Lucene search

K
nessusThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.MACOSX_SAFARI11_1_1.NASL
HistoryJul 02, 2019 - 12:00 a.m.

macOS : Apple Safari < 11.1.1 Multiple Vulnerabilities

2019-07-0200:00:00
This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
20

The version of Apple Safari installed on the remote macOS or Mac OS X host is prior to 11.1.1 It is, therefore, affected by multiple vulnerabilities.

  • A remote code execution vulnerability exists in WebKit due to improper memory handling.
    An unauthenticated, remote attacker can exploit this, via a specifically crafted web page to to execute arbitrary code or cause a denial of service (CVE-2018-4199, CVE-2018-4201, CVE-2018-4218, CVE-2018-4233).

  • An information disclosure vulnerability exists in WebKit. An unauthenticated, remote attacker can exploit this, via a specifically crafted web page, to disclose potentially sensitive information (CVE-2018-4190).

  • An out-of-bounds read error exists in WebKit due to improper input validation.
    An unauthenticated, remote attacker can exploit this, via a specifically crafted web page that leverages a getWasmBufferFromValue during WebAssembly compilation to execute arbitrary code (CVE-2018-4222).

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(126381);
  script_version("1.3");
  script_cvs_date("Date: 2019/07/05  9:53:32");

  script_cve_id(
    "CVE-2018-4188",
    "CVE-2018-4190",
    "CVE-2018-4192",
    "CVE-2018-4199",
    "CVE-2018-4201",
    "CVE-2018-4205",
    "CVE-2018-4214",
    "CVE-2018-4218",
    "CVE-2018-4222",
    "CVE-2018-4232",
    "CVE-2018-4233",
    "CVE-2018-4246",
    "CVE-2018-4247",
    "CVE-2018-4277"
  );
  script_bugtraq_id(104358, 104366);

  script_name(english:"macOS : Apple Safari < 11.1.1 Multiple Vulnerabilities");
  script_summary(english:"Checks the Safari version.");

  script_set_attribute(attribute:"synopsis", value:
"A web browser installed on the remote macOS or Mac OS X host is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Apple Safari installed on the remote macOS or Mac OS X host is prior to 11.1.1 It is, therefore,
affected by multiple vulnerabilities.

- A remote code execution vulnerability exists in WebKit due to improper memory handling.
  An unauthenticated, remote attacker can exploit this, via a specifically crafted
  web page to to execute arbitrary code or cause a denial of service
  (CVE-2018-4199, CVE-2018-4201, CVE-2018-4218, CVE-2018-4233).

- An information disclosure vulnerability exists in WebKit. An unauthenticated,
  remote attacker can exploit this, via a specifically crafted web page,
  to disclose potentially sensitive information (CVE-2018-4190).

- An out-of-bounds read error exists in WebKit due to improper input validation.
  An unauthenticated, remote attacker can exploit this, via a specifically crafted web page
  that leverages a getWasmBufferFromValue  during WebAssembly compilation to execute arbitrary
  code (CVE-2018-4222).
");
  script_set_attribute(attribute:"see_also", value:"https://support.apple.com/en-us/HT208854");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Apple Safari version 11.1.1 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-4199");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Safari Proxy Object Type Confusion');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/06/01");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/06/01");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/07/02");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:safari");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"MacOS X Local Security Checks");
  script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("macosx_apple_safari_installed.nbin");
  script_require_keys("Host/local_checks_enabled", "Host/MacOSX/Version", "MacOSX/Safari/Installed");
  exit(0);
}

include('audit.inc');
include('global_settings.inc');
include('misc_func.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
os = get_kb_item('Host/MacOSX/Version');
if (!os) audit(AUDIT_OS_NOT, 'Mac OS X or macOS');

if (!preg(pattern:"Mac OS X 10\.(11|12|13)([^0-9]|$)", string:os))
  audit(AUDIT_OS_NOT, 'Mac OS X El Capitan 10.11 / macOS Sierra 10.12 / macOS High Sierra 10.13');

get_kb_item_or_exit('MacOSX/Safari/Installed', exit_code:0);
path      = get_kb_item_or_exit('MacOSX/Safari/Path', exit_code:1);
version   = get_kb_item_or_exit('MacOSX/Safari/Version', exit_code:1);

fixed_version = '11.1.1';

if (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)
{
  report = report_items_str(
    report_items:make_array(
      'Path', path,
      'Installed version', version,
      'Fixed version', fixed_version
    ),
    ordered_fields:make_list('Path', 'Installed version', 'Fixed version')
  );
  security_report_v4(port:0, severity:SECURITY_WARNING, extra:report);
}
else audit(AUDIT_INST_PATH_NOT_VULN, 'Safari', version, path);
VendorProductVersion
applesafari
applemac_os_x
Related for MACOSX_SAFARI11_1_1.NASL