Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.ITUNES_11_1_4.NASL
HistoryJan 23, 2014 - 12:00 a.m.

Apple iTunes < 11.1.4 Multiple Vulnerabilities (credentialed check)

2014-01-2300:00:00
This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
25
JSON

The version of Apple iTunes installed on the remote Windows host is older than 11.1.4. It is, therefore, potentially affected by several issues :

  • The included versions of WebKit, libxml, and libxslt contain several errors that could lead to memory corruption and possibly arbitrary code execution. The vendor notes that one possible attack vector is a man-in-the-middle attack while the application browses the ‘iTunes Store’. (CVE-2011-3102, CVE-2012-0841, CVE-2012-2807, CVE-2012-2825, CVE-2012-2870, CVE-2012-2871, CVE-2012-5134, CVE-2013-1037, CVE-2013-1038, CVE-2013-1039, CVE-2013-1040, CVE-2013-1041, CVE-2013-1042, CVE-2013-1043, CVE-2013-1044, CVE-2013-1045, CVE-2013-1046, CVE-2013-1047, CVE-2013-2842, CVE-2013-5125, CVE-2013-5126, CVE-2013-5127, CVE-2013-5128)

  • An error exists related to text tracks in movie files that could allow denial of service or arbitrary code execution. (CVE-2013-1024)

  • An error exists related to the iTunes Tutorials window that could allow an attacker in a privileged network location to inject content. (CVE-2014-1242)

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(72104);
  script_version("1.7");
  script_cvs_date("Date: 2019/11/26");

  script_cve_id(
    "CVE-2011-3102",
    "CVE-2012-0841",
    "CVE-2012-2807",
    "CVE-2012-2825",
    "CVE-2012-2870",
    "CVE-2012-2871",
    "CVE-2012-5134",
    "CVE-2013-1024",
    "CVE-2013-1037",
    "CVE-2013-1038",
    "CVE-2013-1039",
    "CVE-2013-1040",
    "CVE-2013-1041",
    "CVE-2013-1042",
    "CVE-2013-1043",
    "CVE-2013-1044",
    "CVE-2013-1045",
    "CVE-2013-1046",
    "CVE-2013-1047",
    "CVE-2013-2842",
    "CVE-2013-5125",
    "CVE-2013-5126",
    "CVE-2013-5127",
    "CVE-2013-5128",
    "CVE-2014-1242"
  );
  script_bugtraq_id(
    52107,
    53540,
    54203,
    54718,
    55331,
    56684,
    60067,
    60368,
    62551,
    62553,
    62554,
    62556,
    62557,
    62558,
    62559,
    62560,
    62563,
    62565,
    62567,
    62568,
    62569,
    62570,
    62571,
    65088
  );
  script_xref(name:"APPLE-SA", value:"APPLE-SA-2014-01-22-1");

  script_name(english:"Apple iTunes < 11.1.4 Multiple Vulnerabilities (credentialed check)");
  script_summary(english:"Checks version of iTunes on Windows");

  script_set_attribute(attribute:"synopsis", value:
"The remote host contains an application that has multiple
vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Apple iTunes installed on the remote Windows host is
older than 11.1.4. It is, therefore, potentially affected by several
issues :

  - The included versions of WebKit, libxml, and libxslt
    contain several errors that could lead to memory
    corruption and possibly arbitrary code execution. The
    vendor notes that one possible attack vector is a
    man-in-the-middle attack while the application browses
    the 'iTunes Store'. (CVE-2011-3102, CVE-2012-0841,
    CVE-2012-2807, CVE-2012-2825, CVE-2012-2870,
    CVE-2012-2871, CVE-2012-5134, CVE-2013-1037,
    CVE-2013-1038, CVE-2013-1039, CVE-2013-1040,
    CVE-2013-1041, CVE-2013-1042, CVE-2013-1043,
    CVE-2013-1044, CVE-2013-1045, CVE-2013-1046,
    CVE-2013-1047, CVE-2013-2842, CVE-2013-5125,
    CVE-2013-5126, CVE-2013-5127, CVE-2013-5128)

  - An error exists related to text tracks in movie files
    that could allow denial of service or arbitrary code
    execution. (CVE-2013-1024)

  - An error exists related to the iTunes Tutorials window
    that could allow an attacker in a privileged network
    location to inject content. (CVE-2014-1242)");
  script_set_attribute(attribute:"see_also", value:"http://support.apple.com/kb/HT6001");
  script_set_attribute(attribute:"see_also", value:"http://www.securityfocus.com/archive/1/530870/30/0/threaded");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Apple iTunes 11.1.4 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-2842");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/10/22");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/01/22");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/01/23");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:itunes");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("itunes_detect.nasl");
  script_require_keys("SMB/iTunes/Version");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");


version = get_kb_item_or_exit("SMB/iTunes/Version");
path = get_kb_item_or_exit("SMB/iTunes/Path");

fixed_version = "11.1.4.62";
if (ver_compare(ver:version, fix:fixed_version) < 0)
{
  port = get_kb_item("SMB/transport");
  if (!port) port = 445;

  if (report_verbosity > 0)
  {
    report =
      '\n  Path              : '+path+
      '\n  Installed version : '+version+
      '\n  Fixed version     : '+fixed_version+'\n';
    security_hole(port:port, extra:report);
  }
  else security_hole(port);
}
else audit(AUDIT_INST_PATH_NOT_VULN, "iTunes", version, path);
VendorProductVersionCPE
appleitunescpe:/a:apple:itunes

References

Related

securityvulns 11
nessus 56
vmware 3
openvas 62
redhat 5
amazon 3
thn 1
centos 3
fedora 5
oraclelinux 5
veracode 7
suse 5
ubuntu 3
android 1
osv 2
debian 3
cve 8
ubuntucve 2
prion 10
debiancve 2
gentoo 1
slackware 1
securityvulns
securityvulns
APPLE-SA-2014-01-22-1 iTunes 11.1.4
2014-01-29 00:00:00
Apple iTunes multiple security vulnerabilities
2014-01-29 00:00:00
Apple TV multiple security vulnerabilities
2013-10-02 00:00:00
nessus
nessus
Apple iTunes < 11.1.4 Multiple Vulnerabilities (uncredentialed check)
2014-01-23 00:00:00
Apple iTunes < 11.1.2 Multiple Vulnerabilities (credentialed check)
2013-10-24 00:00:00
Apple iTunes < 11.1.2 Multiple Vulnerabilities (uncredentialed check)
2013-10-24 00:00:00
vmware
vmware
VMware vSphere security updates for the authentication service and third party libraries
2013-01-31 00:00:00
VMware vSphere security updates for the authentication service and third party libraries
2013-01-31 00:00:00
VMware ESXi and ESX security update for third party library
2013-03-28 00:00:00
openvas
openvas
VMSA-2013-0001 VMware vSphere security updates for the authentication service and third party libraries
2013-02-04 00:00:00
VMware ESXi/ESX security updates for the authentication service and third party libraries (VMSA-2013-0001)
2013-02-04 00:00:00
RedHat Update for libxml2 RHSA-2012:1288-01
2012-09-22 00:00:00
redhat
redhat
(RHSA-2012:1288) Moderate: libxml2 security update
2012-09-18 00:00:00
(RHSA-2012:1265) Important: libxslt security update
2012-09-13 00:00:00
(RHSA-2012:1324) Important: rhev-hypervisor5 security and bug fix update
2012-10-02 00:00:00
amazon
amazon
Medium: libxml2
2012-10-15 12:20:00
Important: libxslt
2012-09-22 21:33:00
Important: libxml2
2012-12-06 21:22:00
thn
thn
RCSAndroid — Advanced Android Hacking Tool Leaked Online
2015-07-24 02:52:00
centos
centos
libxml2 security update
2012-09-18 18:22:15
libxslt security update
2012-09-13 18:02:29
libxml2 security update
2012-11-29 20:24:03
fedora
fedora
[SECURITY] Fedora 18 Update: libxslt-1.1.27-2.fc18
2012-12-09 06:31:24
[SECURITY] Fedora 17 Update: libxslt-1.1.26-10.fc17
2012-09-26 09:11:57
[SECURITY] Fedora 16 Update: libxslt-1.1.26-9.fc16
2012-09-27 04:27:12
oraclelinux
oraclelinux
libxslt security update
2012-09-13 00:00:00
libxml2 security update
2012-09-18 00:00:00
libxml2 security update
2013-02-28 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-05-02 04:43:13
Denial Of Service (DoS)
2019-05-02 04:43:13
Denial Of Service (DoS)
2019-05-02 04:43:13
suse
suse
Security update for libxml2 (important)
2013-11-04 17:04:12
Security update for libxml2 (important)
2013-11-04 18:04:12
libxml2: fixed buffer overflow during decoding entities (important)
2012-12-17 12:08:33
ubuntu
ubuntu
libxslt vulnerabilities
2012-10-04 00:00:00
libxml2 vulnerability
2012-05-21 00:00:00
Libxml2 vulnerability
2012-12-06 00:00:00
android
android
Android Browser Exploit WebKit
2011-02-22 00:00:00
osv
osv
libxslt - several
2012-10-05 00:00:00
libxml2 - buffer overflow
2012-12-02 00:00:00
debian
debian
[SECURITY] [DSA 2555-1] libxslt security update
2012-10-05 16:45:23
[SECURITY] [DSA 2479-1] libxml2 security update
2012-05-23 19:40:03
[SECURITY] [DSA 2580-1] libxml security update
2012-12-02 20:54:50
cve
cve
CVE-2013-5126
2013-09-19 10:27:00
CVE-2011-3102
2012-05-16 00:55:00
CVE-2013-1042
2013-09-19 10:27:00
ubuntucve
ubuntucve
CVE-2011-3102
2012-05-15 00:00:00
CVE-2012-5134
2012-11-27 00:00:00
prion
prion
Memory corruption
2013-09-19 10:27:00
Denial of service
2012-06-27 10:18:00
Out-of-bounds
2012-05-16 00:55:00
debiancve
debiancve
CVE-2011-3102
2012-05-16 00:55:00
CVE-2012-5134
2012-11-28 01:55:00
gentoo
gentoo
libxml2: User-assisted execution of arbitrary code
2012-07-09 00:00:00
slackware
slackware
[slackware-security] libxml2
2012-12-07 03:51:19
JSON
Related for ITUNES_11_1_4.NASL
securityvulns11nessus56vmware3openvas62redhat5amazon3thn1centos3fedora5oraclelinux5veracode7suse5ubuntu3android1osv2debian3cve8ubuntucve2prion10debiancve2gentoo1slackware1