The remote Mac OS X 10.5 host is running a version of Java for Mac OS X that is missing Update 3.
The remote version of this software contains several security vulnerabilities in Java Web Start and the Java Plug-in. For instance, they may allow untrusted Java Web Start applications and untrusted Java applets to obtain elevated privileges. If an attacker can lure a user on the affected host into visiting a specially crafted web page with a malicious Java applet, he could leverage these issues to execute arbitrary code subject to the user’s privileges.
#TRUSTED 3a510192994b6c9aef75fb0bc9c07d754f28d79841114fa6ea26cbeb1acb9d2bbcbb28979ced6d347be3409e2c178c8af6a493036750c064d69c0fea3afa97945fde436fe59792bb2228daf7de007ba6583ee30ed5e730a386dcfcaaf1f4668f43603ca9346d2c98729c5f180615eb4f67645862ee086e7c96b6590e4eef2dd19a6f9028d4a6dd24129cbfbb37721a29163295d546fdb30b6667b3df4af2edf96e369732c2aacd67a311d911b9e72ebeea88a8aa8131e1d7605c85a9046a042d76757fa54471f41ba7ef845af781262b4ef7c9f9cd4d544f22497eff37ed526f6e92b33c2f3e28c84ae5040ee6a5a03fda4ef03670edcef65025d4712ecdf3b671e8f76d6c05fc25381e39d9bf2ef9f8ee2283d83e8350d46e77ae07f35be83423c1c38c0eaa491a2dd8f8c23faaf27e2618313b2c61c548c8e4c97e3f90ecba6f46eedde7a4ec22dd0d99186507112ebd7e85228292496b9dbcf9ad14a02b2289d49ca59833a6ccd8fafe0748d16a6ad963ede1bc93e272d386ff71cfd933c039f6e3c0ef5fe29ba179f9044760b78beeec86c8c65d36a13fc38f613f9add14bb138931a3fbb8536eb2f976dc7445c9b565a7b826eb9606b8da670a7cb77cce37d685489bf911fe2c685b988377845545b5b3a004d02df691f20f8e78af86cd2382223c5c141f41afc596e06fd1f4e717f4ff9f80ef8494f20ea14579d8129e
#TRUST-RSA-SHA256 4ff4e8966d382703efa9e502735e686eff522a7d92ad1c18a744ddb2fdff80f214fb81b2df88a33ccb01d78c3ea25ce376b89319fdeec1b0b2119ccb54dd75f4281b73ebeb30a98195ccd8d8e9a3dc94d72ea2a6ada338b865866a0ea69a0cfa863282a5d519783c7d8f3bc4b4f79c165a54ff66991dab53e7bdd00e66a0c5ccb919f73f93e69ac3d0505fab4be5d99653489be87518b5e30011573fbbcc98096cb150ee17a0f4e45dd1fa50284b2ed4602ba8e1eec27fd07e6d82e425d3cf7c8a5371a076206d8fe6e74418380e939285cb11ce76cd6245aaeee4e9edacec421a10bad4e9c16cc7e94248f99a854efe900f4a6e7a191c7355af2932e3c39bfa454c1d65c02e96ee7b1f438cbdcb58275d7670e8a5f2e7cdd687c9b309c8676048840b7c06bcb5365b07dbaa5134aeef4efdc442d4880abdcef564b66f818756e80e8e1ee4896adc5852f5189333348f5690eeb7bc6f6018b5e486f1def677e7fe760755c224e03fecfe2283603c696b58293cd668b65828734988dfbed5a95817048bea6c1962a644440025263a245929a8448bb60d851424da916886ace0b302cf2c6fde7abca8497d14470d8b76a184e74cd271c94ccce10c8d07268e829f709c20ddc4d2eb67b3d8c6c19d7eac46709d09515968eea104b580dbfc7e1e9f13e6e45f9a008a3596b2fc615830a82d693a06ade198324314df373ceb4c2572
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(35686);
script_version("1.17");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/27");
script_cve_id(
"CVE-2008-2086",
"CVE-2008-5340",
"CVE-2008-5342",
"CVE-2008-5343"
);
script_bugtraq_id(32892);
script_name(english:"Mac OS X : Java for Mac OS X 10.5 Update 3");
script_summary(english:"Checks for Java Update 3 on Mac OS X 10.5");
script_set_attribute(attribute:"synopsis", value:
"The remote host has a version of Java that is affected by multiple
vulnerabilities.");
script_set_attribute(attribute:"description", value:"
The remote Mac OS X 10.5 host is running a version of Java for Mac OS X
that is missing Update 3.
The remote version of this software contains several security
vulnerabilities in Java Web Start and the Java Plug-in. For instance,
they may allow untrusted Java Web Start applications and untrusted Java
applets to obtain elevated privileges. If an attacker can lure a user
on the affected host into visiting a specially crafted web page with a
malicious Java applet, he could leverage these issues to execute
arbitrary code subject to the user's privileges.");
script_set_attribute(attribute:"see_also", value:"http://support.apple.com/kb/HT3437");
script_set_attribute(attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2009/Feb/msg00003.html");
script_set_attribute(attribute:"solution", value:"Upgrade to Java for Mac OS X 10.5 Update 3.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2008-5340");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(94);
script_set_attribute(attribute:"patch_publication_date", value:"2009/02/12");
script_set_attribute(attribute:"plugin_publication_date", value:"2009/02/13");
script_set_attribute(attribute:"plugin_type", value:"local");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"MacOS X Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2009-2023 Tenable Network Security, Inc.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/MacOSX/packages");
exit(0);
}
if (!defined_func("bn_random")) exit(0);
include("misc_func.inc");
include("ssh_func.inc");
include("macosx_func.inc");
enable_ssh_wrappers();
function exec(cmd)
{
local_var ret, buf;
if (islocalhost())
buf = pread_wrapper(cmd:"/bin/bash", argv:make_list("bash", "-c", cmd));
else
{
ret = ssh_open_connection();
if (!ret) exit(0);
buf = ssh_cmd(cmd:cmd);
ssh_close_connection();
}
if (buf !~ "^[0-9]") exit(0);
buf = chomp(buf);
return buf;
}
packages = get_kb_item("Host/MacOSX/packages");
if (!packages) exit(0);
# Mac OS X 10.5 only.
uname = get_kb_item("Host/uname");
if (egrep(pattern:"Darwin.* 9\.", string:uname))
{
plist = "/System/Library/Frameworks/JavaVM.framework/Versions/A/Resources/version.plist";
cmd = string(
"cat ", plist, " | ",
"grep -A 1 CFBundleVersion | ",
"tail -n 1 | ",
'sed \'s/.*string>\\(.*\\)<\\/string>.*/\\1/g\''
);
version = exec(cmd:cmd);
if (!strlen(version)) exit(0);
ver = split(version, sep:'.', keep:FALSE);
for (i=0; i<max_index(ver); i++)
ver[i] = int(ver[i]);
# Fixed in version 12.2.2.
if (
ver[0] < 12 ||
(
ver[0] == 12 &&
(
ver[1] < 2 ||
(ver[1] == 2 && ver[2] < 2)
)
)
) security_hole(0);
}
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2086
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5340
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5342
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5343
lists.apple.com/archives/security-announce/2009/Feb/msg00003.html
support.apple.com/kb/HT3437