java did not properly protect repository identifiers on certain CORBA objects. This could have been used to modify immutable object data. (CVE-2012-0506)

An off-by-one flaw, causing a stack overflow, was found in the unpacker for ZIP files. A specially-crafted ZIP archive could cause the Java Virtual Machine (JVM) to crash when opened. (CVE-2012-0501)

Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website.

This erratum also upgrades the OpenJDK package to IcedTea6 1.10.6. Refer to the NEWS file, linked to in the References, for further information.

All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the RHEL java-1.6.0-openjdk package based on the guidance in RHSA-2012:0135.

See Also

http://www.nessus.org/u?aa5506d5

http://www.nessus.org/u?c24fb5c8

http://www.nessus.org/u?f1319c32

https://access.redhat.com/errata/RHSA-2012:0135

https://access.redhat.com/security/updates/classification/#critical

https://bugzilla.redhat.com/show_bug.cgi?id=788606

https://bugzilla.redhat.com/show_bug.cgi?id=788624

https://bugzilla.redhat.com/show_bug.cgi?id=788976

https://bugzilla.redhat.com/show_bug.cgi?id=788994

https://bugzilla.redhat.com/show_bug.cgi?id=789295

https://bugzilla.redhat.com/show_bug.cgi?id=789297

https://bugzilla.redhat.com/show_bug.cgi?id=789299

https://bugzilla.redhat.com/show_bug.cgi?id=789300

https://bugzilla.redhat.com/show_bug.cgi?id=789301

Plugin Details

Severity: Critical

ID: 57956

File Name: redhat-RHSA-2012-0135.nasl

Version: 1.39

Type: local

Agent: unix

Published: 2/15/2012

Updated: 4/15/2025

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.9

Vendor

Vendor Severity: Critical

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2012-0507

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

CVSS Score Source: CVE-2011-5035

Vulnerability Information

CPE: cpe:/o:redhat:enterprise_linux:6, p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk, p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-javadoc, p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-devel, p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-demo, p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-src

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2/14/2012

Vulnerability Publication Date: 12/30/2011

CISA Known Exploited Vulnerability Due Dates: 3/24/2022

Exploitable With

CANVAS (CANVAS)

Core Impact

Metasploit (Java AtomicReferenceArray Type Violation Vulnerability)

Reference Information

CVE: CVE-2011-3563, CVE-2011-3571, CVE-2011-5035, CVE-2012-0497, CVE-2012-0501, CVE-2012-0502, CVE-2012-0503, CVE-2012-0505, CVE-2012-0506, CVE-2012-0507

BID: 51194, 51467, 52009, 52011, 52012, 52013, 52014, 52017, 52018

CWE: 193

RHSA: 2012:0135