Mac OS X : Java for Mac OS X 10.5 Update 5

2009-09-0300:00:00

www.tenable.com

7.2 High

AI Score

Confidence

High

JSON

The remote Mac OS X host is running a version of Java for Mac OS X 10.5 that is missing Update 5.

The remote version of this software contains several security vulnerabilities, including some that may allow untrusted Java applets to obtain elevated privileges and lead to execution of arbitrary code with the privileges of the current user.

#TRUSTED 6d79133b8cde63360a6ceb0eb82380550aa044abb602d8407be2aaad44e10fd229262c1ea61bf1386f5d0fea32f10a2428cf778d42317af71bfc0dedee39ab5ecdcfeb476a6ce813b497dba5a4fabe68e726402f955f6195adbb938512cc5fb544bfa3b279b7f9bb1c7c6de00c8fd5ab0c9d9799b161373a6c585f355c36e2aeb30752c6572d027466a8d8568d87f1416d36d97aefc7e8b37db0a4424deea42a6eeaf330bf6e4973d114dfd69965ca25f7afe9e164e7c6d46f1a6fc26a2b123015bf1f2e8aa27cb83f2a122d1eedd2fa19dd667f875ad4cfd167340945a593e86883ce9ee6967c4b34755024601138c60c2e2fdc47ca93028db316ace3aaba115b6175d6d7f402fcc4bd9bc19eaa5abc4685f7b456a3f52c53254f52334da4f6bec27675f6e9635c338b5778fa142b9867a302b29e21635a90cf0e864499070ad5c9ae9c15f0990a19aa8bae1ef29b83e0593999804bc0d3a7bbf92c7f2a202adaa436cf0dd8cb28885ac97300e5faaebc6e61cbb0bed1480eec8084114c8ab8501f3334d574c5943af28f7bcac71accb7aff8a1a02194c15c7fa1fc5664a90bab9ee92b16ce7f24d54dd0cc7deadc509e9cdcf5a5b6b592df16597a210586b30eaf40b5e6afca4089f8668fa265ea282271f431f28f00ac1c0ce2305de90fb220a4ca3c5ff50e7e1fc7704e5b09589a445887ef06d0cb4648fb419d7bd30018
#TRUST-RSA-SHA256 38b24fe372b7a7e74099976a243c0bc76b209ca4827b7fc345e6b3d1ff35e0f11f6177600e9a5a02285d7456600b414e7e0e6579103dfe2fa44853ed144e587ab8397b8f7a6a8c531fbf7bcc8144e100a40a4d814a960b9289f1d0dae6d3b28e71c569229f2bfdf950a59f16e4b3341ec3ee21d02136dab236ac5651a9407389684d3cffeaffcac72839f32034f69c36fddb767b204dd27bdb0d7a4ccf67905236340023df0098015b783393f228b41d0e685eb44e0349bc80d8b505ab888bd8bb20789c7bd5d0ba2444f3706b2ce1ddb05ab0769b78f866cb400d9d55d25e55f235197c33a8817f8bc0c4cc60b506b5b41d72e51a80e2834130d25b7d064575baea061198b7052be05012f30c5ec4b70c9ccf220771eebbf44cc61cb3600a13f5f7a22f4f84250424727f6b43584d32ffcb6530255dc69bf8e41d2d70383154fd6ab4950f71af693acb68e456c8074032ea0b6d2363789ccf6e081baf597ab677cbdf8e75e5d6d5e5a0f37ffe54572195ac1d574c1f90713131f1339f6bf63a0c20da9d01586004b5c20ee0477a3617abf0813b48e6dd9bfd5e56d546c680c848905e3e101ce88e464cdb2d047ed2342bfcdbcd6cb96e55e0b3c3fb38593440307483d69f2ce1509d637fe05842280f1463a6418ab6fc354cdf175cf4826924e71a6fd141a4a67a9530d7ac7cc646925a69a01e1538b9d597f2d19b7a39e606
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(40873);
  script_version("1.20");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/27");

  script_cve_id(
    "CVE-2009-0217",
    "CVE-2009-2205",
    "CVE-2009-2475",
    "CVE-2009-2476",
    "CVE-2009-2625",
    "CVE-2009-2670",
    "CVE-2009-2671",
    "CVE-2009-2672",
    "CVE-2009-2673",
    "CVE-2009-2674",
    "CVE-2009-2675",
    "CVE-2009-2689",
    "CVE-2009-2690",
    "CVE-2009-2722",
    "CVE-2009-2723"
  );
  script_bugtraq_id(35671, 35939, 35942, 35943, 35958);

  script_name(english:"Mac OS X : Java for Mac OS X 10.5 Update 5");
  script_summary(english:"Checks version of the JavaVM framework");

  script_set_attribute(
    attribute:"synopsis",
    value:
"The remote host has a version of Java that is affected by multiple
vulnerabilities."
  );
  script_set_attribute(
    attribute:"description",
    value:
"The remote Mac OS X host is running a version of Java for Mac OS X
10.5 that is missing Update 5.

The remote version of this software contains several security
vulnerabilities, including some that may allow untrusted Java applets
to obtain elevated privileges and lead to execution of arbitrary code
with the privileges of the current user."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.apple.com/kb/HT3851"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.securityfocus.com/advisories/17819"
  );
  script_set_attribute(
    attribute:"solution",
    value:"Upgrade to Java for Mac OS X 10.5 Update 5 or later."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2009-2723");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(264);

  script_set_attribute(attribute:"patch_publication_date", value:"2009/09/03");
  script_set_attribute(attribute:"plugin_publication_date", value:"2009/09/03");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"MacOS X Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2009-2023 Tenable Network Security, Inc.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/MacOSX/packages");

  exit(0);
}


include("misc_func.inc");
include("ssh_func.inc");
include("macosx_func.inc");



enable_ssh_wrappers();

function exec(cmd)
{
  local_var buf, ret;

  if (islocalhost())
    buf = pread_wrapper(cmd:"/bin/bash", argv:make_list("bash", "-c", cmd));
  else
  {
    ret = ssh_open_connection();
    if (!ret) exit(1, "ssh_open_connection() failed.");
    buf = ssh_cmd(cmd:cmd);
    ssh_close_connection();
  }
  if (buf !~ "^[0-9]") exit(1, "Failed to get the version - '"+buf+"'.");
  return buf;
}


packages = get_kb_item("Host/MacOSX/packages");
if (!packages) exit(1, "The 'Host/MacOSX/packages' KB item is missing.");

uname = get_kb_item("Host/uname");
if (!uname) exit(1, "The 'Host/uname' KB item is missing.");


# Mac OS X 10.5 only.
if (!egrep(pattern:"Darwin.* 9\.", string:uname)) exit(0, "The remote Mac is not affected.");

plist = "/System/Library/Frameworks/JavaVM.framework/Versions/A/Resources/version.plist";
cmd = string(
  "cat ", plist, " | ",
  "grep -A 1 CFBundleVersion | ",
  "tail -n 1 | ",
  'sed \'s/.*string>\\(.*\\)<\\/string>.*/\\1/g\''
);
version = exec(cmd:cmd);
if (!strlen(version)) exit(1, "Can't get version info from '"+plist+"'.");

ver = split(version, sep:'.', keep:FALSE);
for (i=0; i<max_index(ver); i++)
  ver[i] = int(ver[i]);

# Fixed in version 12.4.1.
if (
  ver[0] < 12 ||
  (
    ver[0] == 12 &&
    (
      ver[1] < 4 ||
      (ver[1] == 4 && ver[2] < 1)
    )
  )
)
{
  gs_opt = get_kb_item("global_settings/report_verbosity");
  if (gs_opt && gs_opt != 'Quiet')
  {
    report =
      '\n  Installed version : ' + version +
      '\n  Fixed version     : 12.4.1\n';
    security_hole(port:0, extra:report);
  }
  else security_hole(0);
}
else exit(0, "The remote host is not affected since JavaVM Framework version "+version+" is installed.");