Mac OS X : Java for Mac OS X 10.5 Update 2

2008-09-2500:00:00

www.tenable.com

10 High

AI Score

Confidence

High

JSON

The remote Mac OS X 10.5 host is running a version of Java for Mac OS X that is missing update 2.

The remote version of this software contains several security vulnerabilities that may allow a rogue Java applet to execute arbitrary code on the remote host.

To exploit these flaws, an attacker would need to lure an attacker into executing a rogue Java applet.

#TRUSTED 13bc146403fe21f615bfc603bb12bc927a6aa3cab145b54cd0b164032bf671ad611a150dffabeed03115a1f9707376fb35f8ff9183c5fda57f34cbb8d87d41ada9c77f35e9f72fc88317a35181a3de8cae1f7e0e59df3db593bcbd4a79c62b163fac9f3f524d96789be00a4ab516d57f08e5daa3cffc759e4a951ac71c9bd764f26011fcd9ad0adf77de8b5fbd090061b8d295254309600dc0b0c2dd36ebde10235e3f54b2a2b8717acdf96b84d6cfbfe304a027078e6ac2875476ef4f2b988f7d1128092cabdd0a8e5273a6a473ef7e5d7e7d5aa06de5d8ee43461543c7a41cad4bfe2189f3a86f46c343e2cc0ed204562c4717219a7b0a7a891e7e603a9ebe1e1358da495e6100aaa5ce3fa47cc4c0eb3f00e5a61e262841bffc03a9ba2c668958bd736af5ca93e978647c75cbc117dcaff6d4e3543353228b6b83c4c0dbe11cbaf9a5ab185939480e7021d744c5575ef08cb1757f08578eac7f56d25181a01c67e19e95c345af0e812669475467aa545941b69c9fcc5498ca0c7f84c3360a23fb5e8a4ec96c9d3ae112507fa7c72336ebc7730c8ebbfee7020466ad2d2fb0dcdb56605fe0db5edcb66e1e2a0efe7e230a7f4c7e74fe1947e44c3d42bd8bb84850603c67e53ba611982a4183579c7981b300d21e80bd924dbd17445e022dd8b88a7d0d0c0215453eadc209b000c740f52efc6a988bd3cbe4957fb3bef3c969
#TRUST-RSA-SHA256 41d82da669381b82f95a19222fa6c50f49800762787422170bd4af014ca0575760ebf011ec51c829713af1d203c08c986bba482102f0a76faf5416e2d3b5b9caa87106461a2116ee2d58dbb055fa39829a1f0076b4c162b2c3957bde112a990017c5c787a86a22adfdefbd98d8f40c70d1f96ac07ae01f67aaab62d3d8db94d3931d0758ea35081cb5710a5d478238d494cc2d87c28a244417334388af2ed276dcb0ef27ec10335ffb0c02edc215ea11a2985cc5704d511462523939bb52f47937fda9d8f34e8b823da7b65b4431a7fc4fa0ac7328fdeb718421facbbaacf96b3ddfffe1c79de5cb363b1b64cd210731a633fa10de0f26e102c53163f9ee6a9e5c027bdee077ba647a77bf52a1da3f33f27c9185fa1218803ac0b9ccb73c223d4042f312064252f464d80c5f49f35fcd2a19ce9ddff7debe29862924a51fc62fbcc9d1295a43385c0116b1f16f5ca1cbad8d04d57802611b9d56e63a8f7e3404a520efe62b4b5e2b55ffc402ed5f7d7d65d202ce7b6ac211b6230795ddc0905c9555d2d5f3a5e2247b53b4eca2a328bc42d20efbfc8f5020d98242691290abdce7e90a36d725ff4a750a10dd1c76985e9b1199d1c7feafa16337a577a6da08d2493acb307ff0bcc180caedba5df76323c5f111233d7e765397b887e8c557f9b6fddc410248c7658b0ae01e8891ad6afc820d566f832f35582690c26dabc01150
#
# (C) Tenable Network Security, Inc.
#


include("compat.inc");

if (description)
{
 script_id(34290);
 script_version("1.20");
 script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/27");

 script_cve_id(
  "CVE-2008-1185",
  "CVE-2008-1186",
  "CVE-2008-1187",
  "CVE-2008-1188",
  "CVE-2008-1189",
  "CVE-2008-1190",
  "CVE-2008-1191",
  "CVE-2008-1192",
  "CVE-2008-1193",
  "CVE-2008-1194",
  "CVE-2008-1195",
  "CVE-2008-1196",
  "CVE-2008-3103",
  "CVE-2008-3104",
  "CVE-2008-3105",
  "CVE-2008-3106",
  "CVE-2008-3107",
  "CVE-2008-3108",
  "CVE-2008-3109",
  "CVE-2008-3110",
  "CVE-2008-3111",
  "CVE-2008-3112",
  "CVE-2008-3113",
  "CVE-2008-3114",
  "CVE-2008-3115",
  "CVE-2008-3637",
  "CVE-2008-3638"
 );
 script_bugtraq_id(28125, 30144, 30146, 31379, 31380);

 script_name(english:"Mac OS X : Java for Mac OS X 10.5 Update 2");
 script_summary(english:"Check for Java Update 2 on Mac OS X 10.5");

 script_set_attribute(attribute:"synopsis", value:"The remote host is affected by multiple vulnerabilities.");
 script_set_attribute(attribute:"description", value:
"The remote Mac OS X 10.5 host is running a version of Java for Mac OS X
that is missing update 2.

The remote version of this software contains several security
vulnerabilities that may allow a rogue Java applet to execute arbitrary
code on the remote host.

To exploit these flaws, an attacker would need to lure an attacker into
executing a rogue Java applet.");
 script_set_attribute(attribute:"see_also", value:"http://support.apple.com/kb/HT3179");
 script_set_attribute(attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2008/Sep/msg00007.html");
 script_set_attribute(attribute:"solution", value:"Upgrade to Java for Mac OS X 10.5 update 2");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2008-3113");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:'D2ExploitPack');
 script_cwe_id(264);

 script_set_attribute(attribute:"patch_publication_date", value:"2008/09/24");
 script_set_attribute(attribute:"plugin_publication_date", value:"2008/09/25");

 script_set_attribute(attribute:"plugin_type", value:"local");
 script_end_attributes();

 script_category(ACT_GATHER_INFO);

 script_copyright(english:"This script is Copyright (C) 2008-2023 Tenable Network Security, Inc.");
 script_family(english:"MacOS X Local Security Checks");

 script_dependencies("ssh_get_info.nasl");
 script_require_keys("Host/MacOSX/packages");
 exit(0);
}

if ( ! defined_func("bn_random") ) exit(0);


include("misc_func.inc");
include("ssh_func.inc");
include("macosx_func.inc");


enable_ssh_wrappers();

function exec(cmd)
{
 local_var ret, buf;

 if ( islocalhost() )
  buf = pread_wrapper(cmd:"/bin/bash", argv:make_list("bash", "-c", cmd));
 else
 {
  ret = ssh_open_connection();
  if ( ! ret ) exit(0);
  buf = ssh_cmd(cmd:cmd);
  ssh_close_connection();
 }

 if ( buf !~ "^[0-9]" ) exit(0);

 buf = chomp(buf);
 return buf;
}


packages = get_kb_item("Host/MacOSX/packages");
if ( ! packages ) exit(0);

uname = get_kb_item("Host/uname");
# Mac OS X 10.5 only
if ( egrep(pattern:"Darwin.* 9\.", string:uname) )
{
 cmd = _GetBundleVersionCmd(file:"JavaPluginCocoa.bundle", path:"/Library/Internet Plug-Ins", label:"CFBundleVersion");
 buf = exec(cmd:cmd);
 if ( ! strlen(buf) ) exit(0);
 array = split(buf, sep:'.', keep:FALSE);
 # Fixed in version 12.2.0
 if ( int(array[0]) < 12 ||
     (int(array[0]) == 12 && int(array[1]) < 2 ) )
 {
   security_hole(0);
 }
}