English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 146377 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.843491
Category:Ubuntu Local Security Checks
Title:Ubuntu: Security Advisory (USN-3614-1)
Summary:The remote host is missing an update for the 'openjdk-7' package(s) announced via the USN-3614-1 advisory.
Description:Summary:
The remote host is missing an update for the 'openjdk-7' package(s) announced via the USN-3614-1 advisory.

Vulnerability Insight:
It was discovered that a race condition existed in the cryptography
implementation in OpenJDK. An attacker could possibly use this to expose
sensitive information. (CVE-2018-2579)

It was discovered that the LDAP implementation in OpenJDK did not properly
encode login names. A remote attacker could possibly use this to expose
sensitive information. (CVE-2018-2588)

It was discovered that the DNS client implementation in OpenJDK did not
properly randomize source ports. A remote attacker could use this to spoof
responses to DNS queries made by Java applications. (CVE-2018-2599)

It was discovered that the Internationalization component of OpenJDK did
not restrict search paths when loading resource bundle classes. A local
attacker could use this to trick a user into running malicious code.
(CVE-2018-2602)

It was discovered that OpenJDK did not properly restrict memory allocations
when parsing DER input. A remote attacker could possibly use this to cause
a denial of service. (CVE-2018-2603)

It was discovered that the Java Cryptography Extension (JCE) implementation
in OpenJDK in some situations did not guarantee sufficient strength of keys
during key agreement. An attacker could use this to expose sensitive
information. (CVE-2018-2618)

It was discovered that the Java GSS implementation in OpenJDK in some
situations did not properly handle GSS contexts in the native GSS library.
An attacker could possibly use this to access unauthorized resources.
(CVE-2018-2629)

It was discovered that the LDAP implementation in OpenJDK did not properly
handle LDAP referrals in some situations. An attacker could possibly use
this to expose sensitive information or gain unauthorized privileges.
(CVE-2018-2633)

It was discovered that the Java GSS implementation in OpenJDK in some
situations did not properly apply subject credentials. An attacker could
possibly use this to expose sensitive information or gain access to
unauthorized resources. (CVE-2018-2634)

It was discovered that the Java Management Extensions (JMX) component of
OpenJDK did not properly apply deserialization filters in some situations.
An attacker could use this to bypass deserialization restrictions.
(CVE-2018-2637)

It was discovered that a use-after-free vulnerability existed in the AWT
component of OpenJDK when loading the GTK library. An attacker could
possibly use this to execute arbitrary code and escape Java sandbox
restrictions. (CVE-2018-2641)

It was discovered that in some situations OpenJDK did not properly validate
objects when performing deserialization. An attacker could use this to
cause a denial of service (application crash or excessive memory
consumption). (CVE-2018-2663)

It was discovered that the AWT component of OpenJDK did not properly
restrict the amount of memory allocated when deserializing some objects. An
attacker could use this to cause a denial of service (excessive memory
consumption). ... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'openjdk-7' package(s) on Ubuntu 14.04.

Solution:
Please install the updated package(s).

CVSS Score:
5.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:N

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2018-2579
BugTraq ID: 102663
http://www.securityfocus.com/bid/102663
Debian Security Information: DSA-4144 (Google Search)
https://www.debian.org/security/2018/dsa-4144
Debian Security Information: DSA-4166 (Google Search)
https://www.debian.org/security/2018/dsa-4166
https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html
RedHat Security Advisories: RHSA-2018:0095
https://access.redhat.com/errata/RHSA-2018:0095
RedHat Security Advisories: RHSA-2018:0099
https://access.redhat.com/errata/RHSA-2018:0099
RedHat Security Advisories: RHSA-2018:0100
https://access.redhat.com/errata/RHSA-2018:0100
RedHat Security Advisories: RHSA-2018:0115
https://access.redhat.com/errata/RHSA-2018:0115
RedHat Security Advisories: RHSA-2018:0349
https://access.redhat.com/errata/RHSA-2018:0349
RedHat Security Advisories: RHSA-2018:0351
https://access.redhat.com/errata/RHSA-2018:0351
RedHat Security Advisories: RHSA-2018:0352
https://access.redhat.com/errata/RHSA-2018:0352
RedHat Security Advisories: RHSA-2018:0458
https://access.redhat.com/errata/RHSA-2018:0458
RedHat Security Advisories: RHSA-2018:0521
https://access.redhat.com/errata/RHSA-2018:0521
RedHat Security Advisories: RHSA-2018:1463
https://access.redhat.com/errata/RHSA-2018:1463
RedHat Security Advisories: RHSA-2018:1812
https://access.redhat.com/errata/RHSA-2018:1812
http://www.securitytracker.com/id/1040203
https://usn.ubuntu.com/3613-1/
https://usn.ubuntu.com/3614-1/
Common Vulnerability Exposure (CVE) ID: CVE-2018-2588
BugTraq ID: 102661
http://www.securityfocus.com/bid/102661
Common Vulnerability Exposure (CVE) ID: CVE-2018-2599
BugTraq ID: 102633
http://www.securityfocus.com/bid/102633
Common Vulnerability Exposure (CVE) ID: CVE-2018-2602
BugTraq ID: 102642
http://www.securityfocus.com/bid/102642
Common Vulnerability Exposure (CVE) ID: CVE-2018-2603
BugTraq ID: 102625
http://www.securityfocus.com/bid/102625
Common Vulnerability Exposure (CVE) ID: CVE-2018-2618
BugTraq ID: 102612
http://www.securityfocus.com/bid/102612
Common Vulnerability Exposure (CVE) ID: CVE-2018-2629
BugTraq ID: 102615
http://www.securityfocus.com/bid/102615
Common Vulnerability Exposure (CVE) ID: CVE-2018-2633
BugTraq ID: 102557
http://www.securityfocus.com/bid/102557
Common Vulnerability Exposure (CVE) ID: CVE-2018-2634
BugTraq ID: 102592
http://www.securityfocus.com/bid/102592
Common Vulnerability Exposure (CVE) ID: CVE-2018-2637
BugTraq ID: 102576
http://www.securityfocus.com/bid/102576
Common Vulnerability Exposure (CVE) ID: CVE-2018-2641
BugTraq ID: 102605
http://www.securityfocus.com/bid/102605
Common Vulnerability Exposure (CVE) ID: CVE-2018-2663
BugTraq ID: 102662
http://www.securityfocus.com/bid/102662
Common Vulnerability Exposure (CVE) ID: CVE-2018-2677
BugTraq ID: 102656
http://www.securityfocus.com/bid/102656
Common Vulnerability Exposure (CVE) ID: CVE-2018-2678
BugTraq ID: 102659
http://www.securityfocus.com/bid/102659
CopyrightCopyright (C) 2018 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.