Lucene search

K
nessusThis script is Copyright (C) 2010-2023 Tenable Network Security, Inc.MACOSX_JAVA_10_6_UPDATE3.NASL
HistoryOct 20, 2010 - 12:00 a.m.

Mac OS X : Java for Mac OS X 10.6 Update 3

2010-10-2000:00:00
This script is Copyright (C) 2010-2023 Tenable Network Security, Inc.
www.tenable.com
15

7.1 High

AI Score

Confidence

Low

The remote Mac OS X host is running a version of Java for Mac OS X 10.6 that is missing Update 3.

The remote version of this software contains several security vulnerabilities, including some that may allow untrusted Java applets or applications to obtain elevated privileges and lead to execution of arbitrary code with the privileges of the current user outside the Java sandbox.

#TRUSTED 5a4f1c06c352093d604bb0d84a2239067ecd916228d771bdb4f49a5152edfde4c7d9e88537c491131d6bfc8d5a741cb5be84b02d1f9ac8d67aa838e88d3aa1a6444559a0d25513b44713eebb0fb38a61a00e7aadfd017a793bd5dba5f4ddfe9ecb425bfb062f958e652027c3803b9f7fe8181f77b47176effdb8404e2a6d7bfc8b6214955dde9515fb8450de441560ab5f0f7251c092f219023cfdd93fbac2b722fd9a9e622a7ee51f9ba04feb8011043bd2cafbd2d255f41ccc395d52ca971bafdf3b1caa567b4543376ff377f7950d8deea620bb2101af0e58044c008ae524c70d69ac9d582753d1c13edb86528f585d5956e20da6e0e7745a9abfca6cf48a6390b4afb9c6f9ed56250b2606e0369ad85cdc84d61d31fd083a2e2627d792a37aaf6c032710b2e1dbf105eefa175dc6e72fb28cd634268b6d58f951d317cb01dd4ca278557bf1e1b794c3e6f5f23eb4469e44dac349ab90c3580fbeaae3aae0cfef9024cac59be89d124db028c1a086415754c02656d1463a77e5d589cae78cffc83732e0e8d2e5185a33e135c439b1ae381e8c32100317bb04a8dc34f55f72f4f0fb3bc7acc3e46b5496a81139dc32f5cb3f1b00ab3a5e1bb1e6c86350fdb52deb1ad60b6e16ec33e2b41c6a5c77ba5cbaf8b4225b071698204fa0602b309a3579ef21c0935dbd3bc975cd4029060b29100075c5a42f1ad882ed9f67d54665
#TRUST-RSA-SHA256 56a8c8200ad3754c0487ca1ac014bb4c8c3b15e69ac686749e9c4ec01037e4621be8bf383430222c33f3ad4ea1d76c39d2e21bdee1d3105401f13e992294739f494c5bdc85d61700c8db64dd068a8cf5a966205114cbc8ff188b0b7e784ef1dd3d23f96683de550ae40a5b07a414556cba9e9da3625662b1d4845be432cf2a3169ebfb59b8518fb750a45e725d84630de9957441e6bf1bbfaf4e94407c9a5d4fb2fab19d8dcdc6530a69149b98473192328b90ce1c785d71aed1df086f8b5a49f9073d8d57877b259cf69c1326ea4ca13c59254e317ec0502d946d00213f2f2d6e900cc3d0f973b31431759b2dbbb5d3b6fd27d8c579d74b95c0be0e7415d8d8deed7140ab8b0d5277aaa9738ad6d0f5c2a1ef223e99ae4aa2343950c0e4560e933aa93c8877ea18015e534693a14210f73ec1334a915f65b6e9f185efba02617b24c35cb850a8193d1769558617df7e40be38da167cefc25f54b06b5e9440698fdf0e32b10b28ef5de87a5e6422ab6b2b689e69f21255821b9bccd371e687aa48bf594888fece7873af10439726bbc32986c2150f589c7661c299cdaddc3b3791b8840694478663a6ebb513c3f8c0b3b0aa2fd0d6377c48e85845a6a5d4b82f3ab410fbefd42212e9d411fbd5aa7a1448c5ba1b61f3729a047bcc0c622cacad5fb38fcd2933585f4ce73aa35d674c27ace6c0eb8bc1756e93010bb338a8b68f
#
# (C) Tenable Network Security, Inc.
#



include("compat.inc");


if (description)
{
  script_id(50073);
  script_version("1.16");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/27");

  script_cve_id(
    "CVE-2009-3555",
    "CVE-2010-1321",
    "CVE-2010-1826",
    "CVE-2010-1827"
  );
  script_bugtraq_id(36935, 40235, 44277, 44279);

  script_name(english:"Mac OS X : Java for Mac OS X 10.6 Update 3");
  script_summary(english:"Checks version of the JavaVM framework");

  script_set_attribute(
    attribute:"synopsis",
    value:
"The remote host has a version of Java that is affected by multiple
vulnerabilities."
  );
  script_set_attribute(
    attribute:"description",
    value:
"The remote Mac OS X host is running a version of Java for Mac OS X
10.6 that is missing Update 3.

The remote version of this software contains several security
vulnerabilities, including some that may allow untrusted Java applets
or applications to obtain elevated privileges and lead to execution of
arbitrary code with the privileges of the current user outside the
Java sandbox."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.apple.com/kb/HT4417"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://lists.apple.com/archives/security-announce/2010/Oct/msg00000.html"
  );
  script_set_attribute(
    attribute:"solution",
    value:"Upgrade to Java for Mac OS X 10.6 Update 3 or later."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2010-1321");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_cwe_id(310);

  script_set_attribute(attribute:"vuln_publication_date", value:"2009/11/04");
  script_set_attribute(attribute:"patch_publication_date", value:"2010/10/20");
  script_set_attribute(attribute:"plugin_publication_date", value:"2010/10/20");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"MacOS X Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2010-2023 Tenable Network Security, Inc.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/MacOSX/packages");

  exit(0);
}

if (!defined_func("bn_random")) exit(0);
if (NASL_LEVEL < 3000) exit(0);


include("misc_func.inc");
include("ssh_func.inc");
include("macosx_func.inc");



enable_ssh_wrappers();

function exec(cmd)
{
  local_var ret, buf;

  if (islocalhost())
    buf = pread_wrapper(cmd:"/bin/bash", argv:make_list("bash", "-c", cmd));
  else
  {
    ret = ssh_open_connection();
    if (!ret) exit(1, "ssh_open_connection() failed.");
    buf = ssh_cmd(cmd:cmd);
    ssh_close_connection();
  }
  if (buf !~ "^[0-9]") exit(1, "Failed to get the version - '"+buf+"'.");

  buf = chomp(buf);
  return buf;
}


packages = get_kb_item("Host/MacOSX/packages");
if (!packages) exit(1, "The 'Host/MacOSX/packages' KB item is missing.");

uname = get_kb_item("Host/uname");
if (!uname) exit(1, "The 'Host/uname' KB item is missing.");

# Mac OS X 10.6 only.
if (!egrep(pattern:"Darwin.* 10\.", string:uname)) exit(0, "The remote Mac is not running Mac OS X 10.6 and thus is not affected.");

plist = "/System/Library/Frameworks/JavaVM.framework/Versions/A/Resources/version.plist";
cmd = 
  'cat ' + plist + ' | ' +
  'grep -A 1 CFBundleVersion | ' +
  'tail -n 1 | ' +
  'sed \'s/.*string>\\(.*\\)<\\/string>.*/\\1/g\'';
version = exec(cmd:cmd);
if (!strlen(version)) exit(1, "Can't get version info from '"+plist+"'.");

ver = split(version, sep:'.', keep:FALSE);
for (i=0; i<max_index(ver); i++)
  ver[i] = int(ver[i]);

# Fixed in version 13.3.0.
if (
  ver[0] < 13 ||
  (ver[0] == 13 && ver[1] < 3)
)
{
  gs_opt = get_kb_item("global_settings/report_verbosity");
  if (gs_opt && gs_opt != 'Quiet')
  {
    report = 
      '\n  Installed version : ' + version + 
      '\n  Fixed version     : 13.3.0\n';
    security_hole(port:0, extra:report);
  }
  else security_hole(0);
}
else exit(0, "The remote host is not affected since JavaVM Framework version "+version+" is installed.");