Mac OS X : Java for Mac OS X 10.4 Release 8

2009-02-13T00:00:00
ID MACOSX_JAVA_REL8.NASL
Type nessus
Reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
Modified 2009-02-13T00:00:00

Description

The remote Mac OS X 10.4 host is running a version of Java for Mac OS X older than release 8.

The remote version of this software contains several security vulnerabilities in Java Web Start and the Java Plug-in. For instance, they may allow untrusted Java Web Start applications and untrusted Java applets to obtain elevated privileges. If an attacker can lure a user on the affected host into visiting a specially crafted web page with a malicious Java applet, he could leverage these issues to execute arbitrary code subject to the user

                                        
                                            #TRUSTED 74b0301aa9b4c6a7f825ea70f12b8c636d775ee3dc4033091b34a857bc0cc1a2ad7c104373687cdea60866f41c2e88db813c457f41cded4dbb700cfaf13b0fe8defc5c15c5432d033dd5d03262438b299850d278c9dd66fc17e9e8d9941d77bc613b68537e157d7d0a77b4c44356d7ad20e1b99212bcbb0c894fdb685ecec376491028b0ed93a072b5de8ff9eb4664d706b5e58885b971a68cad7a3b1133549217a743144f4a2c185e87d6690c29bcb949950c2c821113641b11bfb4c92ca66416f87ceabaff34c163af6e8f431b0ca3e5e9c7b8302d52dde5e45482ecd3a62dc8ceb2d363a2950cd21770338291894e93a21df41091eea9bf833146293cfcef4b66db2e5d555da646cea6096a67e1e75ed5bb2899173a1b6c8a6450976603f1b3db69cca38b319c4414ad76a37c1989792e935ebce3d53c718f11bf10acdfc6b281128024434e7aedd5ecc98b2bd4e1ab81affd36135e88efa2d8e6abc066182e3f964df6b9921eb1c5de92cc74bf13322f02e39ed8f0a54f2550b9ca8e613a61842a8c7ba6f92a010d74958d74453e945d4b650b5cba2fc35506eed1188ba87d5efb432d17141d10e0726834dafdfee8ca91056fff80cc18af095be91c06e226c0dc28326ed477f0b5c3fd4621f030bde7eae46b3b9d3e0fac3aa75f88080361a60492115ee9b14750533fd0adbf8644db6da7ec0c749baaa8632b94368522
#
# (C) Tenable Network Security, Inc.
#


if (!defined_func("bn_random")) exit(0);


include("compat.inc");

if (description)
{
  script_id(35685);
  script_version("1.13");
  script_set_attribute(attribute:"plugin_modification_date", value:"2018/07/14");

  script_cve_id(
    "CVE-2008-2086",
    "CVE-2008-5340",
    "CVE-2008-5342",
    "CVE-2008-5343"
  );
  script_bugtraq_id(32892);

  script_name(english:"Mac OS X : Java for Mac OS X 10.4 Release 8");
  script_summary(english:"Check for Java Release 8 on Mac OS X 10.4");

  script_set_attribute(attribute:"synopsis", value:
"The remote host has a version of Java that is affected by multiple
vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The remote Mac OS X 10.4 host is running a version of Java for Mac OS X
older than release 8. 

The remote version of this software contains several security
vulnerabilities in Java Web Start and the Java Plug-in.  For instance,
they may allow untrusted Java Web Start applications and untrusted Java
applets to obtain elevated privileges.  If an attacker can lure a user
on the affected host into visiting a specially crafted web page with a
malicious Java applet, he could leverage these issues to execute
arbitrary code subject to the user's privileges.");
  script_set_attribute(attribute:"see_also", value:"http://support.apple.com/kb/HT3436");
  script_set_attribute(attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2009/Feb/msg00002.html");
  script_set_attribute(attribute:"solution", value:"Upgrade to Java for Mac OS X 10.4 release 8.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(94);

  script_set_attribute(attribute:"patch_publication_date", value:"2009/02/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2009/02/13");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"MacOS X Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/MacOSX/packages");

  exit(0);
}


include("misc_func.inc");
include("ssh_func.inc");
include("macosx_func.inc");



if(sshlib::get_support_level() >= sshlib::SSH_LIB_SUPPORTS_COMMANDS)
  enable_ssh_wrappers();
else disable_ssh_wrappers();

function exec(cmd)
{
  local_var ret, buf;

  if (islocalhost())
    buf = pread(cmd:"/bin/bash", argv:make_list("bash", "-c", cmd));
  else
  {
    ret = ssh_open_connection();
    if (!ret) exit(0);
    buf = ssh_cmd(cmd:cmd);
    ssh_close_connection();
  }

  if (buf !~ "^[0-9]") exit(0);

  buf = chomp(buf);
  return buf;
}


packages = get_kb_item("Host/MacOSX/packages");
if (!packages) exit(0);


# Mac OS X 10.4.11 only.
uname = get_kb_item("Host/uname");
if (egrep(pattern:"Darwin.* 8\.11\.", string:uname))
{
  plist = "/System/Library/Frameworks/JavaVM.framework/Versions/A/Resources/version.plist";
  cmd = string(
    "cat ", plist, " | ",
    "grep -A 1 CFBundleVersion | ",
    "tail -n 1 | ",
    'sed \'s/.*string>\\(.*\\)<\\/string>.*/\\1/g\''
  );
  version = exec(cmd:cmd);
  if (!strlen(version)) exit(0);

  ver = split(version, sep:'.', keep:FALSE);
  for (i=0; i<max_index(ver); i++)
    ver[i] = int(ver[i]);

  # Fixed in version 11.8.2.
  if (
    ver[0] < 11 ||
    (
      ver[0] == 11 &&
      (
        ver[1] < 8 ||
        (ver[1] == 8 && ver[2] < 2)
      )
    )
  ) security_hole(0);
}