Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.ITUNES_10_5_1_BANNER.NASL
HistoryNov 18, 2011 - 12:00 a.m.

Apple iTunes < 10.5.1 Update Authenticity Verification Weakness (uncredentialed check)

2011-11-1800:00:00
This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
www.tenable.com
8
JSON

The version of Apple iTunes on the remote host is prior to version 10.5.1. It is, therefore, affected by a man-in-the-middle vulnerability due to using unsecured HTTP connections when checking for or retrieving software updates. A remote attacker can exploit this to execute arbitrary code by means of a trojan horse update that appears to originate from Apple.

#
# (C) Tenable Network Security, Inc.
#


include("compat.inc");


if (description)
{
  script_id(56873);
  script_version("1.15");
  script_cvs_date("Date: 2018/11/15 20:50:24");

  script_cve_id("CVE-2008-3434");
  script_bugtraq_id(50672);

  script_name(english:"Apple iTunes < 10.5.1 Update Authenticity Verification Weakness (uncredentialed check)");
  script_summary(english:"Checks the version of iTunes.");

  script_set_attribute(attribute:"synopsis", value:
"The remote host contains an application that is susceptible to a
man-in-the-middle attack.");
  script_set_attribute(attribute:"description", value:
"The version of Apple iTunes on the remote host is prior to version
10.5.1. It is, therefore, affected by a man-in-the-middle
vulnerability due to using unsecured HTTP connections when checking
for or retrieving software updates. A remote attacker can exploit this
to execute arbitrary code by means of a trojan horse update that
appears to originate from Apple.");
  script_set_attribute(attribute:"see_also", value:"http://seclists.org/bugtraq/2008/Jul/249");
  script_set_attribute(attribute:"see_also", value:"https://support.apple.com/en-us/HT5030");
  script_set_attribute(attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2011/Nov/msg00003.html");
  script_set_attribute(attribute:"solution", value:"Upgrade to Apple iTunes 10.5.1 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(94);

  script_set_attribute(attribute:"vuln_publication_date", value:"2008/07/28");
  script_set_attribute(attribute:"patch_publication_date", value:"2011/11/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2011/11/18");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:itunes");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);

  script_family(english:"Peer-To-Peer File Sharing");

  script_copyright(english:"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.");

  script_dependencies("itunes_sharing.nasl");
  script_require_keys("iTunes/sharing");
  script_require_ports("Services/www", 3689);

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");

port = get_http_port(default:3689, embedded:TRUE, ignore_broken:TRUE);

get_kb_item_or_exit("iTunes/" + port + "/enabled");

type = get_kb_item_or_exit("iTunes/" + port + "/type");
source = get_kb_item_or_exit("iTunes/" + port + "/source");
version = get_kb_item_or_exit("iTunes/" + port + "/version");

if (type == 'AppleTV') audit(AUDIT_LISTEN_NOT_VULN, "iTunes on AppleTV", port, version);

fixed_version = "10.5.1";

if (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)
{
  if (report_verbosity > 0)
  {
    report = '\n  Version source    : ' + source +
             '\n  Installed version : ' + version +
             '\n  Fixed version     : ' + fixed_version + '\n';
    security_warning(port:port, extra:report);
  }
  else security_warning(port);
}
else audit(AUDIT_LISTEN_NOT_VULN, "iTunes", port, version);
VendorProductVersionCPE
appleitunescpe:/a:apple:itunes

Related

seebug 1
nessus 2
securityvulns 2
openvas 4
cve 1
prion 1
seebug
seebug
Apple iTunes 10.xθ½―δ»Άζ›΄ζ–°δΌͺι€ ζΌζ΄ž
2011-11-16 00:00:00
nessus
nessus
iTunes < 10.5.1 Update Authenticity Verification Weakness (Mac OS X)
2011-11-18 00:00:00
Apple iTunes < 10.5.1 Update Authenticity Verification Weakness (credentialed check)
2011-11-18 00:00:00
securityvulns
securityvulns
APPLE-SA-2011-11-14-1 iTunes 10.5.1
2011-11-16 00:00:00
Apple iTunes insecure updates
2011-11-16 00:00:00
openvas
openvas
Apple iTunes Remote Code Execution Vulnerability (Windows)
2011-11-28 00:00:00
Apple iTunes Remote Code Execution Vulnerability (Mac OS X)
2011-11-28 00:00:00
Apple iTunes Remote Code Execution Vulnerability - Windows
2011-11-28 00:00:00
cve
cve
CVE-2008-3434
2008-08-01 14:41:00
prion
prion
Design/Logic Flaw
2008-08-01 14:41:00
JSON
Related for ITUNES_10_5_1_BANNER.NASL
seebug1nessus2securityvulns2openvas4cve1prion1