MS09-044: Vulnerabilities in Remote Desktop Connection Could Allow Remote Code Execution (Mac OS X)

2009-08-11T00:00:00
ID MACOSX_RDESKTOP.NASL
Type nessus
Reporter Tenable
Modified 2017-08-30T00:00:00

Description

The remote host contains a version of the Remote Desktop client that contains several vulnerabilities that may allow an attacker to execute arbitrary code on the remote host.

To exploit these vulnerabilities, an attacker would need to trick a user of the remote host into connecting to a rogue RDP server.

                                        
                                            #TRUSTED 8b9390b296fd47d0c7de9100b8e95c1c3e6b1cee20451de51c38ca9c38eec58082639d3fe77a2c215d4522d03b598f22e8ccd7bbaf76b4d71b3360e3635a2a1edce3d234b35ecd95f3df28d820481b8b49f5b6dce629b2dbef7cd8735bdb793802bbd2cbbac517d7f7a0a9fa76c26689c6619be17fee6587df70588b9422a87a30d657c355bedee33cb8ee5f3de511163bd90f42bf7dd67ddfd03362eba2b338d2c7176f2c9ab2490786c0313240930bc8d9c65dce3c18e3646b799389a38ef95fe05b4a9a99113e7b2b61933998fd0a6ec603291b8f90b6f5cd6ab1d4752fdafee5e7dfcab7961dea5011f2523c965b40af2cdde3dfd663eb9c378e35b1a938e3c664c598db60de62c527bdc1bba0a7f1903cb7622894b945b96b3af2ed774647566cd2a586a36655df362fffe9d6146bcf90a54862a47f99224375000afe2ce9b3e6b077460e883d3513ab1986c2dd27bc5139515d0121b48a3c0343229d962cf9b519e892dac90b775db7d98b3484e64b7f7976f66d8f34892b1d38880f793c6e92ea84b556560d72cfa8c665de7ddaba2b14d54a88d8f18476c0396651971bf77e6209b47cf3aac54a8490d467c9b1a039cc9d9d4e585833e1722d2293610f40734b07e27799d6878cf2f39e7bc1f12639da2f320b0d5495908f59f671cb8e5dfc22bc4b2eabc67fc2eefe8299ebca8a1accc07e9968377ad6cb8d307d74
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
 script_id(40563);
 script_version("1.16");
 script_set_attribute(attribute:"plugin_modification_date", value:"2017/08/30");

 script_cve_id("CVE-2009-1133", "CVE-2009-1929");
 script_bugtraq_id(35971, 35973);
 script_osvdb_id(56911, 56912);
 script_xref(name:"IAVA", value:"2009-A-0071");
 script_xref(name:"MSFT", value:"MS09-044");
 script_xref(name:"MSKB", value:"974283");

 script_name(english:"MS09-044: Vulnerabilities in Remote Desktop Connection Could Allow Remote Code Execution (Mac OS X)");
 script_summary(english:"Check for Remote Desktop Connection for Mac OS X");

 script_set_attribute(attribute:"synopsis", value:
"Arbitrary code can be executed on the remote host through Microsoft
Remote Desktop Connection.");
 script_set_attribute(attribute:"description", value:
"The remote host contains a version of the Remote Desktop client that
contains several vulnerabilities that may allow an attacker to execute
arbitrary code on the remote host.

To exploit these vulnerabilities, an attacker would need to trick a
user of the remote host into connecting to a rogue RDP server.");
 script_set_attribute(attribute:"see_also", value:"http://technet.microsoft.com/en-us/security/bulletin/ms09-044");
 script_set_attribute(attribute:"solution", value:"Microsoft has released a patch for Remote Desktop Client for Mac OS X.");
 script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C");
 script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"false");
 script_cwe_id(119);

 script_set_attribute(attribute:"patch_publication_date", value:"2009/08/11");
 script_set_attribute(attribute:"plugin_publication_date", value:"2009/08/11");

 script_set_attribute(attribute:"plugin_type", value:"local");
 script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:remote_desktop_client");
 script_set_attribute(attribute:"stig_severity", value:"II");
 script_end_attributes();

 script_category(ACT_GATHER_INFO);
 script_family(english:"MacOS X Local Security Checks");

 script_copyright(english:"This script is Copyright (C) 2009-2017 Tenable Network Security, Inc.");

 script_dependencies("ssh_get_info.nasl");
 script_require_keys("Host/MacOSX/packages");

 exit(0);
}


include("misc_func.inc");
include("ssh_func.inc");
include("macosx_func.inc");



if(sshlib::get_support_level() >= sshlib::SSH_LIB_SUPPORTS_COMMANDS)
  enable_ssh_wrappers();
else disable_ssh_wrappers();

uname = get_kb_item("Host/uname");
if ( egrep(pattern:"Darwin.*", string:uname) )
{
  file    = GetBundleVersionCmd(file:"Remote Desktop Connection.app", path:"/Applications");
  file    = ereg_replace(pattern:"version\.plist", replace:"Info.plist", string:file);
  if ( ! islocalhost() )
  {
   ret = ssh_open_connection();
   if ( ! ret ) exit(0);
   buf = ssh_cmd(cmd:file);
   ssh_close_connection();
  }
  else
  {
  buf = pread(cmd:"/bin/bash", argv:make_list("bash", "-c", file));
  }

 if ( buf =~ "^2" )
 {
  v = split(buf, sep:'.', keep:FALSE);
  if ( int(v[0]) == 2 && int(v[1]) == 0 && int(v[2]) == 0 )
	security_hole(port:0);
 }
}