Detections
Analytics
Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2013-168)
critical Nessus Plugin ID 69727
Language:
Synopsis
The remote Amazon Linux AMI host is missing a security update.Description
An integer overflow flaw was found in the way the 2D component handled certain sample model instances. A specially crafted sample model instance could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with virtual machine privileges. (CVE-2013-0809)It was discovered that the 2D component did not properly reject certain malformed images. Specially crafted raster parameters could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with virtual machine privileges.
(CVE-2013-1493)
Solution
Run 'yum update java-1.7.0-openjdk' to update your system.See Also
Plugin Details
Severity: Critical
ID: 69727
File Name: ala_ALAS-2013-168.nasl
Version: 1.8
Type: local
Agent: unix
Published: 9/4/2013
Updated: 4/18/2018
Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus
Risk Information
VPR
Risk Factor: Critical
Score: 9.8
CVSS v2
Risk Factor: Critical
Base Score: 10
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: p-cpe:/a:amazon:linux:java-1.7.0-openjdk-javadoc, p-cpe:/a:amazon:linux:java-1.7.0-openjdk-src, p-cpe:/a:amazon:linux:java-1.7.0-openjdk-devel, p-cpe:/a:amazon:linux:java-1.7.0-openjdk, cpe:/o:amazon:linux, p-cpe:/a:amazon:linux:java-1.7.0-openjdk-demo, p-cpe:/a:amazon:linux:java-1.7.0-openjdk-debuginfo
Required KB Items: Host/local_checks_enabled, Host/AmazonLinux/release, Host/AmazonLinux/rpm-list
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 3/14/2013
Exploitable With
Core Impact
Metasploit (Java CMM Remote Code Execution)
Reference Information
CVE: CVE-2013-0809, CVE-2013-1493