Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.ITUNES_12_4_2.NASL
HistoryJul 19, 2016 - 12:00 a.m.

Apple iTunes < 12.4.2 Multiple Vulnerabilities (credentialed check)

2016-07-1900:00:00
This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
18
JSON

The version of Apple iTunes installed on the remote Windows host is prior to 12.4.2. It is, therefore, affected by multiple vulnerabilities :

  • Multiple memory corruption issues exist in the libxslt component due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-1684, CVE-2016-4607, CVE-2016-4608, CVE-2016-4609, CVE-2016-4610, CVE-2016-4612)

  • Multiple memory corruption issues exist in the libxml2 component that allow a remote attacker to cause a denial of service condition or the execution of arbitrary code.
    (CVE-2016-1836, CVE-2016-4447, CVE-2016-4448, CVE-2016-4483, CVE-2016-4614, CVE-2016-4615, CVE-2016-4616, CVE-2016-4619)

  • An XXE (Xml eXternal Entity) injection vulnerability exists in the libxml2 component due to an incorrectly configured XML parser accepting XML external entities from an untrusted source. A remote attacker can exploit this, via a specially crafted XML file, to disclose arbitrary files and user information. (CVE-2016-4449)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(92410);
  script_version("1.6");
  script_cvs_date("Date: 2019/11/19");

  script_cve_id(
    "CVE-2016-1684",
    "CVE-2016-1836",
    "CVE-2016-4447",
    "CVE-2016-4448",
    "CVE-2016-4449",
    "CVE-2016-4483",
    "CVE-2016-4607",
    "CVE-2016-4608",
    "CVE-2016-4609",
    "CVE-2016-4610",
    "CVE-2016-4612",
    "CVE-2016-4614",
    "CVE-2016-4615",
    "CVE-2016-4616",
    "CVE-2016-4619"
  );
  script_bugtraq_id(
    90013,
    90856,
    90864,
    90865,
    90876
  );
  script_xref(name:"APPLE-SA", value:"APPLE-SA-2016-07-18-6");

  script_name(english:"Apple iTunes < 12.4.2 Multiple Vulnerabilities (credentialed check)");
  script_summary(english:"Checks the version of iTunes on Windows.");

  script_set_attribute(attribute:"synopsis", value:
"The remote host contains an application that is affected by multiple
vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Apple iTunes installed on the remote Windows host is
prior to 12.4.2. It is, therefore, affected by multiple
vulnerabilities :

  - Multiple memory corruption issues exist in the libxslt
    component due to improper validation of user-supplied
    input. An unauthenticated, remote attacker can exploit
    this to cause a denial of service condition or the
    execution of arbitrary code. (CVE-2016-1684,
    CVE-2016-4607, CVE-2016-4608, CVE-2016-4609,
    CVE-2016-4610, CVE-2016-4612)

  - Multiple memory corruption issues exist in the libxml2
    component that allow a remote attacker to cause a denial
    of service condition or the execution of arbitrary code.
    (CVE-2016-1836, CVE-2016-4447, CVE-2016-4448,
    CVE-2016-4483, CVE-2016-4614, CVE-2016-4615,
    CVE-2016-4616, CVE-2016-4619)

  - An XXE (Xml eXternal Entity) injection vulnerability
    exists in the libxml2 component due to an incorrectly
    configured XML parser accepting XML external entities
    from an untrusted source. A remote attacker can exploit
    this, via a specially crafted XML file, to disclose
    arbitrary files and user information. (CVE-2016-4449)

Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.");
  script_set_attribute(attribute:"see_also", value:"https://support.apple.com/en-us/HT206901");
  # https://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?1925ec51");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Apple iTunes version 12.4.2 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-4448");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/04/06");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/07/18");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/07/19");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:itunes");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("itunes_detect.nasl");
  script_require_keys("installed_sw/iTunes Version", "SMB/Registry/Enumerated");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("install_func.inc");

# Ensure this is Windows
get_kb_item_or_exit("SMB/Registry/Enumerated");

app_id = 'iTunes Version';
install = get_single_install(app_name:app_id, exit_if_unknown_ver:TRUE);

version = install["version"];
path = install["path"];

fixed_version = "12.4.2";

if (ver_compare(ver:version, fix:fixed_version, strict:FALSE) < 0)
{
  port = get_kb_item("SMB/transport");
  if (isnull(port)) port = 445;

  order = make_list('Version source', 'Installed version', 'Fixed version');
  report = make_array(
    order[0], path,
    order[1], version,
    order[2], fixed_version
  );
  report = report_items_str(report_items:report, ordered_fields:order);

  security_report_v4(port:port, extra:report, severity:SECURITY_HOLE);
}
else audit(AUDIT_INST_PATH_NOT_VULN, "iTunes", version, path);
VendorProductVersionCPE
appleitunescpe:/a:apple:itunes

References

Related

nessus 37
apple 12
prion 16
cve 16
debiancve 10
ubuntucve 14
redhatcve 11
openvas 22
ibm 21
slackware 1
rosalinux 1
fedora 3
f5 4
osv 2
debian 4
mageia 2
symantec 1
veracode 6
centos 1
oraclelinux 1
redhat 1
amazon 1
suse 3
cloudfoundry 2
ubuntu 2
freebsd 2
altlinux 3
nessus
nessus
Apple iTunes < 12.4.2 Multiple Vulnerabilities (uncredentialed check)
2016-07-19 00:00:00
Mac OS X 10.9.5 and 10.10.5 Multiple Vulnerabilities (Security Update 2016-004)
2016-07-21 00:00:00
EulerOS 2.0 SP3 : libxslt (EulerOS-SA-2019-2627)
2019-12-18 00:00:00
apple
apple
About the security content of iTunes 12.4.2 for Windows
2016-07-18 00:00:00
About the security content of iCloud for Windows 5.2.1 - Apple Support
2017-06-10 11:43:45
About the security content of iCloud for Windows 5.2.1
2016-07-18 00:00:00
prion
prion
Memory corruption
2016-07-22 02:59:00
Memory corruption
2016-07-22 02:59:00
Memory corruption
2016-07-22 02:59:00
cve
cve
CVE-2016-4609
2016-07-22 02:59:00
CVE-2016-4607
2016-07-22 02:59:00
CVE-2016-4608
2016-07-22 02:59:00
debiancve
debiancve
CVE-2016-4608
2016-07-22 02:59:00
CVE-2016-4610
2016-07-22 02:59:00
CVE-2016-4609
2016-07-22 02:59:00
ubuntucve
ubuntucve
CVE-2016-4608
2016-07-22 00:00:00
CVE-2016-4607
2016-07-22 00:00:00
CVE-2016-4610
2016-07-22 00:00:00
redhatcve
redhatcve
CVE-2016-4609
2019-05-29 10:53:16
CVE-2016-4608
2019-05-29 10:52:20
CVE-2016-4607
2019-05-29 10:50:38
openvas
openvas
Apple Mac OS X Code Execution And Denial of Service Vulnerabilities
2016-11-22 00:00:00
Huawei EulerOS: Security Advisory for libxslt (EulerOS-SA-2019-2627)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for libxslt (EulerOS-SA-2019-2519)
2020-01-23 00:00:00
ibm
ibm
Security Bulletin: IBM Security Guardium is affected by Open Source XMLsoft Libxml2 Vulnerabilities (CVE-2016-4447 CVE-2016-4448 CVE-2016-4449)
2018-06-16 21:44:21
Security Bulletin: IBM Streams is affected by Libxml2 vulnerabilities (CVE-2016-4447, CVE-2016-4448, CVE-2016-4449)
2018-06-16 13:43:11
Security Bulletin: Rational Systems Tester is affected by Libxml2 vulnerabilities (CVE-2016-4447, CVE-2016-4448, CVE-2016-4449)
2018-06-17 05:14:21
slackware
slackware
[slackware-security] libxml2
2016-05-27 23:33:14
rosalinux
rosalinux
Advisory ROSA-SA-2021-1906
2021-07-02 17:26:03
fedora
fedora
[SECURITY] Fedora 30 Update: mingw-libxslt-1.1.33-1.fc30
2019-06-18 18:15:35
[SECURITY] Fedora 25 Update: libxml2-2.9.4-2.fc25
2017-04-19 09:32:17
[SECURITY] Fedora 24 Update: libxml2-2.9.4-2.fc24
2017-04-19 07:53:28
f5
f5
K24322529 : libxml2 vulnerabilities CVE-2016-4447 and CVE-2016-4449
2016-12-07 00:00:00
K41103561 : libxml2 vulnerability CVE-2016-4448
2016-08-31 00:00:00
SOL41103561 - libxml2 vulnerability CVE-2016-4448
2016-08-30 00:00:00
osv
osv
libxslt - security update
2019-07-22 00:00:00
libxslt - security update
2016-06-12 00:00:00
debian
debian
[SECURITY] [DLA 1860-1] libxslt security update
2019-07-22 16:16:47
[SECURITY] [DSA 3593-1] libxml2 security update
2016-06-02 20:28:31
[SECURITY] [DSA 3593-1] libxml2 security update
2016-06-02 20:28:31
mageia
mageia
Updated libxml2 packages fix security vulnerability
2016-07-27 00:59:16
Updated libxslt packages fix security vulnerability
2016-06-08 00:39:50
symantec
symantec
SA129 : Multiple libxml2 Vulnerabilities
2016-09-01 08:00:00
veracode
veracode
Denial Of Service (DoS)
2019-05-02 05:34:53
Information Disclosure
2019-05-02 05:34:53
Denial Of Service (DoS)
2018-07-17 10:32:25
centos
centos
libxml2 security update
2016-06-23 15:28:21
oraclelinux
oraclelinux
libxml2 security update
2016-06-23 00:00:00
redhat
redhat
(RHSA-2016:1292) Important: libxml2 security update
2016-06-23 08:21:08
amazon
amazon
Important: libxml2
2016-07-14 16:30:00
suse
suse
Security update for libxml2 (important)
2016-06-17 15:08:25
Security update for libxml2 (important)
2016-06-16 13:10:48
Security update for libxml2 (important)
2016-06-09 18:07:56
cloudfoundry
cloudfoundry
USN-2994-1 libxml2 vulnerabilities | Cloud Foundry
2016-06-13 00:00:00
USN-3235-1: libxml2 vulnerabilities | Cloud Foundry
2017-03-31 00:00:00
ubuntu
ubuntu
libxml2 vulnerabilities
2016-06-06 00:00:00
libxml2 vulnerabilities
2017-03-16 00:00:00
freebsd
freebsd
libxslt -- Denial of Service
2016-05-25 00:00:00
libxml2 -- multiple vulnerabilities
2016-05-23 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package libxml2 version 1:2.9.4.0.12.e905-alt1
2017-03-03 00:00:00
Security fix for the ALT Linux 8 package libxml2 version 1:2.9.4.0.12.e905-alt1
2017-03-07 00:00:00
Security fix for the ALT Linux 9 package libxml2 version 1:2.9.4.0.12.e905-alt1
2017-03-03 00:00:00
JSON
Related for ITUNES_12_4_2.NASL
nessus37apple12prion16cve16debiancve10ubuntucve14redhatcve11openvas22ibm21slackware1rosalinux1fedora3f54osv2debian4mageia2symantec1veracode6centos1oraclelinux1redhat1amazon1suse3cloudfoundry2ubuntu2freebsd2altlinux3