Quicktime < 6.5.2

2004-10-27T00:00:00
ID MACOSX_QUICKTIME652.NASL
Type nessus
Reporter This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.
Modified 2004-10-27T00:00:00

Description

The remote Mac OS X host is running a version of Quicktime that is older than Quicktime 6.5.2.

The remote version of this software reportedly fails to check bounds properly when decoding BMP images, leading to a heap overflow.

If a remote attacker can trick a user into opening a maliciously crafted BMP file using the affected application, this issue could be leveraged to execute arbitrary code on the affected host.

                                        
                                            #TRUSTED 6b0ae0c038df5f30def863fa9624068d6d9c8ceda6daac5b6a5e0a38ef3295f08f59fc6e62f12d904e8bf8dff00f684d5933e4fbf683e1a657e48a7e19e8479630058143df01051ff52020c3d8c278c07d333e5ca831b7e1ad4668cb1f7146fb6dec7ed7edff8db85981e5bc8ca990d3b01eac7f52cb50f6dbbe4ebecb6d46fadb68f1a6cdefb1674f295047e9d3ca3dbec349f74a8ac68ef86785f0129101ee70ee40449b21d08697d8892ad78deb2f74967750475ccb40f2736c7a9a9ebd6afae7fe5d1122dedaa9ede681890f8b92962b9cd354a70afb8de9520bbe55595838e632140bfd052b0a3a4085589ceb3c0ea4e2e9cc5e7ece0625ebe02d4fc3f14df5e622c48a9f997370f8f011de13ebba8003d9e45d677914c3e98fb15dfb034ed076a1782e36afd02253b9144c20011985672a077ab8096a1d96c13278dad60ffe3fe4aa1c8e8bebe21850e34ac46bf6564e561ede760d3464603a05067e5fbf51e7b4e8b1a758573dcdc87df4c2b3c4da21026cfbbae79161fb1442d7fd0e04787a29a9286303d501b3f57e196cc0b4063548ad65fca1e5fd26ed4a1cee44f95ee989c2ff6eda9ada7adb1b465c8fa92d43d4646f9b96217128c08531bbf7452cf00ac9223d376fb432819b61b69da09a472faa8e3d6bbd6de9728f22b0c055110fd2f649d3b38113df03266c7596b0df6822c839647b1ba2b8dd0b2efcfb
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
 script_id(15573);
 script_version("1.24");
 script_set_attribute(attribute:"plugin_modification_date", value: "2018/07/14");

 script_cve_id("CVE-2004-0926");
 script_bugtraq_id(11322);
 script_xref(name:"Secunia", value:"13005");

 script_name(english:"Quicktime < 6.5.2");
 script_summary(english:"Check for Quicktime 6.5.2");

 script_set_attribute(attribute:"synopsis", value:
"The remote host is missing a Mac OS X update that fixes a security
issue.");
 script_set_attribute(attribute:"description", value:
"The remote Mac OS X host is running a version of Quicktime that is
older than Quicktime 6.5.2.

The remote version of this software reportedly fails to check bounds
properly when decoding BMP images, leading to a heap overflow.

If a remote attacker can trick a user into opening a maliciously
crafted BMP file using the affected application, this issue could be
leveraged to execute arbitrary code on the affected host.");
 script_set_attribute(attribute:"see_also", value:"http://support.apple.com/kb/HT1646");
 script_set_attribute(attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2004/Oct/msg00001.html");
 script_set_attribute(attribute:"solution", value:"Upgrade to Quicktime 6.5.2 or later.");
 script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
 script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"false");

 script_set_attribute(attribute:"vuln_publication_date", value:"2004/10/27");
 script_set_attribute(attribute:"patch_publication_date", value:"2004/10/27");
 script_set_attribute(attribute:"plugin_publication_date", value:"2004/10/27");

 script_set_attribute(attribute:"plugin_type", value:"local");
 script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:quicktime");
 script_end_attributes();

 script_category(ACT_GATHER_INFO);
 script_family(english:"MacOS X Local Security Checks");

 script_copyright(english:"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.");

 script_dependencies("ssh_get_info.nasl");
 script_require_keys("Host/MacOSX/packages");
 exit(0);
}

include("misc_func.inc");
include("ssh_func.inc");
include("macosx_func.inc");


if(sshlib::get_support_level() >= sshlib::SSH_LIB_SUPPORTS_COMMANDS)
  enable_ssh_wrappers();
else disable_ssh_wrappers();

cmd = GetBundleVersionCmd(file:"QuickTimeMPEG.component", path:"/System/Library/Quicktime");

if ( islocalhost() )
 buf = pread(cmd:"/bin/bash", argv:make_list("bash", "-c", cmd));
else
{
 ret = ssh_open_connection();
 if ( !ret ) exit(0);
 buf = ssh_cmd(cmd:cmd);
 ssh_close_connection();
}

if ( buf !~ "^[0-9]" ) exit(0);

buf = chomp(buf);

set_kb_item(name:"MacOSX/QuickTime/Version", value:buf);

version = split(buf, sep:'.', keep:FALSE);

if ( int(version[0]) < 6 ||
    ( int(version[0]) == 6 && int(version[1]) < 5 ) ||
    ( int(version[0]) == 6 && int(version[1]) == 5 && int(version[2]) < 2 ) ) security_warning ( 0 );