Mac OS X : Java for Mac OS X 10.4 Release 9

2009-07-0900:00:00

www.tenable.com

7.3 High

AI Score

Confidence

Low

JSON

The remote Mac OS X 10.4 host is running a version of Java for Mac OS X older than release 9.

The remote version of this software contains several security vulnerabilities. A remote attacker could exploit these issues to bypass security restrictions, disclose sensitive information, cause a denial of service, or escalate privileges.

#TRUSTED 62bd93c8dc34eee7abdd69b9de1e796a34d110935a85d015aa6440be22950182749d6d78829c543b5c44665417f538e025dd014eec79097ca1ed2ef63c13326fbba7de222c26df7420e6b8356f7db701665ee264ae680b4a32812dd9907b536070a29977f29f9714117b2cdb9c4a6bb8cd1c3f329da98ff563e19e45715c353575a2f88c9c32529e18456a717ecfc99accfde9d7304f428582f4b152c19c1ae76fd5619b832806aeac4bd47d1b5f53044d11de6d9f3baa3274d7391c8f26a248af86a9c96185f77418a998419fe56224f14fee9eb4c5c8ec69b140f60fbf49e0a2a5c4c7610fa4999bf65377b2094a1d13c0563f1f78c3b0108982f33bbcc6bd0133cd4e2e1786cad2d3a0770d86312e9f3190f6eb951ad5d287ebcd3e5f76e7f8d4b50e2b38bc4c9f71530aaf2a203219e0e245ccca7adb12d7a88aed7f22a3e20215674b1c7c4be0a609eb2e6ed9249f190602139e70a7613c53ee7d70d1c6e2b9ef48fc85d52350018b66e64804213a1e6b52b7e4507fb4a741bb34629fa03b5aa7368958b517e232a06c8589e125368743dc2fe83aacfe8f13376cf6ee76fcc70fabb9b057e1b531c64f5f1074e91a539537b62fc54408413813828acecb9166820dde4bec69b22f39b5750ad075ec9089321df4332f1571b40ddb1de3a52e8954535dc1e78f766d26c1cfd10406fef5b5669ae7845f13a03d98144519b5
#TRUST-RSA-SHA256 a2cc5c7a085725a82cd7e5978f5b32dfe6deb3ce5cd7dd47e216a507902a1069e470e1ad139e88c3a2557438ecd2e745000e287da5c187a28b13acc74c7f400a98c2b376292802298e0fa2d9c808dbe17fbcddaa8af9f3aaafd080c8390aca1d9f3f6529807d6c3643118abfc5a718eebc54e0e0de43ff1de3b1be1eac316ff763c7a195fa03f9a8d3ff37a58f2a4a423263e77ef081696c9bad84b9847188cd9a51f9d4a99473e589c63e6eb47c09eb73aa53b4494b0b93096307d5f838e6ccd2f57c1d6b8f44921f20aabd641b3da06759fbee4b2c000c7ca5e7becb6287447ed75c635cde153c75abe8aaf8015e5800026af8e9aca80d23ab529ce42e7c4d79e5ec534506c5e1669fae19b216a8ad226f0f76b8b9d3546b94aa58e2e731072e42635438c00ca1504b30ba68ca3a863bad906748dc713fc295b61da349601616cf589f1c774aca74dab938da164ef6dfcff7c8da237a83f4f245f46946808dd569669baa4ef6449b6a6855c0159e8bb292dc13365f02135336cd803348e2fe433192b63fd594994425901d14067cd79886a66640c01e664c7629736b1f850f07fbe7063e348d01016ac7f4696fc581805124f030005ee5e4808bc8f60b150df524f3d825c017358f8d6418a575ae33610097bcf2a9cd0aa67864c18cb2d1e6f11645e804c50cf759fc395658d8b58f326b138acba7124029e575da9f7ba532
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(39766);
  script_version("1.22");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/27");

  script_cve_id(
    "CVE-2008-2086",
    "CVE-2008-5339",
    "CVE-2008-5340",
    "CVE-2008-5341",
    "CVE-2008-5342",
    "CVE-2008-5343",
    "CVE-2008-5344",
    "CVE-2008-5345",
    "CVE-2008-5346",
    "CVE-2008-5348",
    "CVE-2008-5349",
    "CVE-2008-5350",
    "CVE-2008-5351",
    "CVE-2008-5352",
    "CVE-2008-5353",
    "CVE-2008-5354",
    "CVE-2008-5356",
    "CVE-2008-5357",
    "CVE-2008-5359",
    "CVE-2008-5360",
    "CVE-2009-1093",
    "CVE-2009-1094",
    "CVE-2009-1095",
    "CVE-2009-1096",
    "CVE-2009-1098",
    "CVE-2009-1099",
    "CVE-2009-1100",
    "CVE-2009-1101",
    "CVE-2009-1103",
    "CVE-2009-1104",
    "CVE-2009-1107"
  );
  script_bugtraq_id(32892, 34240);

  script_name(english:"Mac OS X : Java for Mac OS X 10.4 Release 9");
  script_summary(english:"Check for Java Release 9 on Mac OS X 10.4");

  script_set_attribute(attribute:"synopsis", value:
"The remote host has a version of Java that is affected by multiple
vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The remote Mac OS X 10.4 host is running a version of Java for Mac OS
X older than release 9.

The remote version of this software contains several security
vulnerabilities.  A remote attacker could exploit these issues to
bypass security restrictions, disclose sensitive information, cause a
denial of service, or escalate privileges.");
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.apple.com/kb/HT3633"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://lists.apple.com/archives/Security-announce/2009/Jun/msg00004.html"
  );
  script_set_attribute(
    attribute:"solution",
    value:"Upgrade to Java for Mac OS X 10.4 release 9."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2009-1096");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:'CANVAS');
  script_set_attribute(attribute:"metasploit_name", value:'Sun Java Calendar Deserialization Privilege Escalation');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
  script_cwe_id(94);

  script_set_attribute(attribute:"patch_publication_date", value:"2009/06/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2009/07/09");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"MacOS X Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2009-2023 Tenable Network Security, Inc.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/MacOSX/packages");

  exit(0);
}


include("misc_func.inc");
include("ssh_func.inc");
include("macosx_func.inc");



enable_ssh_wrappers();

function exec(cmd)
{
  local_var ret, buf;

  if (islocalhost())
    buf = pread_wrapper(cmd:"/bin/bash", argv:make_list("bash", "-c", cmd));
  else
  {
    ret = ssh_open_connection();
    if (!ret) exit(0);
    buf = ssh_cmd(cmd:cmd);
    ssh_close_connection();
  }

  if (buf !~ "^[0-9]") exit(0);

  buf = chomp(buf);
  return buf;
}


packages = get_kb_item("Host/MacOSX/packages");
if (!packages) exit(0);


# Mac OS X 10.4.11 only.
uname = get_kb_item("Host/uname");
if (egrep(pattern:"Darwin.* 8\.11\.", string:uname))
{
  plist = "/System/Library/Frameworks/JavaVM.framework/Versions/A/Resources/version.plist";
  cmd = string(
    "cat ", plist, " | ",
    "grep -A 1 CFBundleVersion | ",
    "tail -n 1 | ",
    'sed \'s/.*string>\\(.*\\)<\\/string>.*/\\1/g\''
  );
  version = exec(cmd:cmd);
  if (!strlen(version)) exit(0);

  ver = split(version, sep:'.', keep:FALSE);
  for (i=0; i<max_index(ver); i++)
    ver[i] = int(ver[i]);

  # Fixed in version 11.9.0.
  if (
    ver[0] < 11 ||
    (ver[0] == 11 && ver[1] < 9)
  ) security_hole(0);
}