Test Kennung:	1.3.6.1.4.1.25623.1.0.703504
Kategorie:	Debian Local Security Checks
Titel:	Debian Security Advisory DSA 3504-1 (bsh - security update)
Zusammenfassung:	Alvaro Munoz and Christian Schneider discovered that BeanShell, an;embeddable Java source interpreter, could be leveraged to execute;arbitrary commands: applications including BeanShell in their;classpath are vulnerable to this flaw if they deserialize data from an;untrusted source.
Beschreibung:	Summary: Alvaro Munoz and Christian Schneider discovered that BeanShell, an embeddable Java source interpreter, could be leveraged to execute arbitrary commands: applications including BeanShell in their classpath are vulnerable to this flaw if they deserialize data from an untrusted source. Affected Software/OS: bsh on Debian Linux Solution: For the oldstable distribution (wheezy), this problem has been fixed in version 2.0b4-12+deb7u1. For the stable distribution (jessie), this problem has been fixed in version 2.0b4-15+deb8u1. For the testing distribution (stretch) and unstable distribution (sid), this problem has been fixed in version 2.0b4-16. We recommend that you upgrade your bsh packages. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2016-2510 BugTraq ID: 84139 http://www.securityfocus.com/bid/84139 https://github.com/beanshell/beanshell/commit/1ccc66bb693d4e46a34a904db8eeff07808d2ced https://github.com/beanshell/beanshell/commit/7c68fde2d6fc65e362f20863d868c112a90a9b49 https://github.com/beanshell/beanshell/releases/tag/2.0b6 Debian Security Information: DSA-3504 (Google Search) http://www.debian.org/security/2016/dsa-3504 https://security.gentoo.org/glsa/201607-17 https://github.com/frohoff/ysoserial/pull/13 https://www.oracle.com/security-alerts/cpuoct2020.html https://www.rsaconference.com/writable/presentations/file_upload/asd-f03-serial-killer-silently-pwning-your-java-endpoints.pdf RedHat Security Advisories: RHSA-2016:0539 http://rhn.redhat.com/errata/RHSA-2016-0539.html RedHat Security Advisories: RHSA-2016:0540 http://rhn.redhat.com/errata/RHSA-2016-0540.html RedHat Security Advisories: RHSA-2016:1135 https://access.redhat.com/errata/RHSA-2016:1135 RedHat Security Advisories: RHSA-2016:1376 https://access.redhat.com/errata/RHSA-2016:1376 RedHat Security Advisories: RHSA-2016:2035 http://rhn.redhat.com/errata/RHSA-2016-2035.html RedHat Security Advisories: RHSA-2019:1545 https://access.redhat.com/errata/RHSA-2019:1545 http://www.securitytracker.com/id/1035440 SuSE Security Announcement: openSUSE-SU-2016:0788 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00056.html SuSE Security Announcement: openSUSE-SU-2016:0833 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00078.html http://www.ubuntu.com/usn/USN-2923-1
Copyright	Copyright (C) 2016 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.