Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.ITUNES_10_2_BANNER.NASL
HistoryMar 03, 2011 - 12:00 a.m.

Apple iTunes < 10.2 Multiple Vulnerabilities (uncredentialed check)

2011-03-0300:00:00
This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
www.tenable.com
16
JSON

The version of Apple iTunes on the remote host is prior to version 10.2. It is, therefore, affected by multiple vulnerabilities in the WebKit, ImageIO, and libxml components. Note that these only affect iTunes for Windows.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(52535);
  script_version("1.22");
  script_cvs_date("Date: 2018/11/15 20:50:24");

  script_cve_id(
    "CVE-2010-1205",
    "CVE-2010-1824",
    "CVE-2010-2249",
    "CVE-2010-4008",
    "CVE-2010-4494",
    "CVE-2011-0111",
    "CVE-2011-0112",
    "CVE-2011-0113",
    "CVE-2011-0114",
    "CVE-2011-0115",
    "CVE-2011-0116",
    "CVE-2011-0117",
    "CVE-2011-0118",
    "CVE-2011-0119",
    "CVE-2011-0120",
    "CVE-2011-0121",
    "CVE-2011-0122",
    "CVE-2011-0123",
    "CVE-2011-0124",
    "CVE-2011-0125",
    "CVE-2011-0126",
    "CVE-2011-0127",
    "CVE-2011-0128",
    "CVE-2011-0129",
    "CVE-2011-0130",
    "CVE-2011-0131",
    "CVE-2011-0132",
    "CVE-2011-0133",
    "CVE-2011-0134",
    "CVE-2011-0135",
    "CVE-2011-0136",
    "CVE-2011-0137",
    "CVE-2011-0138",
    "CVE-2011-0139",
    "CVE-2011-0140",
    "CVE-2011-0141",
    "CVE-2011-0142",
    "CVE-2011-0143",
    "CVE-2011-0144",
    "CVE-2011-0145",
    "CVE-2011-0146",
    "CVE-2011-0147",
    "CVE-2011-0148",
    "CVE-2011-0149",
    "CVE-2011-0150",
    "CVE-2011-0151",
    "CVE-2011-0152",
    "CVE-2011-0153",
    "CVE-2011-0154",
    "CVE-2011-0155",
    "CVE-2011-0156",
    "CVE-2011-0164",
    "CVE-2011-0165",
    "CVE-2011-0168",
    "CVE-2011-0170",
    "CVE-2011-0191",
    "CVE-2011-0192"
  );
  script_bugtraq_id(
    41174,
    44779,
    46657,
    46658,
    46659,
    46677,
    46684,
    46686,
    46687,
    46688,
    46689,
    46690,
    46691,
    46692,
    46693,
    46694,
    46695,
    46696,
    46698,
    46699,
    46700,
    46701,
    46702,
    46703,
    46704,
    46705,
    46706,
    46707,
    46708,
    46709,
    46710,
    46711,
    46712,
    46713,
    46714,
    46715,
    46716,
    46717,
    46718,
    46719,
    46720,
    46721,
    46722,
    46723,
    46724,
    46725,
    46726,
    46727,
    46728,
    46744,
    46745,
    46746,
    46747,
    46748,
    46749
  );

  script_name(english:"Apple iTunes < 10.2 Multiple Vulnerabilities (uncredentialed check)");
  script_summary(english:"Checks the version of iTunes.");

  script_set_attribute(attribute:"synopsis", value:
"The remote host contains a multimedia application that has multiple
vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Apple iTunes on the remote host is prior to version
10.2. It is, therefore, affected by multiple vulnerabilities in the
WebKit, ImageIO, and libxml components. Note that these only affect
iTunes for Windows.");
  script_set_attribute(attribute:"see_also", value:"https://support.apple.com/en-us/HT4554");
  script_set_attribute(attribute:"see_also", value:"https://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html");
  script_set_attribute(attribute:"solution", value:"Upgrade to Apple iTunes 10.2 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2010/06/25");
  script_set_attribute(attribute:"patch_publication_date", value:"2011/03/02");
  script_set_attribute(attribute:"plugin_publication_date", value:"2011/03/03");

  script_set_attribute(attribute:"plugin_type", value:"remote");

  script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:itunes");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);

  script_family(english:"Peer-To-Peer File Sharing");

  script_copyright(english:"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.");

  script_dependencies("itunes_sharing.nasl");
  script_require_keys("iTunes/sharing");
  script_require_ports("Services/www", 3689);

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");

port = get_http_port(default:3689, embedded:TRUE, ignore_broken:TRUE);

get_kb_item_or_exit("iTunes/" + port + "/enabled");

type = get_kb_item_or_exit("iTunes/" + port + "/type");
source = get_kb_item_or_exit("iTunes/" + port + "/source");
version = get_kb_item_or_exit("iTunes/" + port + "/version");

if (type != 'Windows') audit(AUDIT_OS_NOT, "Windows");

fixed_version = "10.2";

if (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)
{
  if (report_verbosity > 0)
  {
    report = '\n  Version source    : ' + source +
             '\n  Installed version : ' + version +
             '\n  Fixed version     : ' + fixed_version + '\n';
    security_hole(port:port, extra:report);
  }
  else security_hole(port);
}
else audit(AUDIT_LISTEN_NOT_VULN, "iTunes", port, version);
VendorProductVersionCPE
appleitunescpe:/a:apple:itunes

References

Related

openvas 48
nessus 40
securityvulns 10
fedora 8
slackware 1
ubuntu 1
debian 6
altlinux 6
osv 3
gentoo 2
oraclelinux 1
centos 1
redhat 1
prion 21
ubuntucve 21
debiancve 3
veracode 2
cve 20
zdi 3
threatpost 1
openvas
openvas
Apple iTunes Multiple Vulnerabilities - Mar11
2011-03-10 00:00:00
Apple iTunes Multiple Vulnerabilities (HT4554)
2011-03-10 00:00:00
Apple Safari Multiple Vulnerabilities (Mar 2011) - Mac OS X
2011-08-12 00:00:00
nessus
nessus
Apple iTunes < 10.2 Multiple Vulnerabilities (credentialed check)
2011-03-03 00:00:00
Safari < 5.0.4 Multiple Vulnerabilities
2011-03-10 00:00:00
Mac OS X : Apple Safari < 5.0.4
2011-03-10 00:00:00
securityvulns
securityvulns
About the security content of iTunes 10.2
2011-03-03 00:00:00
About the security content of Safari 5.0.4
2011-03-15 00:00:00
Apple WebKit / Safari / iTunes / libtiff / Google Chrome multiple security vulnerabilities
2011-03-16 00:00:00
fedora
fedora
[SECURITY] Fedora 13 Update: libpng10-1.0.54-1.fc13
2010-07-20 22:32:04
[SECURITY] Fedora 12 Update: mingw32-libpng-1.2.44-1.fc12
2010-07-27 02:50:29
[SECURITY] Fedora 13 Update: mingw32-libpng-1.2.44-1.fc13
2010-07-27 02:50:02
slackware
slackware
[slackware-security] libpng
2010-06-30 06:39:45
ubuntu
ubuntu
libpng vulnerabilities
2010-07-08 00:00:00
debian
debian
[SECURITY] [DSA 2072-1] New libpng packages fix several vulnerabilities
2010-07-19 12:27:24
[SECURITY] [DSA 2072-1] New libpng packages fix several vulnerabilities
2010-07-19 12:27:24
[SECURITY] [DSA 2210-1] tiff security update
2011-04-03 12:23:08
altlinux
altlinux
Security fix for the ALT Linux 5 package libpng version 1.2.44-alt1
2010-06-29 00:00:00
Security fix for the ALT Linux 6 package libpng version 1.2.44-alt1
2010-06-29 00:00:00
Security fix for the ALT Linux 5 package libxml2 version 1:2.7.8-alt3.M50P.1
2011-01-20 00:00:00
osv
osv
libpng - several vulnerabilities
2010-07-19 00:00:00
tiff - several
2011-04-03 00:00:00
libxml2 - several vulnerabilities
2010-12-26 00:00:00
gentoo
gentoo
Libpng: Multiple vulnerabilities
2010-10-05 00:00:00
libxml2: Multiple vulnerabilities
2011-10-26 00:00:00
oraclelinux
oraclelinux
libpng security update
2010-07-14 00:00:00
centos
centos
libpng, libpng10 security update
2010-07-14 22:40:18
redhat
redhat
(RHSA-2010:0534) Important: libpng security update
2010-07-14 00:00:00
prion
prion
Memory corruption
2011-03-03 20:00:00
Memory corruption
2011-03-03 20:00:00
Memory corruption
2011-03-03 20:00:00
ubuntucve
ubuntucve
CVE-2010-1824
2010-09-24 00:00:00
CVE-2011-0121
2011-03-03 00:00:00
CVE-2011-0141
2011-03-03 00:00:00
debiancve
debiancve
CVE-2010-1824
2010-09-24 19:00:00
CVE-2010-2249
2010-06-30 18:30:00
CVE-2010-4494
2010-12-07 21:00:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:43:56
Denial Of Service (DoS)
2019-05-02 04:52:18
cve
cve
CVE-2010-2249
2010-06-30 18:30:00
CVE-2011-0137
2011-03-03 20:00:00
CVE-2011-0142
2011-03-03 20:00:00
zdi
zdi
Apple Webkit Font Glyph Layout Remote Code Execution Vulnerability
2011-03-02 00:00:00
Apple Webkit Error Message Mutation Remote Code Execution Vulnerability
2011-03-02 00:00:00
Apple Webkit Root HTMLBRElement Style Remote Code Execution Vulnerability
2011-03-02 00:00:00
threatpost
threatpost
Weaknesses in Webkit Becoming Problematic
2011-08-28 23:44:39
JSON
Related for ITUNES_10_2_BANNER.NASL
openvas48nessus40securityvulns10fedora8slackware1ubuntu1debian6altlinux6osv3gentoo2oraclelinux1centos1redhat1prion21ubuntucve21debiancve3veracode2cve20zdi3threatpost1