The remote Mac OS X 10.4 host is running a version of Java for Mac OS X older than release 9.
The remote version of this software contains several security vulnerabilities. A remote attacker could exploit these issues to bypass security restrictions, disclose sensitive information, cause a denial of service, or escalate privileges.
#TRUSTED 62bd93c8dc34eee7abdd69b9de1e796a34d110935a85d015aa6440be22950182749d6d78829c543b5c44665417f538e025dd014eec79097ca1ed2ef63c13326fbba7de222c26df7420e6b8356f7db701665ee264ae680b4a32812dd9907b536070a29977f29f9714117b2cdb9c4a6bb8cd1c3f329da98ff563e19e45715c353575a2f88c9c32529e18456a717ecfc99accfde9d7304f428582f4b152c19c1ae76fd5619b832806aeac4bd47d1b5f53044d11de6d9f3baa3274d7391c8f26a248af86a9c96185f77418a998419fe56224f14fee9eb4c5c8ec69b140f60fbf49e0a2a5c4c7610fa4999bf65377b2094a1d13c0563f1f78c3b0108982f33bbcc6bd0133cd4e2e1786cad2d3a0770d86312e9f3190f6eb951ad5d287ebcd3e5f76e7f8d4b50e2b38bc4c9f71530aaf2a203219e0e245ccca7adb12d7a88aed7f22a3e20215674b1c7c4be0a609eb2e6ed9249f190602139e70a7613c53ee7d70d1c6e2b9ef48fc85d52350018b66e64804213a1e6b52b7e4507fb4a741bb34629fa03b5aa7368958b517e232a06c8589e125368743dc2fe83aacfe8f13376cf6ee76fcc70fabb9b057e1b531c64f5f1074e91a539537b62fc54408413813828acecb9166820dde4bec69b22f39b5750ad075ec9089321df4332f1571b40ddb1de3a52e8954535dc1e78f766d26c1cfd10406fef5b5669ae7845f13a03d98144519b5
#TRUST-RSA-SHA256 a2cc5c7a085725a82cd7e5978f5b32dfe6deb3ce5cd7dd47e216a507902a1069e470e1ad139e88c3a2557438ecd2e745000e287da5c187a28b13acc74c7f400a98c2b376292802298e0fa2d9c808dbe17fbcddaa8af9f3aaafd080c8390aca1d9f3f6529807d6c3643118abfc5a718eebc54e0e0de43ff1de3b1be1eac316ff763c7a195fa03f9a8d3ff37a58f2a4a423263e77ef081696c9bad84b9847188cd9a51f9d4a99473e589c63e6eb47c09eb73aa53b4494b0b93096307d5f838e6ccd2f57c1d6b8f44921f20aabd641b3da06759fbee4b2c000c7ca5e7becb6287447ed75c635cde153c75abe8aaf8015e5800026af8e9aca80d23ab529ce42e7c4d79e5ec534506c5e1669fae19b216a8ad226f0f76b8b9d3546b94aa58e2e731072e42635438c00ca1504b30ba68ca3a863bad906748dc713fc295b61da349601616cf589f1c774aca74dab938da164ef6dfcff7c8da237a83f4f245f46946808dd569669baa4ef6449b6a6855c0159e8bb292dc13365f02135336cd803348e2fe433192b63fd594994425901d14067cd79886a66640c01e664c7629736b1f850f07fbe7063e348d01016ac7f4696fc581805124f030005ee5e4808bc8f60b150df524f3d825c017358f8d6418a575ae33610097bcf2a9cd0aa67864c18cb2d1e6f11645e804c50cf759fc395658d8b58f326b138acba7124029e575da9f7ba532
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(39766);
script_version("1.22");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/27");
script_cve_id(
"CVE-2008-2086",
"CVE-2008-5339",
"CVE-2008-5340",
"CVE-2008-5341",
"CVE-2008-5342",
"CVE-2008-5343",
"CVE-2008-5344",
"CVE-2008-5345",
"CVE-2008-5346",
"CVE-2008-5348",
"CVE-2008-5349",
"CVE-2008-5350",
"CVE-2008-5351",
"CVE-2008-5352",
"CVE-2008-5353",
"CVE-2008-5354",
"CVE-2008-5356",
"CVE-2008-5357",
"CVE-2008-5359",
"CVE-2008-5360",
"CVE-2009-1093",
"CVE-2009-1094",
"CVE-2009-1095",
"CVE-2009-1096",
"CVE-2009-1098",
"CVE-2009-1099",
"CVE-2009-1100",
"CVE-2009-1101",
"CVE-2009-1103",
"CVE-2009-1104",
"CVE-2009-1107"
);
script_bugtraq_id(32892, 34240);
script_name(english:"Mac OS X : Java for Mac OS X 10.4 Release 9");
script_summary(english:"Check for Java Release 9 on Mac OS X 10.4");
script_set_attribute(attribute:"synopsis", value:
"The remote host has a version of Java that is affected by multiple
vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The remote Mac OS X 10.4 host is running a version of Java for Mac OS
X older than release 9.
The remote version of this software contains several security
vulnerabilities. A remote attacker could exploit these issues to
bypass security restrictions, disclose sensitive information, cause a
denial of service, or escalate privileges.");
script_set_attribute(
attribute:"see_also",
value:"http://support.apple.com/kb/HT3633"
);
script_set_attribute(
attribute:"see_also",
value:"http://lists.apple.com/archives/Security-announce/2009/Jun/msg00004.html"
);
script_set_attribute(
attribute:"solution",
value:"Upgrade to Java for Mac OS X 10.4 release 9."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2009-1096");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
script_set_attribute(attribute:"canvas_package", value:'CANVAS');
script_set_attribute(attribute:"metasploit_name", value:'Sun Java Calendar Deserialization Privilege Escalation');
script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
script_cwe_id(94);
script_set_attribute(attribute:"patch_publication_date", value:"2009/06/15");
script_set_attribute(attribute:"plugin_publication_date", value:"2009/07/09");
script_set_attribute(attribute:"plugin_type", value:"local");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"MacOS X Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2009-2023 Tenable Network Security, Inc.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/MacOSX/packages");
exit(0);
}
include("misc_func.inc");
include("ssh_func.inc");
include("macosx_func.inc");
enable_ssh_wrappers();
function exec(cmd)
{
local_var ret, buf;
if (islocalhost())
buf = pread_wrapper(cmd:"/bin/bash", argv:make_list("bash", "-c", cmd));
else
{
ret = ssh_open_connection();
if (!ret) exit(0);
buf = ssh_cmd(cmd:cmd);
ssh_close_connection();
}
if (buf !~ "^[0-9]") exit(0);
buf = chomp(buf);
return buf;
}
packages = get_kb_item("Host/MacOSX/packages");
if (!packages) exit(0);
# Mac OS X 10.4.11 only.
uname = get_kb_item("Host/uname");
if (egrep(pattern:"Darwin.* 8\.11\.", string:uname))
{
plist = "/System/Library/Frameworks/JavaVM.framework/Versions/A/Resources/version.plist";
cmd = string(
"cat ", plist, " | ",
"grep -A 1 CFBundleVersion | ",
"tail -n 1 | ",
'sed \'s/.*string>\\(.*\\)<\\/string>.*/\\1/g\''
);
version = exec(cmd:cmd);
if (!strlen(version)) exit(0);
ver = split(version, sep:'.', keep:FALSE);
for (i=0; i<max_index(ver); i++)
ver[i] = int(ver[i]);
# Fixed in version 11.9.0.
if (
ver[0] < 11 ||
(ver[0] == 11 && ver[1] < 9)
) security_hole(0);
}
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2086
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5339
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5340
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5341
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5342
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5343
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5344
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5345
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5346
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5348
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5349
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5350
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5351
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5352
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5353
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5354
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5356
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5357
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5359
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5360
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1093
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1094
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1095
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1096
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1098
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1099
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1100
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1101
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1103
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1104
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1107
lists.apple.com/archives/Security-announce/2009/Jun/msg00004.html
support.apple.com/kb/HT3633