Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2010-2018 Tenable Network Security, Inc.MACOSX_ITUNES_9_1.NASL
HistoryMar 31, 2010 - 12:00 a.m.

iTunes < 9.1 Multiple Vulnerabilities (Mac OS X)

2010-03-3100:00:00
This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
www.tenable.com
12

6.9 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.003 Low

EPSS

Percentile

70.2%

JSON

The remote version of iTunes is older than 9.1. Such versions are potentially affected by multiple vulnerabilities :

  • An infinite loop in the application’s handling of imported MP4 podcast files may lead to an application crash and prevent subsequent operation. (CVE-2010-0531)

  • Syncing a mobile device may allow a local user to gain the privileges of the console user due to an insecure file operation in the handling of log files.
    (CVE-2010-1768)

#
# (C) Tenable Network Security, Inc.
#


include("compat.inc");


if (description)
{
  script_id(45389);
  script_version("1.14");
  script_cvs_date("Date: 2018/07/14  1:59:35");

  script_cve_id("CVE-2010-0531", "CVE-2010-1768");
  script_bugtraq_id(39113, 42538);

  script_name(english:"iTunes < 9.1 Multiple Vulnerabilities (Mac OS X)");
  script_summary(english:"Checks version of iTunes");

  script_set_attribute(
    attribute:"synopsis",
    value:
"The remote Mac OS X host contains an application affected by multiple
vulnerabilities."
  );
  script_set_attribute(
    attribute:"description",
    value:
"The remote version of iTunes is older than 9.1. Such versions are
potentially affected by multiple vulnerabilities :

  - An infinite loop in the application's handling of 
    imported MP4 podcast files may lead to an application
    crash and prevent subsequent operation. (CVE-2010-0531)

  - Syncing a mobile device may allow a local user to gain
    the privileges of the console user due to an insecure
    file operation in the handling of log files.
    (CVE-2010-1768)"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.apple.com/kb/HT4105"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://lists.apple.com/archives/security-announce/2010/Mar/msg00003.html"
  );
  script_set_attribute(
    attribute:"see_also", 
    value:"http://www.securityfocus.com/advisories/19388"
  );
  script_set_attribute(
    attribute:"solution",
    value:"Upgrade to iTunes 9.1 or later."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2010/03/30");
  script_set_attribute(attribute:"patch_publication_date", value:"2010/03/30");
  script_set_attribute(attribute:"plugin_publication_date", value:"2010/03/31");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:itunes");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"MacOS X Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.");

  script_dependencies("macosx_itunes_detect.nasl");
  script_require_keys("Host/MacOSX/Version", "installed_sw/iTunes");

  exit(0);
}

include("vcf.inc");

os = get_kb_item("Host/MacOSX/Version");
if (!os) audit(AUDIT_OS_NOT, "Mac OS X");

app_info = vcf::get_app_info(app:"iTunes");

constraints = [{"fixed_version" : "9.1"}];

vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);
VendorProductVersionCPE
appleitunescpe:/a:apple:itunes

Related

prion 2
cvelist 2
cve 2
nvd 2
openvas 2
securityvulns 2
nessus 3
prion
prion
Design/Logic Flaw
2010-03-31 18:30:00
Design/Logic Flaw
2010-08-20 20:00:00
cvelist
cvelist
CVE-2010-0531
2010-03-31 18:00:00
CVE-2010-1768
2010-08-20 19:00:00
cve
cve
CVE-2010-0531
2010-03-31 18:30:00
CVE-2010-1768
2010-08-20 20:00:01
nvd
nvd
CVE-2010-0531
2010-03-31 18:30:00
CVE-2010-1768
2010-08-20 20:00:01
openvas
openvas
Apple iTunes Multiple Vulnerabilities - Apr10
2010-04-06 00:00:00
Apple iTunes Multiple Vulnerabilities (APPLE-SA-2010-03-30-2)
2010-04-06 00:00:00
securityvulns
securityvulns
Apple iTunes multiple security uvlnerabilities
2010-08-19 00:00:00
About the security content of iTunes 9.1
2010-08-19 00:00:00
nessus
nessus
iTunes < 9.1 Multiple Vulnerabilities
2010-03-31 00:00:00
Apple iTunes < 9.1 Multiple Vulnerabilities (uncredentialed check)
2010-03-31 00:00:00
Apple iTunes < 9.1 Multiple Vulnerabilities (credentialed check)
2010-03-31 00:00:00

6.9 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.003 Low

EPSS

Percentile

70.2%

JSON
Related for MACOSX_ITUNES_9_1.NASL
prion2cvelist2cve2nvd2openvas2securityvulns2nessus3