The remote Mac OS X 10.5 host is running a version of Java for Mac OS X that is missing Update 4.
The remote version of this software contains several security vulnerabilities. A remote attacker could exploit these issues to bypass security restrictions, disclose sensitive information, cause a denial of service, or escalate privileges.
#TRUSTED 975f19336eb436a30b21f026556fa2f9f32a18693311a833d395063b47c0e41cd4b82aaf5a26ebbef8c1cd32f96408bf7ac11d903c3e7f97e91e46e26cf0f8068eb98e29a6f2022ad6af76ed133591ef4671c53f5346150d8e4f667f03a3ac733314aa44a0f2b4076de9e79e20ed24f7bbdce056ef982b85d49d5aa6847dad26100fe50ed716af0d3dacdfa5904b2ab8ac794b34f97024ecaed4dabfafe96f3429c6b7113fa239d9ef4959994ca7247e225f7a40c1e283d9e50438bb69ad976b4e526c34ada4cd202e97ba6d5513c2fa61756acf25db14e53bb8a6ace7d147b478cd914abcc28f4895805d6dc8dc490756c4fd9d9aaa51ab1142cf3f6a7ec3297a80ad5c376405e2a29574b921022ea543b590c32e7882d37d9fe66d0a2e43bb4a24628b6a3a511f79d75d03f96b4f995ecf932fcb5dfb3488f7bc8ea56030613372ab5c8edaa0c57309b8454b80324eeca24ec8d35a9335b90b62b0e776ac05374b4f3208d50422cb5f49656cb7f376a65ef61a7074d0c139436859acbc5785d73fa18d4c8bae5e881c2e3dc05a1bb4bfe7d259bd64027ebc74202963e576cc09fe19b42f4aa03e3652d30322fc6564fd8baf7d375858856e1f5cc97918cebbc456dba7fe060d573a6a892f62092604ecf8a25e59999cdea51530ed916c86d46324614f955f86e7d54075bb329b313a2d88ce8ee5af507ca8a107dad2e2f207
#TRUST-RSA-SHA256 721dc0084cbea454ad5f025bbb070a0cba6ff10e0f97696e50a482aed5e2d18cf36bde99b04b281ac05b32e6545fbc971d6999f80220dd41266ca9c4204749bbc401003c39e8b6370bbcc6d47d5fbee9e0b470e47a20480ad60e4c50c6c2f8bfc0cad894382b4924c387cf79639f116a03b6be54be61ec0e1aee7aa686b8980eef9ec4aeb57bdbddd98c88c82ea1f6fc15fd6d1b56c82446de7e18bbf8d4621158a41e446146d8e0eeeb04b7aa57da56374945ccb7d20a93ce05afaea93d80545069ab8a26afa07cb4e0d6d8b7c90cb2c2c5d04bd019c242df828b0d9605bff03d11bfdaee44fe286daf57db1cc69bfe3c6f071285971bbaf29b1cb134d6c2102ca103dba2cf4f72ba6219d87ee7b9ec565f0227cf3aa7eb593a72baa5c111ab730edb259fbf25a5f4a87f9e314d2f4ace24dcde735938de345c34cc85479850ca76db457095859f9d2d30a81caa81b7100028b4f74235dece3924e4d3ae24c56ba80d32fc3ff5712ff942c72fcd73bd6e35cf31d56bd6b7bcb7109b24e2af3d8e0571bb479c7cb7a15f94afc95650c8481aa8f4454f22379550971fa05b91226ef99f51476a05919dd63c7ecc6745ef13aaf26d68107f29116dc2158c0dad22ac19665ec66fadcb909c71fe810f9d54e8faf878d7171541b838e7041ea0fcc94ca3f402822e10b4cc6c590c4f28fa7305ad721c42919e6bae08f3e57bdc8289
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(39435);
script_version("1.21");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/27");
script_cve_id(
"CVE-2008-2086",
"CVE-2008-5339",
"CVE-2008-5340",
"CVE-2008-5341",
"CVE-2008-5342",
"CVE-2008-5343",
"CVE-2008-5344",
"CVE-2008-5345",
"CVE-2008-5346",
"CVE-2008-5347",
"CVE-2008-5348",
"CVE-2008-5349",
"CVE-2008-5350",
"CVE-2008-5351",
"CVE-2008-5352",
"CVE-2008-5353",
"CVE-2008-5354",
"CVE-2008-5356",
"CVE-2008-5357",
"CVE-2008-5359",
"CVE-2008-5360",
"CVE-2009-1093",
"CVE-2009-1094",
"CVE-2009-1095",
"CVE-2009-1096",
"CVE-2009-1097",
"CVE-2009-1098",
"CVE-2009-1099",
"CVE-2009-1100",
"CVE-2009-1101",
"CVE-2009-1103",
"CVE-2009-1104",
"CVE-2009-1106",
"CVE-2009-1107",
"CVE-2009-1719"
);
script_bugtraq_id(32620, 32892, 32608, 34240, 35381);
script_xref(name:"Secunia", value:"35118");
script_name(english:"Mac OS X : Java for Mac OS X 10.5 Update 4");
script_summary(english:"Checks version of the JavaVM framework");
script_set_attribute(
attribute:"synopsis",
value:
"The remote host has a version of Java that is affected by multiple
vulnerabilities."
);
script_set_attribute(
attribute:"description",
value:
"The remote Mac OS X 10.5 host is running a version of Java for
Mac OS X that is missing Update 4.
The remote version of this software contains several security
vulnerabilities. A remote attacker could exploit these issues to
bypass security restrictions, disclose sensitive information, cause a
denial of service, or escalate privileges."
);
script_set_attribute(
attribute:"see_also",
value:"http://support.apple.com/kb/HT3632"
);
script_set_attribute(
attribute:"see_also",
value:"http://lists.apple.com/archives/Security-announce/2009/Jun/msg00003.html"
);
script_set_attribute(
attribute:"solution",
value:
"Upgrade to Java for Mac OS X 10.5 Update 4 (JavaVM Framework 12.3.0)
or later."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2009-1096");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
script_set_attribute(attribute:"canvas_package", value:'CANVAS');
script_set_attribute(attribute:"metasploit_name", value:'Sun Java Calendar Deserialization Privilege Escalation');
script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
script_cwe_id(94);
script_set_attribute(attribute:"patch_publication_date", value:"2009/06/15");
script_set_attribute(attribute:"plugin_publication_date", value:"2009/06/17");
script_set_attribute(attribute:"plugin_type", value:"local");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"MacOS X Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2009-2023 Tenable Network Security, Inc.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/MacOSX/packages");
exit(0);
}
include("misc_func.inc");
include("ssh_func.inc");
include("macosx_func.inc");
enable_ssh_wrappers();
function exec(cmd)
{
local_var buf, ret;
if (islocalhost())
buf = pread_wrapper(cmd:"/bin/bash", argv:make_list("bash", "-c", cmd));
else
{
ret = ssh_open_connection();
if (!ret) exit(1, "ssh_open_connection() failed.");
buf = ssh_cmd(cmd:cmd);
ssh_close_connection();
}
if (buf !~ "^[0-9]") exit(1, "Failed to get the version - '"+buf+"'.");
return buf;
}
packages = get_kb_item("Host/MacOSX/packages");
if (!packages) exit(1, "The 'Host/MacOSX/packages' KB item is missing.");
uname = get_kb_item("Host/uname");
if (!uname) exit(1, "The 'Host/uname' KB item is missing.");
# Mac OS X 10.5 only.
if (egrep(pattern:"Darwin.* 9\.", string:uname))
{
plist = "/System/Library/Frameworks/JavaVM.framework/Versions/A/Resources/version.plist";
cmd = string(
"cat ", plist, " | ",
"grep -A 1 CFBundleVersion | ",
"tail -n 1 | ",
'sed \'s/.*string>\\(.*\\)<\\/string>.*/\\1/g\''
);
version = exec(cmd:cmd);
if (!strlen(version)) exit(1, "Failed to get version info from '"+plist+"'.");
ver = split(version, sep:'.', keep:FALSE);
for (i=0; i<max_index(ver); i++)
ver[i] = int(ver[i]);
# Fixed in version 12.3.0
if (
ver[0] < 12 ||
(ver[0] == 12 && ver[1] < 3)
)
{
gs_opt = get_kb_item("global_settings/report_verbosity");
if (gs_opt && gs_opt != 'Quiet')
{
report =
'\n Installed version : ' + version +
'\n Fixed version : 12.3.0\n';
security_hole(port:0, extra:report);
}
else security_hole(0);
}
else exit(0, "The remote host is not affected since JavaVM Framework " + version + " is installed.");
}
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2086
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5339
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5340
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5341
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5342
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5343
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5344
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5345
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5346
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5347
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5348
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5349
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5350
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5351
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5352
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5353
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5354
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5356
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5357
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5359
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5360
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1093
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1094
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1095
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1096
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1097
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1098
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1099
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1100
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1101
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1103
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1104
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1106
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1107
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1719
lists.apple.com/archives/Security-announce/2009/Jun/msg00003.html
support.apple.com/kb/HT3632