Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.ITUNES_12_6_BANNER.NASL
HistoryMay 08, 2017 - 12:00 a.m.

Apple iTunes < 12.6 Multiple Vulnerabilities (uncredentialed check)

2017-05-0800:00:00
This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
27
JSON

The version of Apple iTunes running on the remote host is prior to 12.6. It is, therefore, affected by multiple vulnerabilities :

  • Multiple vulnerabilities exist in the expat component, the most severe of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these vulnerabilities to cause a denial of service condition or the execution of arbitrary code in the context of the current user. (CVE-2009-3270, CVE-2009-3560, CVE-2009-3720, CVE-2012-1147, CVE-2012-1148, CVE-2012-6702, CVE-2015-1283, CVE-2016-0718, CVE-2016-4472, CVE-2016-5300)

  • Multiple vulnerabilities exist in the SQLite component, the most severe of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these vulnerabilities by convincing a user to open a specially crafted file, to cause a denial of service condition or the execution of arbitrary code in the context of the current user. (CVE-2013-7443, CVE-2015-3414, CVE-2015-3415, CVE-2015-3416, CVE-2015-3717, CVE-2015-6607, CVE-2016-6153)

  • An information disclosure vulnerability exists in the APNs server component due to client certificates being transmitted in cleartext. A man-in-the-middle attacker can exploit this to disclose sensitive information.
    (CVE-2017-2383)

  • A use-after-free error exists in the WebKit component due to improper handling of RenderBox objects. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2017-2463)

  • Multiple universal cross-site scripting (XSS) vulnerabilities exist in the WebKit component due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit these vulnerabilities, by convincing a user to visit a specially crafted web page, to execute arbitrary script code in a user’s browser session. (CVE-2017-2479, CVE-2017-2480, CVE-2017-2493)

  • An integer overflow condition exists in the libxslt component in the xsltAddTextString() function in transform.c due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause an out-of-bounds write, resulting in the execution of arbitrary code. (CVE-2017-5029)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(100026);
  script_version("1.4");
  script_cvs_date("Date: 2019/11/13");

  script_cve_id(
    "CVE-2009-3270",
    "CVE-2009-3560",
    "CVE-2009-3720",
    "CVE-2012-1147",
    "CVE-2012-1148",
    "CVE-2012-6702",
    "CVE-2013-7443",
    "CVE-2015-1283",
    "CVE-2015-3414",
    "CVE-2015-3415",
    "CVE-2015-3416",
    "CVE-2015-3717",
    "CVE-2015-6607",
    "CVE-2016-0718",
    "CVE-2016-4472",
    "CVE-2016-5300",
    "CVE-2016-6153",
    "CVE-2017-2383",
    "CVE-2017-2463",
    "CVE-2017-2479",
    "CVE-2017-2480",
    "CVE-2017-5029"
  );
  script_bugtraq_id(
    36097,
    37203,
    52379,
    74228,
    75491,
    75973,
    76089,
    76970,
    79354,
    90729,
    91159,
    91483,
    91528,
    91546,
    96767,
    97175,
    97176
  );
  script_xref(name:"APPLE-SA", value:"APPLE-SA-2017-03-22-1");
  script_xref(name:"APPLE-SA", value:"APPLE-SA-2017-03-28-2");
  script_xref(name:"EDB-ID", value:"12509");

  script_name(english:"Apple iTunes < 12.6 Multiple Vulnerabilities (uncredentialed check)");
  script_summary(english:"Checks the version of iTunes.");

  script_set_attribute(attribute:"synopsis", value:
"An application running on the remote host is affected by multiple
vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Apple iTunes running on the remote host is prior to
12.6. It is, therefore, affected by multiple vulnerabilities :

  - Multiple vulnerabilities exist in the expat component,
    the most severe of which are remote code execution
    vulnerabilities. An unauthenticated, remote attacker can
    exploit these vulnerabilities to cause a denial of
    service condition or the execution of arbitrary code in
    the context of the current user. (CVE-2009-3270,
    CVE-2009-3560, CVE-2009-3720, CVE-2012-1147,
    CVE-2012-1148, CVE-2012-6702, CVE-2015-1283,
    CVE-2016-0718, CVE-2016-4472, CVE-2016-5300)

  - Multiple vulnerabilities exist in the SQLite component,
    the most severe of which are remote code execution
    vulnerabilities. An unauthenticated, remote attacker can
    exploit these vulnerabilities by convincing a user to
    open a specially crafted file, to cause a denial of
    service condition or the execution of arbitrary code in
    the context of the current user. (CVE-2013-7443,
    CVE-2015-3414, CVE-2015-3415, CVE-2015-3416,
    CVE-2015-3717, CVE-2015-6607, CVE-2016-6153)

  - An information disclosure vulnerability exists in the
    APNs server component due to client certificates being
    transmitted in cleartext. A man-in-the-middle attacker
    can exploit this to disclose sensitive information.
    (CVE-2017-2383)

  - A use-after-free error exists in the WebKit component
    due to improper handling of RenderBox objects. An
    unauthenticated, remote attacker can exploit this to
    execute arbitrary code. (CVE-2017-2463)

  - Multiple universal cross-site scripting (XSS)
    vulnerabilities exist in the WebKit component due to
    improper validation of user-supplied input. An
    unauthenticated, remote attacker can exploit these
    vulnerabilities, by convincing a user to visit a
    specially crafted web page, to execute arbitrary script
    code in a user's browser session. (CVE-2017-2479,
    CVE-2017-2480, CVE-2017-2493)

  - An integer overflow condition exists in the libxslt
    component in the xsltAddTextString() function in
    transform.c due to improper validation of user-supplied
    input. An unauthenticated, remote attacker can exploit
    this to cause an out-of-bounds write, resulting in the
    execution of arbitrary code. (CVE-2017-5029)

Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.");
  script_set_attribute(attribute:"see_also", value:"https://support.apple.com/en-us/HT207599");
  script_set_attribute(attribute:"see_also", value:"https://support.apple.com/en-us/HT207598");
  # https://lists.apple.com/archives/security-announce/2017/Mar/msg00000.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d1057132");
  # https://lists.apple.com/archives/security-announce/2017/Mar/msg00001.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?8b01bc68");
  # https://lists.apple.com/archives/security-announce/2017/Mar/msg00010.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?65be44ae");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Apple iTunes version 12.6 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-0718");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_cwe_id(119, 399);

  script_set_attribute(attribute:"vuln_publication_date", value:"2009/01/17");
  script_set_attribute(attribute:"patch_publication_date", value:"2017/03/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/05/08");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:itunes");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Peer-To-Peer File Sharing");

  script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("itunes_sharing.nasl");
  script_require_keys("iTunes/sharing");
  script_require_ports("Services/www", 3689);

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");

port = get_http_port(default:3689, embedded:TRUE, ignore_broken:TRUE);

get_kb_item_or_exit("iTunes/" + port + "/enabled");

type = get_kb_item_or_exit("iTunes/" + port + "/type");
source = get_kb_item_or_exit("iTunes/" + port + "/source");
version = get_kb_item_or_exit("iTunes/" + port + "/version");

if (type == 'AppleTV') audit(AUDIT_OS_NOT, "Windows or Mac OS");

fixed_version = "12.6";

if (ver_compare(ver:version, fix:fixed_version, strict:FALSE) < 0)
{
  report = '\n  Version source    : ' + source +
           '\n  Installed version : ' + version +
           '\n  Fixed version     : ' + fixed_version +
           '\n';
  security_report_v4(port:port, extra:report, severity:SECURITY_HOLE, xss:TRUE);
}
else audit(AUDIT_LISTEN_NOT_VULN, "iTunes", port, version);
VendorProductVersionCPE
appleitunescpe:/a:apple:itunes

References

Related

nessus 64
apple 6
openvas 56
ubuntu 5
ubuntucve 2
ibm 18
fedora 6
gentoo 3
slackware 1
securityvulns 2
freebsd 3
osv 5
centos 2
oraclelinux 2
kaspersky 1
debian 6
redhat 2
amazon 1
f5 4
cloudfoundry 1
suse 4
archlinux 4
mageia 1
nessus
nessus
Apple iTunes < 12.6 Multiple Vulnerabilities (credentialed check)
2017-05-08 00:00:00
Apple iTunes < 12.6 Multiple Vulnerabilities (macOS) (credentialed check)
2017-05-08 00:00:00
Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : expat (SSA:2016-359-01)
2016-12-27 00:00:00
apple
apple
About the security content of iTunes 12.6 for Windows
2017-03-21 00:00:00
About the security content of iTunes 12.6 for Windows - Apple Support
2017-12-11 11:38:44
About the security content of iTunes 12.6
2017-03-21 00:00:00
openvas
openvas
Apple iTunes Multiple Vulnerabilities-HT207599 (Windows)
2017-03-30 00:00:00
Apple iTunes Multiple Vulnerabilities-HT207598 (MAC OS X)
2017-03-30 00:00:00
Apple iCloud Multiple Vulnerabilities-HT207607 (Windows)
2017-05-16 00:00:00
ubuntu
ubuntu
XML-RPC for C and C++ vulnerabilities
2016-06-20 00:00:00
SQLite vulnerabilities
2015-07-30 00:00:00
Expat vulnerabilities
2016-06-20 00:00:00
ubuntucve
ubuntucve
CVE-2015-6607
2015-10-06 00:00:00
CVE-2016-5300
2016-06-06 00:00:00
ibm
ibm
Security Bulletin: Multiple Security Vulnerabilities in Expat affect IBM Netezza Analytics
2019-10-18 03:10:29
Security Bulletin: Multiple Expat XML Parser vulnerabilities in Prospect
2018-06-17 15:27:43
Security Bulletin: Multiple OpenSource Expat XML Vulnerabilities affect IBM DB2 Net Search Extender for Linux, Unix and Windows
2018-06-16 13:43:54
fedora
fedora
[SECURITY] Fedora 23 Update: expat-2.1.1-2.fc23
2016-06-19 07:27:54
[SECURITY] Fedora 24 Update: expat-2.1.1-2.fc24
2016-06-21 19:27:49
[SECURITY] Fedora 22 Update: expat-2.1.1-2.fc22
2016-07-12 02:27:38
gentoo
gentoo
Expat: Multiple vulnerabilities
2017-01-11 00:00:00
SQLite: Multiple vulnerabilities
2015-07-07 00:00:00
Expat: Multiple vulnerabilities
2012-09-24 00:00:00
slackware
slackware
[slackware-security] expat
2016-12-24 19:24:21
securityvulns
securityvulns
[ MDVSA-2015:217 ] sqlite3
2015-05-05 00:00:00
SQLite multiple security vulnerabilities
2015-05-05 00:00:00
freebsd
freebsd
sqlite -- multiple vulnerabilities
2015-04-14 00:00:00
expat -- multiple vulnerabilities
2016-03-18 00:00:00
apr -- multiple vunerabilities
2010-10-02 00:00:00
osv
osv
sqlite3 - security update
2015-05-06 00:00:00
expat - security update
2016-05-19 00:00:00
expat - security update
2016-06-07 00:00:00
centos
centos
lemon, sqlite security update
2015-08-17 16:54:44
expat security update
2009-12-07 23:34:29
oraclelinux
oraclelinux
sqlite security update
2015-08-17 00:00:00
expat security update
2009-12-07 00:00:00
kaspersky
kaspersky
KLA10565 Denial of service vulnerabilities in SQLite
2015-04-24 00:00:00
debian
debian
[SECURITY] [DSA 3252-1] sqlite3 security update
2015-05-06 20:22:58
[SECURITY] [DSA 3582-1] expat security update
2016-05-18 05:18:57
[SECURITY] [DSA 3582-1] expat security update
2016-05-18 05:18:57
redhat
redhat
(RHSA-2015:1635) Moderate: sqlite security update
2015-08-17 00:00:00
(RHSA-2009:1625) Moderate: expat security update
2009-12-07 00:00:00
amazon
amazon
Medium: sqlite
2015-09-02 12:00:00
f5
f5
K37236006 : SQLite vulnerabilities CVE-2015-3414 and CVE-2015-3415
2016-06-07 00:00:00
SOL37236006 - SQLite vulnerabilities CVE-2015-3414 and CVE-2015-3415
2016-06-07 00:00:00
SOL15905 - Expat vulnerabilities CVE-2009-3560 and CVE-2009-3720
2014-12-11 00:00:00
cloudfoundry
cloudfoundry
USN-3010-1 Expat vulnerabilities | Cloud Foundry
2016-07-13 00:00:00
suse
suse
Security update for expat (important)
2016-06-08 12:07:50
Security update for expat (important)
2016-06-07 13:08:02
Security update for expat (important)
2016-05-30 14:09:21
archlinux
archlinux
expat: arbitrary code execution
2016-05-18 00:00:00
lib32-expat: arbitrary code execution
2016-05-18 00:00:00
expat: multiple issues
2016-06-13 00:00:00
mageia
mageia
Updated expat packages fix security vulnerabilities
2016-06-17 08:58:14
JSON
Related for ITUNES_12_6_BANNER.NASL
nessus64apple6openvas56ubuntu5ubuntucve2ibm18fedora6gentoo3slackware1securityvulns2freebsd3osv5centos2oraclelinux2kaspersky1debian6redhat2amazon1f54cloudfoundry1suse4archlinux4mageia1