RHEL 5 : java-1.7.0-openjdk (RHSA-2013:0752)

critical Nessus Plugin ID 66014

Synopsis

The remote Red Hat host is missing one or more security updates for java-1.7.0-openjdk.

Description

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2013:0752 advisory.

These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit.

Multiple flaws were discovered in the font layout engine in the 2D component. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption. (CVE-2013-1569, CVE-2013-2383, CVE-2013-2384)

Multiple improper permission check issues were discovered in the Beans, Libraries, JAXP, and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2013-1558, CVE-2013-2422, CVE-2013-2436, CVE-2013-1518, CVE-2013-1557)

The previous default value of the java.rmi.server.useCodebaseOnly property permitted the RMI implementation to automatically load classes from remotely specified locations. An attacker able to connect to an application using RMI could use this flaw to make the application execute arbitrary code. (CVE-2013-1537)

Note: The fix for CVE-2013-1537 changes the default value of the property to true, restricting class loading to the local CLASSPATH and locations specified in the java.rmi.server.codebase property. Refer to Red Hat Bugzilla bug 952387 for additional details.

The 2D component did not properly process certain images. An untrusted Java application or applet could possibly use this flaw to trigger Java Virtual Machine memory corruption. (CVE-2013-2420)

It was discovered that the Hotspot component did not properly handle certain intrinsic frames, and did not correctly perform access checks and MethodHandle lookups. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2013-2431, CVE-2013-2421, CVE-2013-2423)

It was discovered that JPEGImageReader and JPEGImageWriter in the ImageIO component did not protect against modification of their state while performing certain native code operations. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption. (CVE-2013-2429, CVE-2013-2430)

The JDBC driver manager could incorrectly call the toString() method in JDBC drivers, and the ConcurrentHashMap class could incorrectly call the defaultReadObject() method. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions.
(CVE-2013-1488, CVE-2013-2426)

The sun.awt.datatransfer.ClassLoaderObjectInputStream class may incorrectly invoke the system class loader. An untrusted Java application or applet could possibly use this flaw to bypass certain Java sandbox restrictions.
(CVE-2013-0401)

Flaws were discovered in the Network component's InetAddress serialization, and the 2D component's font handling. An untrusted Java application or applet could possibly use these flaws to crash the Java Virtual Machine.
(CVE-2013-2417, CVE-2013-2419)

The MBeanInstantiator class implementation in the OpenJDK JMX component did not properly check class access before creating new instances. An untrusted Java application or applet could use this flaw to create instances of non-public classes. (CVE-2013-2424)

It was discovered that JAX-WS could possibly create temporary files with insecure permissions. A local attacker could use this flaw to access temporary files created by an application using JAX-WS. (CVE-2013-2415)

This erratum also upgrades the OpenJDK package to IcedTea7 2.3.9. Refer to the NEWS file, linked to in the References, for further information.

All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the RHEL java-1.7.0-openjdk package based on the guidance in RHSA-2013:0752.

See Also

http://www.nessus.org/u?715d2e2a

http://www.nessus.org/u?77e30136

https://access.redhat.com/errata/RHSA-2013:0752

https://access.redhat.com/security/updates/classification/#important

https://bugzilla.redhat.com/show_bug.cgi?id=920245

https://bugzilla.redhat.com/show_bug.cgi?id=920247

https://bugzilla.redhat.com/show_bug.cgi?id=952387

https://bugzilla.redhat.com/show_bug.cgi?id=952389

https://bugzilla.redhat.com/show_bug.cgi?id=952398

https://bugzilla.redhat.com/show_bug.cgi?id=952509

https://bugzilla.redhat.com/show_bug.cgi?id=952521

https://bugzilla.redhat.com/show_bug.cgi?id=952524

https://bugzilla.redhat.com/show_bug.cgi?id=952550

https://bugzilla.redhat.com/show_bug.cgi?id=952638

https://bugzilla.redhat.com/show_bug.cgi?id=952640

https://bugzilla.redhat.com/show_bug.cgi?id=952642

https://bugzilla.redhat.com/show_bug.cgi?id=952645

https://bugzilla.redhat.com/show_bug.cgi?id=952646

https://bugzilla.redhat.com/show_bug.cgi?id=952648

https://bugzilla.redhat.com/show_bug.cgi?id=952649

https://bugzilla.redhat.com/show_bug.cgi?id=952653

https://bugzilla.redhat.com/show_bug.cgi?id=952656

https://bugzilla.redhat.com/show_bug.cgi?id=952657

https://bugzilla.redhat.com/show_bug.cgi?id=952708

https://bugzilla.redhat.com/show_bug.cgi?id=952709

https://bugzilla.redhat.com/show_bug.cgi?id=952711

Plugin Details

Severity: Critical

ID: 66014

File Name: redhat-RHSA-2013-0752.nasl

Version: 1.29

Type: local

Agent: unix

Published: 4/18/2013

Updated: 11/4/2024

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.8

Vendor

Vendor Severity: Important

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2013-2431

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

CVSS Score Source: CVE-2013-0401

Vulnerability Information

CPE: cpe:/o:redhat:enterprise_linux:5, p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-javadoc, p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-devel, p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-src, p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk, p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-demo

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/17/2013

CISA Known Exploited Vulnerability Due Dates: 6/15/2022

Exploitable With

CANVAS (CANVAS)

Core Impact

Metasploit (Java Applet Reflection Type Confusion Remote Code Execution)

Reference Information

CVE: CVE-2013-0401, CVE-2013-1488, CVE-2013-1518, CVE-2013-1537, CVE-2013-1557, CVE-2013-1558, CVE-2013-1569, CVE-2013-2383, CVE-2013-2384, CVE-2013-2415, CVE-2013-2417, CVE-2013-2419, CVE-2013-2420, CVE-2013-2421, CVE-2013-2422, CVE-2013-2423, CVE-2013-2424, CVE-2013-2426, CVE-2013-2429, CVE-2013-2430, CVE-2013-2431, CVE-2013-2436

BID: 58504, 58507, 59131, 59141, 59153, 59159, 59162, 59165, 59166, 59167, 59170, 59179, 59184, 59187, 59190, 59194, 59206, 59212, 59213, 59219, 59228, 59243

CWE: 732

RHSA: 2013:0752