Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.ITUNES_11_1_2.NASL
HistoryOct 24, 2013 - 12:00 a.m.

Apple iTunes < 11.1.2 Multiple Vulnerabilities (credentialed check)

2013-10-2400:00:00
This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
13
JSON

The version of Apple iTunes installed on the remote Windows host is older than 11.1.2. It is, therefore, potentially affected by several issues :

  • An uninitialized memory access issue exists in the handling of text tracks, which could lead to memory corruption and possibly arbitrary code execution.
    (CVE-2013-1024)

  • The included versions of WebKit, libxml, and libxslt contain several errors that could lead to memory corruption and possibly arbitrary code execution. The vendor notes that one possible attack vector is a man-in-the-middle attack while the application browses the ‘iTunes Store’.
    (CVE-2011-3102, CVE-2012-0841, CVE-2012-2807, CVE-2012-2825, CVE-2012-2870, CVE-2012-2871, CVE-2012-5134, CVE-2013-1037, CVE-2013-1038, CVE-2013-1039, CVE-2013-1040, CVE-2013-1041, CVE-2013-1042, CVE-2013-1043, CVE-2013-1044, CVE-2013-1045, CVE-2013-1046, CVE-2013-1047, CVE-2013-2842, CVE-2013-5125, CVE-2013-5126, CVE-2013-5127, CVE-2013-5128)

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(70588);
  script_version("1.7");
  script_cvs_date("Date: 2019/11/27");

  script_cve_id(
    "CVE-2011-3102",
    "CVE-2012-0841",
    "CVE-2012-2807",
    "CVE-2012-2825",
    "CVE-2012-2870",
    "CVE-2012-2871",
    "CVE-2012-5134",
    "CVE-2013-1024",
    "CVE-2013-1037",
    "CVE-2013-1038",
    "CVE-2013-1039",
    "CVE-2013-1040",
    "CVE-2013-1041",
    "CVE-2013-1042",
    "CVE-2013-1043",
    "CVE-2013-1044",
    "CVE-2013-1045",
    "CVE-2013-1046",
    "CVE-2013-1047",
    "CVE-2013-2842",
    "CVE-2013-5125",
    "CVE-2013-5126",
    "CVE-2013-5127",
    "CVE-2013-5128"
  );
  script_bugtraq_id(
    52107,
    53540,
    54203,
    54718,
    55331,
    56684,
    60067,
    60368,
    62551,
    62553,
    62554,
    62556,
    62557,
    62558,
    62559,
    62560,
    62563,
    62565,
    62567,
    62568,
    62569,
    62570,
    62571
  );
  script_xref(name:"APPLE-SA", value:"APPLE-SA-2013-10-22-8");

  script_name(english:"Apple iTunes < 11.1.2 Multiple Vulnerabilities (credentialed check)");
  script_summary(english:"Checks version of iTunes on Windows");

  script_set_attribute(attribute:"synopsis", value:
"The remote host contains an application that has multiple
vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Apple iTunes installed on the remote Windows host is
older than 11.1.2. It is, therefore, potentially affected by several
issues :

  - An uninitialized memory access issue exists in the
    handling of text tracks, which could lead to memory
    corruption and possibly arbitrary code execution.
    (CVE-2013-1024)

  - The included versions of WebKit, libxml, and libxslt
    contain several errors that could lead to memory
    corruption and possibly arbitrary code execution. The
    vendor notes that one possible attack vector is a
    man-in-the-middle attack while the application browses
    the 'iTunes Store'.
    (CVE-2011-3102, CVE-2012-0841, CVE-2012-2807,
    CVE-2012-2825, CVE-2012-2870, CVE-2012-2871,
    CVE-2012-5134, CVE-2013-1037, CVE-2013-1038,
    CVE-2013-1039, CVE-2013-1040, CVE-2013-1041,
    CVE-2013-1042, CVE-2013-1043, CVE-2013-1044,
    CVE-2013-1045, CVE-2013-1046, CVE-2013-1047,
    CVE-2013-2842, CVE-2013-5125, CVE-2013-5126,
    CVE-2013-5127, CVE-2013-5128)");
  script_set_attribute(attribute:"see_also", value:"http://support.apple.com/kb/HT6001");
  script_set_attribute(attribute:"see_also", value:"https://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Apple iTunes 11.1.2 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-2842");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/10/22");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/10/22");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/10/24");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:itunes");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("itunes_detect.nasl");
  script_require_keys("SMB/iTunes/Version");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");


version = get_kb_item_or_exit("SMB/iTunes/Version");
fixed_version = "11.1.2.31";
path = get_kb_item_or_exit("SMB/iTunes/Path");

if (ver_compare(ver:version, fix:fixed_version) == -1)
{
  port = get_kb_item("SMB/transport");
  if (!port) port = 445;

  if (report_verbosity > 0)
  {
    report =
      '\n  Path              : '+path+
      '\n  Installed version : '+version+
      '\n  Fixed version     : '+fixed_version+'\n';
    security_hole(port:port, extra:report);
  }
  else security_hole(port);
}
else audit(AUDIT_INST_PATH_NOT_VULN, "iTunes", version, path);
VendorProductVersionCPE
appleitunescpe:/a:apple:itunes

References

Related

securityvulns 13
nessus 55
openvas 59
vmware 3
redhat 4
amazon 3
thn 1
centos 3
fedora 4
oraclelinux 4
veracode 7
suse 5
android 1
osv 2
ubuntu 3
debian 3
cve 11
ubuntucve 2
prion 11
debiancve 3
gentoo 1
slackware 1
securityvulns
securityvulns
APPLE-SA-2014-01-22-1 iTunes 11.1.4
2014-01-29 00:00:00
Apple iTunes multiple security vulnerabilities
2014-01-29 00:00:00
Apple TV multiple security vulnerabilities
2013-10-02 00:00:00
nessus
nessus
Apple iTunes < 11.1.4 Multiple Vulnerabilities (uncredentialed check)
2014-01-23 00:00:00
Apple iTunes < 11.1.4 Multiple Vulnerabilities (credentialed check)
2014-01-23 00:00:00
Apple iTunes < 11.1.2 Multiple Vulnerabilities (uncredentialed check)
2013-10-24 00:00:00
openvas
openvas
VMSA-2013-0001 VMware vSphere security updates for the authentication service and third party libraries
2013-02-04 00:00:00
VMware ESXi/ESX security updates for the authentication service and third party libraries (VMSA-2013-0001)
2013-02-04 00:00:00
RedHat Update for libxml2 RHSA-2012:1288-01
2012-09-22 00:00:00
vmware
vmware
VMware vSphere security updates for the authentication service and third party libraries
2013-01-31 00:00:00
VMware vSphere security updates for the authentication service and third party libraries
2013-01-31 00:00:00
VMware ESXi and ESX security update for third party library
2013-03-28 00:00:00
redhat
redhat
(RHSA-2012:1288) Moderate: libxml2 security update
2012-09-18 00:00:00
(RHSA-2012:1265) Important: libxslt security update
2012-09-13 00:00:00
(RHSA-2012:1324) Important: rhev-hypervisor5 security and bug fix update
2012-10-02 00:00:00
amazon
amazon
Medium: libxml2
2012-10-15 12:20:00
Important: libxslt
2012-09-22 21:33:00
Important: libxml2
2012-12-06 21:22:00
thn
thn
RCSAndroid — Advanced Android Hacking Tool Leaked Online
2015-07-24 02:52:00
centos
centos
libxml2 security update
2012-09-18 18:22:15
libxslt security update
2012-09-13 18:02:29
libxml2 security update
2012-11-29 20:24:03
fedora
fedora
[SECURITY] Fedora 18 Update: libxslt-1.1.27-2.fc18
2012-12-09 06:31:24
[SECURITY] Fedora 17 Update: libxslt-1.1.26-10.fc17
2012-09-26 09:11:57
[SECURITY] Fedora 16 Update: libxslt-1.1.26-9.fc16
2012-09-27 04:27:12
oraclelinux
oraclelinux
libxslt security update
2012-09-13 00:00:00
libxml2 security update
2012-09-18 00:00:00
libxml2 security update
2013-02-28 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-05-02 04:43:13
Denial Of Service (DoS)
2019-05-02 04:43:13
Denial Of Service (DoS)
2019-05-02 04:43:13
suse
suse
Security update for libxml2 (important)
2013-11-04 17:04:12
Security update for libxml2 (important)
2013-11-04 18:04:12
libxml2: fixed buffer overflow during decoding entities (important)
2012-12-17 12:08:33
android
android
Android Browser Exploit WebKit
2011-02-22 00:00:00
osv
osv
libxslt - several
2012-10-05 00:00:00
libxml2 - buffer overflow
2012-12-02 00:00:00
ubuntu
ubuntu
libxslt vulnerabilities
2012-10-04 00:00:00
libxml2 vulnerability
2012-05-21 00:00:00
Libxml2 vulnerability
2012-12-06 00:00:00
debian
debian
[SECURITY] [DSA 2555-1] libxslt security update
2012-10-05 16:45:23
[SECURITY] [DSA 2479-1] libxml2 security update
2012-05-23 19:40:03
[SECURITY] [DSA 2580-1] libxml security update
2012-12-02 20:54:50
cve
cve
CVE-2013-5126
2013-09-19 10:27:00
CVE-2011-3102
2012-05-16 00:55:00
CVE-2013-1041
2013-09-19 10:27:00
ubuntucve
ubuntucve
CVE-2011-3102
2012-05-15 00:00:00
CVE-2012-5134
2012-11-27 00:00:00
prion
prion
Memory corruption
2013-09-19 10:27:00
Memory corruption
2013-09-19 10:27:00
Out-of-bounds
2012-05-16 00:55:00
debiancve
debiancve
CVE-2012-5134
2012-11-28 01:55:00
CVE-2011-3102
2012-05-16 00:55:00
CVE-2012-2825
2012-06-27 10:18:00
gentoo
gentoo
libxml2: User-assisted execution of arbitrary code
2012-07-09 00:00:00
slackware
slackware
[slackware-security] libxml2
2012-12-07 03:51:19
JSON
Related for ITUNES_11_1_2.NASL
securityvulns13nessus55openvas59vmware3redhat4amazon3thn1centos3fedora4oraclelinux4veracode7suse5android1osv2ubuntu3debian3cve11ubuntucve2prion11debiancve3gentoo1slackware1