Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2005-2024 Tenable Network Security, Inc.MACOSX_SECUPD2005-002.NASL
HistoryFeb 22, 2005 - 12:00 a.m.

Mac OS X Java JRE Plug-in Capability Arbitrary Package Access (Security Update 2005-002)

2005-02-2200:00:00
This script is Copyright (C) 2005-2024 Tenable Network Security, Inc.
www.tenable.com
12

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

6.5 Medium

AI Score

Confidence

Low

0.192 Low

EPSS

Percentile

96.3%

JSON

The remote host is missing Security Update 2005-002. This security update contains a security bugfix for Java 1.4.2.

A vulnerability in the Java Plug-in may allow an untrusted applet to escalate privileges, through JavaScript calling into Java code, including reading and writing files with the privileges of the user running the applet. Releases prior to Java 1.4.2 on Mac OS X are not affected by this vulnerability.

#
# (C) Tenable Network Security, Inc.
#

if ( ! defined_func("bn_random") ) exit(0);

include("compat.inc");

if(description)
{
 script_id(17195);
 script_version("1.17");

 script_cve_id("CVE-2004-1029");
 script_bugtraq_id(11726);

 script_name(english:"Mac OS X Java JRE Plug-in Capability Arbitrary Package Access (Security Update 2005-002)");
 script_summary(english:"Check for Security Update 2005-002");

 script_set_attribute( attribute:"synopsis", value:
"The remote host is missing a Mac OS X update that fixes a security
issue." );
 script_set_attribute( attribute:"description",  value:
"The remote host is missing Security Update 2005-002. This security
update contains a security bugfix for Java 1.4.2.

A vulnerability in the Java Plug-in may allow an untrusted applet to
escalate privileges, through JavaScript calling into Java code,
including reading and writing files with the privileges of the user
running the applet.  Releases prior to Java 1.4.2 on Mac OS X are not
affected by this vulnerability." );
 script_set_attribute(
   attribute:"see_also",
   value:"http://support.apple.com/kb/TA22931"
 );
 script_set_attribute(
   attribute:"solution", 
   value:"Install Security Update 2005-002."
 );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
 script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"true");
 script_cwe_id(264);
 script_set_attribute(attribute:"plugin_publication_date", value: "2005/02/22");
 script_set_attribute(attribute:"vuln_publication_date", value: "2004/11/22");
 script_set_attribute(attribute:"plugin_modification_date", value:"2024/05/28");
 script_set_attribute(attribute:"patch_publication_date", value: "2004/11/22");
 script_set_attribute(attribute:"plugin_type", value:"local");
 script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x:10.2");
 script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x:10.3");
 script_end_attributes();

 script_category(ACT_GATHER_INFO);
 script_family(english:"MacOS X Local Security Checks");

 script_copyright(english:"This script is Copyright (C) 2005-2024 Tenable Network Security, Inc.");

 script_dependencies("ssh_get_info.nasl");
 script_require_keys("Host/MacOSX/packages");
 exit(0);
}


packages = get_kb_item("Host/MacOSX/packages");
if ( ! packages ) exit(0);

uname = get_kb_item("Host/uname");
# MacOS X 10.2.8, 10.3.7 only
if ( egrep(pattern:"Darwin.* (6\.8\.|7\.[78]\.)", string:uname) )
{
  if ( egrep(pattern:"^Java142\.pkg", string:packages) &&
      !egrep(pattern:"^SecUpd(Srvr)?2005-002", string:packages) ) security_warning(0);
	else non_vuln = 1;
}
else if ( egrep(pattern:"Darwin.* (6\.9|[0-9][0-9]\.|7\.(9\.|[0-9][0-9]\.))", string:uname) ) non_vuln = 1;

if ( non_vuln )
{
 set_kb_item(name:"CVE-2004-1029", value:TRUE);
}
VendorProductVersionCPE
applemac_os_x10.2cpe:/o:apple:mac_os_x:10.2
applemac_os_x10.3cpe:/o:apple:mac_os_x:10.3

Related

cert 1
openvas 10
gentoo 1
nessus 5
nvd 1
freebsd 1
cvelist 1
cve 1
securityvulns 1
checkpoint_advisories 1
cert
cert
Sun Java Plug-in fails to restrict access to private Java packages
2004-11-23 00:00:00
openvas
openvas
SLES9: Security update for Java2
2009-10-10 00:00:00
FreeBSD Ports: jdk
2008-09-04 00:00:00
SLES9: Security update for Java2
2009-10-10 00:00:00
gentoo
gentoo
Sun and Blackdown Java: Applet privilege escalation
2004-11-29 00:00:00
nessus
nessus
Sun Java JRE Plug-in Capability Arbitrary Package Access
2005-01-22 00:00:00
FreeBSD : jdk/jre -- Security Vulnerability With Java Plugin (81)
2004-11-30 00:00:00
Sun Java JRE Plug-in Capability Arbitrary Package Access (Unix)
2013-02-22 00:00:00
nvd
nvd
CVE-2004-1029
2005-03-01 05:00:00
freebsd
freebsd
jdk/jre -- Security Vulnerability With Java Plugin
2004-11-24 00:00:00
cvelist
cvelist
CVE-2004-1029
2004-11-24 05:00:00
cve
cve
CVE-2004-1029
2005-03-01 05:00:00
securityvulns
securityvulns
iDEFENSE Security Advisory 11.22.04: Sun Java Plugin Arbitrary Package Access Vulnerability
2004-11-23 00:00:00
checkpoint_advisories
checkpoint_advisories
Sun Java Plug-in Sandbox Security Bypass (CVE-2004-1029)
2009-11-30 00:00:00

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

6.5 Medium

AI Score

Confidence

Low

0.192 Low

EPSS

Percentile

96.3%

JSON
Related for MACOSX_SECUPD2005-002.NASL
cert1openvas10gentoo1nessus5nvd1freebsd1cvelist1cve1securityvulns1checkpoint_advisories1