Mac OS X : Java for Mac OS X 10.6 Update 13

2013-02-20T00:00:00
ID MACOSX_JAVA_10_6_UPDATE13.NASL
Type nessus
Reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
Modified 2013-02-20T00:00:00

Description

The remote Mac OS X host has a version of Java for Mac OS X 10.6 that is missing Update 13, which updates the Java version to 1.6.0_41. It is, therefore, affected by several security vulnerabilities, the most serious of which may allow an untrusted Java applet to execute arbitrary code with the privileges of the current user outside the Java sandbox.

                                        
                                            #TRUSTED af743fadfc57589b5937d723d11b812cc40928d6e743f67badb53742b4d1e47000e334613ef4ef486b5160c830afdbde51e3543967639ea397a1a91e493732005d5d1670477f4d74a723ca8ac4541d416642e33164078af93d20ce450788ed483964b646cec498e4e348b6d53a6f3b085bbc33ffcc2841b905a43c3b88bd2fbddc87ec326c7cad6590c8be327459e1a260f45ddcde41dd4cdc9f2767e0f4c4b3e9cbda464ac2906f59ed99aa454e47df98d510b8e691aa95ecbe7b18569576f3dc02407bff233ec911c01c701c4a823bb41dde0e79691d0152016b286cf24874400da0ec1f344f12a56e6719976dc1eb1f3899e5153f070de8ef595687e6b85cd80ff698379ebe9c9bfec76da0f841f45500d4de78ae8acaf7da3f97a566dc85c2ded21ffd4a0fa0e9e827dc9ae9b165efecb6a7e15bb189283bb5826ff103c97be4d0040619af3baaa282ea604c841f8ab4eadf81af6e43148dfd4b7d025f836309f492f1370634ad794f1771c3ec2cf7c78c43c50b52d4a453cbb996fbb7b21d560d3b3e363fc8cab7b729b9d526f78b5b478c40e319567d62e8190619aef726e207fff6f20d64d41063ce5633bf14b0e6f4d83487c74f781918940527f497d8dff2722f5ac4c812241ef3e03c17f41cb924f24ffbe87a925097aa4ff498f9c58723b8e71ffef1f47fb41758512ced446fab4b455f5828233811e254f92015
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(64699);
  script_version("1.14");
  script_set_attribute(attribute:"plugin_modification_date", value:"2018/07/14");

  script_cve_id("CVE-2013-1486", "CVE-2013-1487", "CVE-2013-1488");
  script_bugtraq_id(58029, 58031);
  script_xref(name:"APPLE-SA", value:"APPLE-SA-2013-02-19-1");

  script_name(english:"Mac OS X : Java for Mac OS X 10.6 Update 13");
  script_summary(english:"Checks version of the JavaVM framework");

  script_set_attribute(
    attribute:"synopsis",
    value:
"The remote host has a version of Java that is affected by multiple
vulnerabilities."
  );
  script_set_attribute(
    attribute:"description",
    value:
"The remote Mac OS X host has a version of Java for Mac OS X 10.6 that
is missing Update 13, which updates the Java version to 1.6.0_41.  It
is, therefore, affected by several security vulnerabilities, the most
serious of which may allow an untrusted Java applet to execute arbitrary
code with the privileges of the current user outside the Java sandbox."
  );
  script_set_attribute(attribute:"see_also", value:"http://www.oracle.com/technetwork/java/javase/releasenotes-136954.html");
  script_set_attribute(attribute:"see_also", value:"http://support.apple.com/kb/HT5666");
  script_set_attribute(attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2013/Feb/msg00002.html");
  script_set_attribute(attribute:"see_also", value:"http://www.securityfocus.com/archive/1/525745/30/0/threaded");
  script_set_attribute(
    attribute:"solution",
    value:
"Upgrade to Java for Mac OS X 10.6 Update 13, which includes version
13.9.2 of the JavaVM Framework."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Java Applet Driver Manager Privileged toString() Remote Code Execution');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/02/19");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/02/19");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/02/20");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:java_1.6");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"MacOS X Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/MacOSX/Version");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("ssh_func.inc");
include("macosx_func.inc");



if(sshlib::get_support_level() >= sshlib::SSH_LIB_SUPPORTS_COMMANDS)
  enable_ssh_wrappers();
else disable_ssh_wrappers();

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

os = get_kb_item("Host/MacOSX/Version");
if (!os) audit(AUDIT_OS_NOT, "Mac OS X");
if (!ereg(pattern:"Mac OS X 10\.6([^0-9]|$)", string:os))
  audit(AUDIT_OS_NOT, "Mac OS X 10.6");


plist = "/System/Library/Frameworks/JavaVM.framework/Versions/A/Resources/version.plist";
cmd =
  'plutil -convert xml1 -o - \'' + plist + '\' | ' +
  'grep -A 1 CFBundleVersion | ' +
  'tail -n 1 | ' +
  'sed \'s/.*string>\\(.*\\)<\\/string>.*/\\1/g\'';
version = exec_cmd(cmd:cmd);
if (!strlen(version)) exit(1, "Failed to get the version of the JavaVM Framework.");

version = chomp(version);
if (!ereg(pattern:"^[0-9]+\.", string:version)) exit(1, "The JavaVM Framework version does not appear to be numeric ("+version+").");

fixed_version = "13.9.2";
if (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)
{
  if (report_verbosity > 0)
  {
    report =
      '\n  Framework         : JavaVM' +
      '\n  Installed version : ' + version +
      '\n  Fixed version     : ' + fixed_version + '\n';
    security_hole(port:0, extra:report);
  }
  else security_hole(0);
}
else audit(AUDIT_INST_VER_NOT_VULN, "JavaVM Framework", version);