Mac OS X : Java for Mac OS X 10.5 Update 9

2011-03-0900:00:00

www.tenable.com

9.7 High

AI Score

Confidence

High

JSON

The remote Mac OS X host is running a version of Java for Mac OS X 10.5 that is missing Update 9. As such, it is affected by several security vulnerabilities, the most serious of which may allow an untrusted Java applet to execute arbitrary code with the privileges of the current user outside the Java sandbox.

#TRUSTED 57b4391b167b1b15e2375bd1d141612bf8ef6c513b57c7057c450b9d026f847effb89f2cf7d678317528627891a5cc2c6cd5344883247a4663fc008984a39a431c351f6ca712d3dc8dbdb82e4482770a25f47f68ebe1531a74a0ccb7fd27d6f961c5d0da3a49ad5929aff0c88cd55bb8b50aa78586302c1f1de17724ec1bf6005855a01e3a171c9ee2367a14914a1bb6d1e23c77dc5589b065ceb93c101e9635458368c9f9ad6bedc7b51bed69022474e2fe5d6770ace5841ad2f8eaf29b3eee8608be94f2108abd00cfbf6883c76881fc013d87667affa42201a5a43508097a5cc7d15a55b66e8e7582dd542593319b25ab2d210abcddb699f6a23b8f74da555828a7adf9c372b0692ae0b8020aaafaab74994e2ee324e11b6fbcf15b6fbaf8c82f6030a4dd78f99722038a528f12699075776e835f8bd64f8153124ffd880ab50857a3dff0731880c847581a5e26fc7be99610c62f8e9b7711884af4a0b189df6cda80ca9fa00a9922954872dd7bbcd31beb6b5c6223fe0a96f0acdad556f8ef72f1078263239c94ac61d12255afa0920d953dab38b7e46e14028897257b702aea74b1f393488f2d6bfc7fb4ea908127a277a398c54d20a0b62ae65edf4202e3445b26a77f8fdea06b53be376607fc966c47819e29684805162b47d3b2591f1d9ca8603dafef10d9bba89eae4f959e7c2458ebfd45870689e99dfe4f747d1b
#TRUST-RSA-SHA256 9e6f9ff25790a71a8bcc0beca7c6a6291ed172f92919d2f5caadeb068e9eda2a24c7136fed78a7caf9ef7b8a2fa03cc67aec392ce5d7aba12e531de64a7efa051b28457b7a02793e8abd4044d25687c1dde2fd6fcb9db7de80dc19b09356fc5f2b6849cc28498f1cff31169bcd89fdff4ff63bc85550c9d6b419b7f5772743f7ee44cf4d12416081549448cc644d1b2dd70ef1a9516cfa7533fb054c66213158a5f8d071a9bf7ea53b7dc25d0482f8668fc578795e8be6306d8282087da278b217c1b2e73ca70163bb21b48d7981f5b03b122096fa7c6497bdb9e247e3484f6be087ffa584a3546350e4cad5f88f83a3d29fd009caa69ba78139910c9943369af64bf923b0c8526d691a2a22329f825c7094ce1be44e1680afe6ecfa31fe9ec00d61f37a6af699b98383a70fd62c3c5af3aedd4ea0491107c9314c096fe4a49d6d7d56460b5f221cc7272da5f86370889bb4ce24117af44bbe1a3d574138a351a0f34321d0106c6de2c95b80ba9786408e649b67af7f06adcbcd18abbf1230af23fb6463a7447f4e282aed195527241c791efdae412fc3b8aaa0b04091b5514082d0e375f7406310b2440236d7ed67663cb7a4ac50ca380906eb7da4934d699d07902d5d11ddb4f3a7de532d655aa0d7de2c99eca89d115fb3a773cf1410ea47c6aa24e186917be2c71661087694a8c1fba73dc84ec73360de2f91a0314eb376
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(52587);
  script_version("1.17");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/27");

  script_cve_id(
    "CVE-2010-4422",
    "CVE-2010-4447",
    "CVE-2010-4448",
    "CVE-2010-4450",
    "CVE-2010-4454",
    "CVE-2010-4462",
    "CVE-2010-4463",
    "CVE-2010-4465",
    "CVE-2010-4467",
    "CVE-2010-4468",
    "CVE-2010-4469",
    "CVE-2010-4470",
    "CVE-2010-4471",
    "CVE-2010-4472",
    "CVE-2010-4473",
    "CVE-2010-4476"
  );
  script_bugtraq_id(
    46091,
    46386,
    46387,
    46391,
    46393,
    46394,
    46395,
    46397,
    46398,
    46399,
    46400,
    46402,
    46403,
    46404,
    46406,
    46409
  );

  script_name(english:"Mac OS X : Java for Mac OS X 10.5 Update 9");
  script_summary(english:"Checks version of the JavaVM framework");

  script_set_attribute(
    attribute:"synopsis",
    value:
"The remote host has a version of Java that is affected by multiple
vulnerabilities."
  );
  script_set_attribute(
    attribute:"description",
    value:
"The remote Mac OS X host is running a version of Java for Mac OS X
10.5 that is missing Update 9.  As such, it is affected by several
security vulnerabilities, the most serious of which may allow an
untrusted Java applet to execute arbitrary code with the privileges of
the current user outside the Java sandbox."
  );
  script_set_attribute(attribute:"see_also", value:"http://support.apple.com/kb/HT4563");
  script_set_attribute(attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2011/Mar/msg00002.html");
  script_set_attribute(attribute:"solution", value:"Upgrade to Java for Mac OS X 10.5 Update 9 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2010-4473");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2011/02/01");
  script_set_attribute(attribute:"patch_publication_date", value:"2011/03/08");
  script_set_attribute(attribute:"plugin_publication_date", value:"2011/03/09");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"MacOS X Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2011-2023 Tenable Network Security, Inc.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/MacOSX/packages");

  exit(0);
}


include("misc_func.inc");
include("ssh_func.inc");
include("macosx_func.inc");



enable_ssh_wrappers();

function exec(cmd)
{
  local_var ret, buf;

  if (islocalhost())
    buf = pread_wrapper(cmd:"/bin/bash", argv:make_list("bash", "-c", cmd));
  else
  {
    ret = ssh_open_connection();
    if (!ret) exit(1, "ssh_open_connection() failed.");
    buf = ssh_cmd(cmd:cmd);
    ssh_close_connection();
  }
  return buf;
}


packages = get_kb_item("Host/MacOSX/packages");
if (!packages) exit(0, "The 'Host/MacOSX/packages' KB item is missing.");

uname = get_kb_item("Host/uname");
if (!uname) exit(1, "The 'Host/uname' KB item is missing.");


# Mac OS X 10.5 only.
if (!egrep(pattern:"Darwin.* 9\.", string:uname)) exit(0, "The remote Mac is not running Mac OS X 10.5 and thus is not affected.");

plist = "/System/Library/Frameworks/JavaVM.framework/Versions/A/Resources/version.plist";
cmd =
  'cat ' + plist + ' | ' +
  'grep -A 1 CFBundleVersion | ' +
  'tail -n 1 | ' +
  'sed \'s/.*string>\\(.*\\)<\\/string>.*/\\1/g\'';
version = exec(cmd:cmd);
if (!strlen(version)) exit(1, "Failed to get the version of the JavaVM Framework.");

version = chomp(version);
if (!ereg(pattern:"^[0-9]+\.", string:version)) exit(1, "The JavaVM Framework version does not appear to be numeric ("+version+").");

ver = split(version, sep:'.', keep:FALSE);
for (i=0; i<max_index(ver); i++)
  ver[i] = int(ver[i]);

# Fixed in version 12.8.0.
if (
  ver[0] < 12 ||
  (ver[0] == 12 && ver[1] < 8)
)
{
  gs_opt = get_kb_item("global_settings/report_verbosity");
  if (gs_opt && gs_opt != 'Quiet')
  {
    report =
      '\n  Installed version : ' + version +
      '\n  Fixed version     : 12.8.0\n';
    security_hole(port:0, extra:report);
  }
  else security_hole(0);
}
else exit(0, "The remote host is not affected since JavaVM Framework version "+version+" is installed.");