Mac OS X : Java for Mac OS X 10.5 Update 4

2009-06-1700:00:00

www.tenable.com

7.3 High

AI Score

Confidence

Low

JSON

The remote Mac OS X 10.5 host is running a version of Java for Mac OS X that is missing Update 4.

The remote version of this software contains several security vulnerabilities. A remote attacker could exploit these issues to bypass security restrictions, disclose sensitive information, cause a denial of service, or escalate privileges.

#TRUSTED 975f19336eb436a30b21f026556fa2f9f32a18693311a833d395063b47c0e41cd4b82aaf5a26ebbef8c1cd32f96408bf7ac11d903c3e7f97e91e46e26cf0f8068eb98e29a6f2022ad6af76ed133591ef4671c53f5346150d8e4f667f03a3ac733314aa44a0f2b4076de9e79e20ed24f7bbdce056ef982b85d49d5aa6847dad26100fe50ed716af0d3dacdfa5904b2ab8ac794b34f97024ecaed4dabfafe96f3429c6b7113fa239d9ef4959994ca7247e225f7a40c1e283d9e50438bb69ad976b4e526c34ada4cd202e97ba6d5513c2fa61756acf25db14e53bb8a6ace7d147b478cd914abcc28f4895805d6dc8dc490756c4fd9d9aaa51ab1142cf3f6a7ec3297a80ad5c376405e2a29574b921022ea543b590c32e7882d37d9fe66d0a2e43bb4a24628b6a3a511f79d75d03f96b4f995ecf932fcb5dfb3488f7bc8ea56030613372ab5c8edaa0c57309b8454b80324eeca24ec8d35a9335b90b62b0e776ac05374b4f3208d50422cb5f49656cb7f376a65ef61a7074d0c139436859acbc5785d73fa18d4c8bae5e881c2e3dc05a1bb4bfe7d259bd64027ebc74202963e576cc09fe19b42f4aa03e3652d30322fc6564fd8baf7d375858856e1f5cc97918cebbc456dba7fe060d573a6a892f62092604ecf8a25e59999cdea51530ed916c86d46324614f955f86e7d54075bb329b313a2d88ce8ee5af507ca8a107dad2e2f207
#TRUST-RSA-SHA256 721dc0084cbea454ad5f025bbb070a0cba6ff10e0f97696e50a482aed5e2d18cf36bde99b04b281ac05b32e6545fbc971d6999f80220dd41266ca9c4204749bbc401003c39e8b6370bbcc6d47d5fbee9e0b470e47a20480ad60e4c50c6c2f8bfc0cad894382b4924c387cf79639f116a03b6be54be61ec0e1aee7aa686b8980eef9ec4aeb57bdbddd98c88c82ea1f6fc15fd6d1b56c82446de7e18bbf8d4621158a41e446146d8e0eeeb04b7aa57da56374945ccb7d20a93ce05afaea93d80545069ab8a26afa07cb4e0d6d8b7c90cb2c2c5d04bd019c242df828b0d9605bff03d11bfdaee44fe286daf57db1cc69bfe3c6f071285971bbaf29b1cb134d6c2102ca103dba2cf4f72ba6219d87ee7b9ec565f0227cf3aa7eb593a72baa5c111ab730edb259fbf25a5f4a87f9e314d2f4ace24dcde735938de345c34cc85479850ca76db457095859f9d2d30a81caa81b7100028b4f74235dece3924e4d3ae24c56ba80d32fc3ff5712ff942c72fcd73bd6e35cf31d56bd6b7bcb7109b24e2af3d8e0571bb479c7cb7a15f94afc95650c8481aa8f4454f22379550971fa05b91226ef99f51476a05919dd63c7ecc6745ef13aaf26d68107f29116dc2158c0dad22ac19665ec66fadcb909c71fe810f9d54e8faf878d7171541b838e7041ea0fcc94ca3f402822e10b4cc6c590c4f28fa7305ad721c42919e6bae08f3e57bdc8289
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(39435);
  script_version("1.21");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/27");

  script_cve_id(
    "CVE-2008-2086",
    "CVE-2008-5339",
    "CVE-2008-5340",
    "CVE-2008-5341",
    "CVE-2008-5342",
    "CVE-2008-5343",
    "CVE-2008-5344",
    "CVE-2008-5345",
    "CVE-2008-5346",
    "CVE-2008-5347",
    "CVE-2008-5348",
    "CVE-2008-5349",
    "CVE-2008-5350",
    "CVE-2008-5351",
    "CVE-2008-5352",
    "CVE-2008-5353",
    "CVE-2008-5354",
    "CVE-2008-5356",
    "CVE-2008-5357",
    "CVE-2008-5359",
    "CVE-2008-5360",
    "CVE-2009-1093",
    "CVE-2009-1094",
    "CVE-2009-1095",
    "CVE-2009-1096",
    "CVE-2009-1097",
    "CVE-2009-1098",
    "CVE-2009-1099",
    "CVE-2009-1100",
    "CVE-2009-1101",
    "CVE-2009-1103",
    "CVE-2009-1104",
    "CVE-2009-1106",
    "CVE-2009-1107",
    "CVE-2009-1719"
  );
  script_bugtraq_id(32620, 32892, 32608, 34240, 35381);
  script_xref(name:"Secunia", value:"35118");

  script_name(english:"Mac OS X : Java for Mac OS X 10.5 Update 4");
  script_summary(english:"Checks version of the JavaVM framework");

  script_set_attribute(
    attribute:"synopsis",
    value:
"The remote host has a version of Java that is affected by multiple
vulnerabilities."
  );
  script_set_attribute(
    attribute:"description",
    value:
"The remote Mac OS X 10.5 host is running a version of Java for
Mac OS X that is missing Update 4.

The remote version of this software contains several security
vulnerabilities.  A remote attacker could exploit these issues to
bypass security restrictions, disclose sensitive information, cause a
denial of service, or escalate privileges."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.apple.com/kb/HT3632"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://lists.apple.com/archives/Security-announce/2009/Jun/msg00003.html"
  );
  script_set_attribute(
    attribute:"solution",
    value:
"Upgrade to Java for Mac OS X 10.5 Update 4 (JavaVM Framework 12.3.0)
or later."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2009-1096");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:'CANVAS');
  script_set_attribute(attribute:"metasploit_name", value:'Sun Java Calendar Deserialization Privilege Escalation');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
  script_cwe_id(94);

  script_set_attribute(attribute:"patch_publication_date", value:"2009/06/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2009/06/17");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"MacOS X Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2009-2023 Tenable Network Security, Inc.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/MacOSX/packages");

  exit(0);
}


include("misc_func.inc");
include("ssh_func.inc");
include("macosx_func.inc");



enable_ssh_wrappers();

function exec(cmd)
{
  local_var buf, ret;

  if (islocalhost())
    buf = pread_wrapper(cmd:"/bin/bash", argv:make_list("bash", "-c", cmd));
  else
  {
    ret = ssh_open_connection();
    if (!ret) exit(1, "ssh_open_connection() failed.");
    buf = ssh_cmd(cmd:cmd);
    ssh_close_connection();
  }
  if (buf !~ "^[0-9]") exit(1, "Failed to get the version - '"+buf+"'.");
  return buf;
}


packages = get_kb_item("Host/MacOSX/packages");
if (!packages) exit(1, "The 'Host/MacOSX/packages' KB item is missing.");

uname = get_kb_item("Host/uname");
if (!uname) exit(1, "The 'Host/uname' KB item is missing.");


# Mac OS X 10.5 only.
if (egrep(pattern:"Darwin.* 9\.", string:uname))
{
  plist = "/System/Library/Frameworks/JavaVM.framework/Versions/A/Resources/version.plist";
  cmd = string(
    "cat ", plist, " | ",
    "grep -A 1 CFBundleVersion | ",
    "tail -n 1 | ",
    'sed \'s/.*string>\\(.*\\)<\\/string>.*/\\1/g\''
  );
  version = exec(cmd:cmd);
  if (!strlen(version)) exit(1, "Failed to get version info from '"+plist+"'.");

  ver = split(version, sep:'.', keep:FALSE);
  for (i=0; i<max_index(ver); i++)
    ver[i] = int(ver[i]);

  # Fixed in version 12.3.0
  if (
    ver[0] < 12 ||
    (ver[0] == 12 && ver[1] < 3)
  )
  {
    gs_opt = get_kb_item("global_settings/report_verbosity");
    if (gs_opt && gs_opt != 'Quiet')
    {
      report =
        '\n  Installed version : ' + version +
        '\n  Fixed version     : 12.3.0\n';
      security_hole(port:0, extra:report);
    }
    else security_hole(0);
  }
  else exit(0, "The remote host is not affected since JavaVM Framework " + version + " is installed.");
}