Mac OS X : Java for Mac OS X 10.4 Release 9

2009-07-09T00:00:00
ID MACOSX_JAVA_REL9.NASL
Type nessus
Reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
Modified 2009-07-09T00:00:00

Description

The remote Mac OS X 10.4 host is running a version of Java for Mac OS X older than release 9.

The remote version of this software contains several security vulnerabilities. A remote attacker could exploit these issues to bypass security restrictions, disclose sensitive information, cause a denial of service, or escalate privileges.

                                        
                                            #TRUSTED 9e465556e126a0905f8d88a4b18be6957a0752c1dbc3aaf5b5223f2280c9d80db50e72911fc7591993af0b259b2869d2af6f5e9828df318dc91b861644a2c799828c126951cc96d7a85af9a3e8ac0c5605cafac4c456e23adbf02a880b229c9e41ba3d11da378cacff6ebe8c37ca8e30c4abda90ca83ee8add5646a19768be6c0165dfd08bfbdcc86049f0b3a939b88e7bd5661d52fb759827269cc0c68926e7a0cbc62b775abfe7353bbed1f8aa5642b6cf453f3d22e4c03e3c353db3749e0ee44a5f23f811647bcf4c82b21de6534fe022659abe5cd6e192e1cec4c599c35cb81c8a40f0a52b4f869c341610872d778021c8bbcb37f8be3f5cd79463f34063fa391bfaafa6f39836c7234dce7c7bd6d9252314745af1bbd7d725f7a60ddf41754452f175108a3748450bdb3c008546191108140711c59e56b151c73255e17ac17a8ffa76f420c7b1a6985fa024ce6a6525556ab5f3a329fc3057c624e45076f91af0d78c22bb4b7513a12b92c8d2541d86c84fb1476dcdcad43708233ea968e7cc30260af989c7f5ef9d35cecf933adad68186dfa6f009005c5a0212d97dd98bacdac350c7db304bc644b7fb71a532fcec80111c70f710c1c9ab81af97085ba343534a604be0c847ce353feb2d0fa68055039ea8cc386f4f07a2df66956a3892aa48e50286acc4e219f566b4e5f083877b162fa5162b4240cf5ea3095d86ae
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(39766);
  script_version("1.18");
  script_set_attribute(attribute:"plugin_modification_date", value:"2018/07/14");

  script_cve_id(
    "CVE-2008-2086",
    "CVE-2008-5339",
    "CVE-2008-5340",
    "CVE-2008-5341",
    "CVE-2008-5342",
    "CVE-2008-5343",
    "CVE-2008-5344",
    "CVE-2008-5345",
    "CVE-2008-5346",
    "CVE-2008-5348",
    "CVE-2008-5349",
    "CVE-2008-5350",
    "CVE-2008-5351",
    "CVE-2008-5352",
    "CVE-2008-5353",
    "CVE-2008-5354",
    "CVE-2008-5356",
    "CVE-2008-5357",
    "CVE-2008-5359",
    "CVE-2008-5360",
    "CVE-2009-1093",
    "CVE-2009-1094",
    "CVE-2009-1095",
    "CVE-2009-1096",
    "CVE-2009-1098",
    "CVE-2009-1099",
    "CVE-2009-1100",
    "CVE-2009-1101",
    "CVE-2009-1103",
    "CVE-2009-1104",
    "CVE-2009-1107"
  );
  script_bugtraq_id(32892, 34240);

  script_name(english:"Mac OS X : Java for Mac OS X 10.4 Release 9");
  script_summary(english:"Check for Java Release 9 on Mac OS X 10.4");

  script_set_attribute(attribute:"synopsis", value:
"The remote host has a version of Java that is affected by multiple
vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The remote Mac OS X 10.4 host is running a version of Java for Mac OS
X older than release 9.

The remote version of this software contains several security
vulnerabilities.  A remote attacker could exploit these issues to
bypass security restrictions, disclose sensitive information, cause a
denial of service, or escalate privileges.");
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.apple.com/kb/HT3633"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://lists.apple.com/archives/Security-announce/2009/Jun/msg00004.html"
  );
  script_set_attribute(
    attribute:"solution",
    value:"Upgrade to Java for Mac OS X 10.4 release 9."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:'CANVAS');
  script_set_attribute(attribute:"metasploit_name", value:'Sun Java Calendar Deserialization Privilege Escalation');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
  script_cwe_id(94);

  script_set_attribute(attribute:"patch_publication_date", value:"2009/06/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2009/07/09");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"MacOS X Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/MacOSX/packages");

  exit(0);
}


include("misc_func.inc");
include("ssh_func.inc");
include("macosx_func.inc");



if(sshlib::get_support_level() >= sshlib::SSH_LIB_SUPPORTS_COMMANDS)
  enable_ssh_wrappers();
else disable_ssh_wrappers();

function exec(cmd)
{
  local_var ret, buf;

  if (islocalhost())
    buf = pread(cmd:"/bin/bash", argv:make_list("bash", "-c", cmd));
  else
  {
    ret = ssh_open_connection();
    if (!ret) exit(0);
    buf = ssh_cmd(cmd:cmd);
    ssh_close_connection();
  }

  if (buf !~ "^[0-9]") exit(0);

  buf = chomp(buf);
  return buf;
}


packages = get_kb_item("Host/MacOSX/packages");
if (!packages) exit(0);


# Mac OS X 10.4.11 only.
uname = get_kb_item("Host/uname");
if (egrep(pattern:"Darwin.* 8\.11\.", string:uname))
{
  plist = "/System/Library/Frameworks/JavaVM.framework/Versions/A/Resources/version.plist";
  cmd = string(
    "cat ", plist, " | ",
    "grep -A 1 CFBundleVersion | ",
    "tail -n 1 | ",
    'sed \'s/.*string>\\(.*\\)<\\/string>.*/\\1/g\''
  );
  version = exec(cmd:cmd);
  if (!strlen(version)) exit(0);

  ver = split(version, sep:'.', keep:FALSE);
  for (i=0; i<max_index(ver); i++)
    ver[i] = int(ver[i]);

  # Fixed in version 11.9.0.
  if (
    ver[0] < 11 ||
    (ver[0] == 11 && ver[1] < 9)
  ) security_hole(0);
}