Mac OS X : Java for Mac OS X 10.6 Update 14

2013-03-05T00:00:00
ID MACOSX_JAVA_10_6_UPDATE14.NASL
Type nessus
Reporter Tenable
Modified 2017-05-30T00:00:00

Description

The remote Mac OS X host has a version of Java for Mac OS X 10.6 that is missing Update 14, which updates the Java version to 1.6.0_43. It is, therefore, affected by two security vulnerabilities, the most serious of which may allow an untrusted Java applet to execute arbitrary code with the privileges of the current user outside the Java sandbox.

Note that an exploit for CVE-2013-1493 has been observed in the wild.

                                        
                                            #TRUSTED 4fa9177f60b558e112afde6244d0e400305a487e5008571266e162c031e94aab2219b54c232b71f7d027b63a2f6e1cf8f49b99a968401341f555f5cf9d13110017b066090e72d1d6ef0b32ac61599062eacb3ceb7d54d47090f136c51377d4da802b36dd4c3dcad3ef289717a73e1991b8a0aa35a06d433d83b39db98f9fbab89d2620acd54bd4e4e049918b3a8ff32d25ff69241adb6d9c7ee90c132841c095c1e85f04a8f1bdb727fc8b815d02fd09a7e9fc936c9f076ed223f87658dae621d9407f469aa4b57f18433c54da32d6d5e2d645261c57e9bc16a4ebe80df0b20177150ee05961dbed76b3013a738ba1c1522cc4ff2143434605d99e99c728d4f1a16efa8e8fcd14f1e694ca5151c7206aba867d5f51270da23e3e7eba1bc715adb7b5422e1bba92051a923f7d5de1b5b9625c6661d2691901bcab78c3e50170a698bc5758a6a90a191779492c8d8113f203f69d874cb1e25612bc7d7ff60cb14880d74229260995d1651f7e05434c9152eb75959d3166c88b69ff88f490b812f6d87fb6a11004951297de98b45475d94dce5cb43f88b89715374bb7bcc6dfa38752f36e6bfc771054792672d4615a7e730c6eedf15cc3bba5720572f9a2b965884df7479249f56029bc994b2324e7c7848b782109bf0fdc9a69b241a62ef911ee4235d4795920b0f351a59a1cf7e353d25d4f136f203e3a661910532c3ef4d9d3
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(65027);
  script_version("1.12");
  script_set_attribute(attribute:"plugin_modification_date", value:"2017/05/30");

  script_cve_id("CVE-2013-0809", "CVE-2013-1493");
  script_bugtraq_id(58238, 58296);
  script_osvdb_id(90737, 90837);
  script_xref(name:"APPLE-SA", value:"APPLE-SA-2013-03-04-1");

  script_name(english:"Mac OS X : Java for Mac OS X 10.6 Update 14");
  script_summary(english:"Checks version of the JavaVM framework");

  script_set_attribute(
    attribute:"synopsis",
    value:
"The remote host has a version of Java that is affected by multiple
vulnerabilities."
  );
  script_set_attribute(
    attribute:"description",
    value:
"The remote Mac OS X host has a version of Java for Mac OS X 10.6 that
is missing Update 14, which updates the Java version to 1.6.0_43.  It
is, therefore, affected by two security vulnerabilities, the most
serious of which may allow an untrusted Java applet to execute arbitrary
code with the privileges of the current user outside the Java sandbox.

Note that an exploit for CVE-2013-1493 has been observed in the wild."
  );
  script_set_attribute(attribute:"see_also", value:"http://www.zerodayinitiative.com/advisories/ZDI-13-142/");
  script_set_attribute(attribute:"see_also", value:"http://www.zerodayinitiative.com/advisories/ZDI-13-148/");
  script_set_attribute(attribute:"see_also", value:"http://www.zerodayinitiative.com/advisories/ZDI-13-149/");
  script_set_attribute(attribute:"see_also", value:"http://www.oracle.com/technetwork/java/javase/6u43-relnotes-1915290.html");
  script_set_attribute(attribute:"see_also", value:"http://support.apple.com/kb/HT5677");
  script_set_attribute(attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2013/Mar/msg00000.html");
  script_set_attribute(attribute:"see_also", value:"http://www.securityfocus.com/archive/1/525890/30/0/threaded");
  script_set_attribute(
    attribute:"solution",
    value:
"Upgrade to Java for Mac OS X 10.6 Update 14, which includes version
13.9.3 of the JavaVM Framework."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Java CMM Remote Code Execution');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/02/28");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/03/04");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/03/05");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:java_1.6");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"MacOS X Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2013-2017 Tenable Network Security, Inc.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/MacOSX/Version");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("ssh_func.inc");
include("macosx_func.inc");



if(sshlib::get_support_level() >= sshlib::SSH_LIB_SUPPORTS_COMMANDS)
  enable_ssh_wrappers();
else disable_ssh_wrappers();

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

os = get_kb_item("Host/MacOSX/Version");
if (!os) audit(AUDIT_OS_NOT, "Mac OS X");
if (!ereg(pattern:"Mac OS X 10\.6([^0-9]|$)", string:os))
  audit(AUDIT_OS_NOT, "Mac OS X 10.6");


plist = "/System/Library/Frameworks/JavaVM.framework/Versions/A/Resources/version.plist";
cmd =
  'plutil -convert xml1 -o - \'' + plist + '\' | ' +
  'grep -A 1 CFBundleVersion | ' +
  'tail -n 1 | ' +
  'sed \'s/.*string>\\(.*\\)<\\/string>.*/\\1/g\'';
version = exec_cmd(cmd:cmd);
if (!strlen(version)) exit(1, "Failed to get the version of the JavaVM Framework.");

version = chomp(version);
if (!ereg(pattern:"^[0-9]+\.", string:version)) exit(1, "The JavaVM Framework version does not appear to be numeric ("+version+").");

fixed_version = "13.9.3";
if (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)
{
  if (report_verbosity > 0)
  {
    report =
      '\n  Framework         : JavaVM' +
      '\n  Installed version : ' + version +
      '\n  Fixed version     : ' + fixed_version + '\n';
    security_hole(port:0, extra:report);
  }
  else security_hole(0);
}
else audit(AUDIT_INST_VER_NOT_VULN, "JavaVM Framework", version);