MS09-044: Vulnerabilities in Remote Desktop Connection Could Allow Remote Code Execution (Mac OS X)

2009-08-11T00:00:00
ID MACOSX_RDESKTOP.NASL
Type nessus
Reporter Tenable
Modified 2018-07-14T00:00:00

Description

The remote host contains a version of the Remote Desktop client that contains several vulnerabilities that may allow an attacker to execute arbitrary code on the remote host.

To exploit these vulnerabilities, an attacker would need to trick a user of the remote host into connecting to a rogue RDP server.

                                        
                                            #TRUSTED 6b31192291ff8dad62e25a10ccfd8d8517b178e5a8d045e73d0e671f16c607eacfcc111cb951fb346f82e1bfd31edf2b17d50c3d8b7333ed068bb87602a23498386bc34e10be40806fab4dcc16704773f5e6b99576c56d70310f7c3d1848428c56f795b3a22dad7ddc1e7eea009633e4f9002c63e21208b9cfd381db065a887ad757be701fded69b8e7a79fb2c5b19495994f78092a1c119aaff0b8083cb7c63e622a9d394400cd2240fe8aa50b73479ca6a8f1e0b52ea29d8edb2af69d9af8d2449c485af4dfe9cf9f7514fcdd3b5644116d63c9182d5d260c47101927579a389d7154d18388bfe30965dadb36b54b2bc05843ad5b88f52f9cd15d6b4daa6baba572d88b9a855e253380f3f028d243e82102d48b6acdfcbc310fb7092966256313df915a230d2d7fbfce0bcdf1ba66b650342f9aac2e96961a6bd0c98df9ad2c90360442a5d28ece1c16dd68667759672c1b0f152c451a742c005169b983ba4a9fc17546439f7c6292053aeb556a7161e45290019d4581adaa63e3bf68631ce9b295a6db772cd9d0152f7cfb1e17681d02ec9d4d942259aa368cfa7e7267511ac8db4edb1b2917e2b11dca4c5dd5d00b06affee5f1822dd9ac6e23cc5300b0b27634401de115cab361d7334dc253506793a941e4e17f2b32b96ddd065dc5581ec12ff66bb5ee3b3afc507aacb10ba53c079bec2445efdc755e17a3bf70bbe58
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
 script_id(40563);
 script_version("1.18");
 script_set_attribute(attribute:"plugin_modification_date", value:"2018/07/14");

 script_cve_id("CVE-2009-1133", "CVE-2009-1929");
 script_bugtraq_id(35971, 35973);
 script_xref(name:"IAVA", value:"2009-A-0071");
 script_xref(name:"MSFT", value:"MS09-044");
 script_xref(name:"MSKB", value:"974283");

 script_name(english:"MS09-044: Vulnerabilities in Remote Desktop Connection Could Allow Remote Code Execution (Mac OS X)");
 script_summary(english:"Check for Remote Desktop Connection for Mac OS X");

 script_set_attribute(attribute:"synopsis", value:
"Arbitrary code can be executed on the remote host through Microsoft
Remote Desktop Connection.");
 script_set_attribute(attribute:"description", value:
"The remote host contains a version of the Remote Desktop client that
contains several vulnerabilities that may allow an attacker to execute
arbitrary code on the remote host.

To exploit these vulnerabilities, an attacker would need to trick a
user of the remote host into connecting to a rogue RDP server.");
 script_set_attribute(attribute:"see_also", value:"http://technet.microsoft.com/en-us/security/bulletin/ms09-044");
 script_set_attribute(attribute:"solution", value:"Microsoft has released a patch for Remote Desktop Client for Mac OS X.");
 script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C");
 script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"false");
 script_cwe_id(119);

 script_set_attribute(attribute:"patch_publication_date", value:"2009/08/11");
 script_set_attribute(attribute:"plugin_publication_date", value:"2009/08/11");

 script_set_attribute(attribute:"plugin_type", value:"local");
 script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:remote_desktop_client");
 script_set_attribute(attribute:"stig_severity", value:"II");
 script_end_attributes();

 script_category(ACT_GATHER_INFO);
 script_family(english:"MacOS X Local Security Checks");

 script_copyright(english:"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.");

 script_dependencies("ssh_get_info.nasl");
 script_require_keys("Host/MacOSX/packages");

 exit(0);
}


include("misc_func.inc");
include("ssh_func.inc");
include("macosx_func.inc");



if(sshlib::get_support_level() >= sshlib::SSH_LIB_SUPPORTS_COMMANDS)
  enable_ssh_wrappers();
else disable_ssh_wrappers();

uname = get_kb_item("Host/uname");
if ( egrep(pattern:"Darwin.*", string:uname) )
{
  file    = GetBundleVersionCmd(file:"Remote Desktop Connection.app", path:"/Applications");
  file    = ereg_replace(pattern:"version\.plist", replace:"Info.plist", string:file);
  if ( ! islocalhost() )
  {
   ret = ssh_open_connection();
   if ( ! ret ) exit(0);
   buf = ssh_cmd(cmd:file);
   ssh_close_connection();
  }
  else
  {
  buf = pread(cmd:"/bin/bash", argv:make_list("bash", "-c", file));
  }

 if ( buf =~ "^2" )
 {
  v = split(buf, sep:'.', keep:FALSE);
  if ( int(v[0]) == 2 && int(v[1]) == 0 && int(v[2]) == 0 )
	security_hole(port:0);
 }
}