Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.ITUNES_12_5_4_BANNER.NASL
HistoryDec 14, 2016 - 12:00 a.m.

Apple iTunes < 12.5.4 Multiple Vulnerabilities (uncredentialed check)

2016-12-1400:00:00
This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
8
JSON

The version of Apple iTunes running on the remote host is prior to 12.5.4 It is, therefore, affected by multiple vulnerabilities :

  • Multiple remote code execution vulnerabilities exist in WebKit due to improper validation of user-supplied input and improper handling of objects in memory. An unauthenticated, remote attacker can exploit these vulnerabilities, by convincing a user to visit a specially crafted website, to corrupt memory and execute arbitrary code. (CVE-2016-4692, CVE-2016-7635, CVE-2016-7652)

  • Multiple information disclosure vulnerabilities exist in WebKit due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit these, by convincing a user to visit a specially crafted website, to disclose memory contents. (CVE-2016-4743, CVE-2016-7656)

  • An information disclosure vulnerability exists in WebKit due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to disclose user information. (CVE-2016-7586)

  • Multiple remote code execution vulnerabilities exist in WebKit due to improper validation of user-supplied input and improper state management. An unauthenticated, remote attacker can exploit these vulnerabilities, by convincing a user to visit a specially crafted website, to corrupt memory and execute arbitrary code.
    (CVE-2016-7587, CVE-2016-7589:, CVE-2016-7610, CVE-2016-7611, CVE-2016-7639, CVE-2016-7640, CVE-2016-7641, CVE-2016-7642, CVE-2016-7645, CVE-2016-7646, CVE-2016-7648, CVE-2016-7649, CVE-2016-7654)

  • An information disclosure vulnerability exists in WebKit due to improper handling of JavaScript prompts. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to corrupt memory and execute arbitrary code.
    (CVE-2016-7592)

  • An information disclosure vulnerability exists in WebKit due to the use of uninitialized memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to disclose memory contents. (CVE-2016-7598)

  • An information disclosure vulnerability exists that is triggered when handling HTTP redirections. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to disclose user information. (CVE-2016-7599)

  • A remote code execution vulnerability exists in WebKit due to improper validation of user-supplied input and improper state management. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to cause a denial of service condition or the execution of arbitrary code.
    (CVE-2016-7632)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(95825);
  script_version("1.9");
  script_cvs_date("Date: 2019/11/13");

  script_cve_id(
    "CVE-2016-4692",
    "CVE-2016-4743",
    "CVE-2016-7586",
    "CVE-2016-7587",
    "CVE-2016-7589",
    "CVE-2016-7592",
    "CVE-2016-7598",
    "CVE-2016-7599",
    "CVE-2016-7610",
    "CVE-2016-7611",
    "CVE-2016-7632",
    "CVE-2016-7635",
    "CVE-2016-7639",
    "CVE-2016-7640",
    "CVE-2016-7641",
    "CVE-2016-7642",
    "CVE-2016-7645",
    "CVE-2016-7646",
    "CVE-2016-7648",
    "CVE-2016-7649",
    "CVE-2016-7652",
    "CVE-2016-7654",
    "CVE-2016-7656"
  );
  script_bugtraq_id(94907, 94908, 94909);
  script_xref(name:"APPLE-SA", value:"APPLE-SA-2016-12-13-3");

  script_name(english:"Apple iTunes < 12.5.4 Multiple Vulnerabilities (uncredentialed check)");
  script_summary(english:"Checks the version of iTunes.");

  script_set_attribute(attribute:"synopsis", value:
"An application running on the remote host is affected by multiple
vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Apple iTunes running on the remote host is prior to
12.5.4 It is, therefore, affected by multiple vulnerabilities :

  - Multiple remote code execution vulnerabilities exist in
    WebKit due to improper validation of user-supplied
    input and improper handling of objects in memory. An
    unauthenticated, remote attacker can exploit these
    vulnerabilities, by convincing a user to visit a
    specially crafted website, to corrupt memory and execute
    arbitrary code. (CVE-2016-4692, CVE-2016-7635,
    CVE-2016-7652)

  - Multiple information disclosure vulnerabilities exist
    in WebKit due to improper validation of user-supplied
    input. An unauthenticated, remote attacker can exploit
    these, by convincing a user to visit a specially crafted
    website, to disclose memory contents. (CVE-2016-4743,
    CVE-2016-7656)

  - An information disclosure vulnerability exists in WebKit
    due to improper validation of user-supplied input. An
    unauthenticated, remote attacker can exploit this, by
    convincing a user to visit a specially crafted website,
    to disclose user information. (CVE-2016-7586)

  - Multiple remote code execution vulnerabilities exist in
    WebKit due to improper validation of user-supplied
    input and improper state management. An unauthenticated,
    remote attacker can exploit these vulnerabilities, by
    convincing a user to visit a specially crafted website,
    to corrupt memory and execute arbitrary code.
    (CVE-2016-7587, CVE-2016-7589:, CVE-2016-7610,
    CVE-2016-7611, CVE-2016-7639, CVE-2016-7640,
    CVE-2016-7641, CVE-2016-7642, CVE-2016-7645,
    CVE-2016-7646, CVE-2016-7648, CVE-2016-7649,
    CVE-2016-7654)

  - An information disclosure vulnerability exists in WebKit
    due to improper handling of JavaScript prompts. An
    unauthenticated, remote attacker can exploit this, by
    convincing a user to visit a specially crafted website,
    to corrupt memory and execute arbitrary code.
    (CVE-2016-7592)

  - An information disclosure vulnerability exists in WebKit
    due to the use of uninitialized memory. An
    unauthenticated, remote attacker can exploit this, by
    convincing a user to visit a specially crafted website,
    to disclose memory contents. (CVE-2016-7598)

  - An information disclosure vulnerability exists that is
    triggered when handling HTTP redirections. An
    unauthenticated, remote attacker can exploit this, by
    convincing a user to visit a specially crafted website,
    to disclose user information. (CVE-2016-7599)

  - A remote code execution vulnerability exists in WebKit
    due to improper validation of user-supplied
    input and improper state management. An unauthenticated,
    remote attacker can exploit this, by convincing a user
    to visit a specially crafted website, to cause a denial
    of service condition or the execution of arbitrary code.
    (CVE-2016-7632)

Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.");
  script_set_attribute(attribute:"see_also", value:"https://support.apple.com/en-us/HT207427");
  # https://lists.apple.com/archives/security-announce/2016/Dec/msg00005.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?848e8b5e");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Apple iTunes version 12.5.4 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-7656");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/12/13");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/12/13");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/12/14");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:itunes");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Peer-To-Peer File Sharing");

  script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("itunes_sharing.nasl");
  script_require_keys("iTunes/sharing");
  script_require_ports("Services/www", 3689);

  exit(0);
}

include("vcf.inc");
include("http.inc");

port = get_http_port(default:3689, embedded:TRUE, ignore_broken:TRUE);
get_kb_item_or_exit("iTunes/" + port + "/enabled");

if (get_kb_item_or_exit("iTunes/" + port + "/type") != 'Windows')
  audit(AUDIT_OS_NOT, "Windows");

kb_base = "iTunes/"+port+"/";
app_info = vcf::get_app_info(app:"iTunes", port:port, kb_ver:kb_base+"version", kb_source:kb_base+"source", service:TRUE);

constraints = [{ "fixed_version" : "12.5.4" }];

vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);
VendorProductVersionCPE
appleitunescpe:/a:apple:itunes

References

Related

apple 12
nessus 10
openvas 11
fedora 2
ubuntu 1
archlinux 1
mageia 1
suse 4
ubuntucve 23
debiancve 23
cve 23
prion 23
zdi 2
gentoo 1
apple
apple
About the security content of iTunes 12.5.4 for Windows
2016-12-13 00:00:00
About the security content of iTunes 12.5.4 for Windows - Apple Support
2017-01-23 05:05:46
About the security content of iCloud for Windows 6.1 - Apple Support
2017-01-23 05:29:57
nessus
nessus
Apple iTunes < 12.5.4 Multiple Vulnerabilities (credentialed check)
2016-12-14 00:00:00
macOS : Apple Safari < 10.0.2 Multiple Vulnerabilities
2016-12-16 00:00:00
Fedora 24 : webkitgtk4 (2017-d317f6fb61)
2017-01-23 00:00:00
openvas
openvas
Apple iTunes Multiple Vulnerabilities (Feb 2017) - Windows
2017-02-28 00:00:00
Apple iCloud Multiple Vulnerabilities (Feb 2017) - Windows
2017-02-28 00:00:00
Apple Safari Multiple Vulnerabilities-02 (Feb 2017)
2017-02-22 00:00:00
fedora
fedora
[SECURITY] Fedora 24 Update: webkitgtk4-2.14.3-1.fc24
2017-01-21 20:21:09
[SECURITY] Fedora 25 Update: webkitgtk4-2.14.3-1.fc25
2017-01-20 18:11:24
ubuntu
ubuntu
WebKitGTK+ vulnerabilities
2017-02-06 00:00:00
archlinux
archlinux
[ASA-201701-27] webkit2gtk: multiple issues
2017-01-18 00:00:00
mageia
mageia
Updated webkit2 packages fix security vulnerabilities
2017-03-02 18:11:17
suse
suse
Security update for webkit2gtk3 (important)
2017-11-06 15:08:25
Security update for webkit2gtk3 (important)
2017-11-10 18:22:30
Security update for webkit2gtk3 (important)
2018-02-01 00:14:30
ubuntucve
ubuntucve
CVE-2016-7646
2017-02-20 00:00:00
CVE-2016-7587
2017-02-20 00:00:00
CVE-2016-7648
2017-02-20 00:00:00
debiancve
debiancve
CVE-2016-7649
2017-02-20 08:59:00
CVE-2016-7587
2017-02-20 08:59:00
CVE-2016-7648
2017-02-20 08:59:00
cve
cve
CVE-2016-7587
2017-02-20 08:59:00
CVE-2016-7649
2017-02-20 08:59:00
CVE-2016-7589
2017-02-20 08:59:00
prion
prion
Memory corruption
2017-02-20 08:59:00
Memory corruption
2017-02-20 08:59:00
Memory corruption
2017-02-20 08:59:00
zdi
zdi
Apple Safari RenderObject Use-After-Free Remote Code Execution Vulnerability
2016-12-13 00:00:00
Apple Safari HTMLLabelElement Use-After-Free Remote Code Execution Vulnerability
2016-12-13 00:00:00
gentoo
gentoo
WebKitGTK+: Multiple vulnerabilities
2017-06-07 00:00:00
JSON
Related for ITUNES_12_5_4_BANNER.NASL
apple12nessus10openvas11fedora2ubuntu1archlinux1mageia1suse4ubuntucve23debiancve23cve23prion23zdi2gentoo1