Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2010-2018 Tenable Network Security, Inc.SAFARI_5_0_3.NASL
HistoryNov 18, 2010 - 12:00 a.m.

Safari < 5.0.3 Multiple Vulnerabilities

2010-11-1800:00:00
This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
www.tenable.com
12
JSON

The version of Safari installed on the remote Windows host is earlier than 5.0.3. As such, it is potentially affected by numerous issues in its WebKit component that could allow arbitrary code execution, session tracking, address bar spoofing, and other sorts of attacks.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(50654);
  script_version("1.14");
  script_cvs_date("Date: 2018/07/27 18:38:15");

  script_cve_id(
    "CVE-2010-1812",
    "CVE-2010-1813",
    "CVE-2010-1814",
    "CVE-2010-1815",
    "CVE-2010-1822",
    "CVE-2010-3116",
    "CVE-2010-3257",
    "CVE-2010-3259",
    "CVE-2010-3803",
    "CVE-2010-3804",
    "CVE-2010-3805",
    "CVE-2010-3808",
    "CVE-2010-3809",
    "CVE-2010-3810",
    "CVE-2010-3811",
    "CVE-2010-3812",
    "CVE-2010-3813",
    "CVE-2010-3816",
    "CVE-2010-3817",
    "CVE-2010-3818",
    "CVE-2010-3819",
    "CVE-2010-3820",
    "CVE-2010-3821",
    "CVE-2010-3822",
    "CVE-2010-3823",
    "CVE-2010-3824",
    "CVE-2010-3826"
  );
  script_bugtraq_id(
    43079,
    43081,
    43083,
    44200,
    44206,
    44950,
    44952,
    44953,
    44954,
    44955,
    44956,
    44957,
    44958,
    44959,
    44960,
    44961,
    44962,
    44963,
    44964,
    44965,
    44967,
    44969,
    44970,
    44971
  );

  script_name(english:"Safari < 5.0.3 Multiple Vulnerabilities");
  script_summary(english:"Checks Safari's version number");

  script_set_attribute(
    attribute:"synopsis",
    value:
"The remote host contains a web browser that is affected by several
vulnerabilities."
  );
  script_set_attribute(
    attribute:"description",
    value:
"The version of Safari installed on the remote Windows host is earlier
than 5.0.3.  As such, it is potentially affected by numerous issues in
its WebKit component that could allow arbitrary code execution, session
tracking, address bar spoofing, and other sorts of attacks."
  );
  script_set_attribute(attribute:"see_also", value:"http://support.apple.com/kb/HT4455");
  script_set_attribute(attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2010/Nov/msg00002.html");
  script_set_attribute(attribute:"solution", value:"Upgrade to Safari 5.0.3 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2010/09/08");
  script_set_attribute(attribute:"patch_publication_date", value:"2010/11/18");
  script_set_attribute(attribute:"plugin_publication_date", value:"2010/11/18");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:safari");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.");

  script_dependencies("safari_installed.nasl");
  script_require_keys("SMB/Safari/FileVersion");

  exit(0);
}


include("global_settings.inc");
include("misc_func.inc");


version = get_kb_item_or_exit("SMB/Safari/FileVersion");

version_ui = get_kb_item("SMB/Safari/ProductVersion");
if (isnull(version_ui)) version_ui = version;

if (ver_compare(ver:version, fix:"5.33.19.4") == -1)
{
  if (report_verbosity > 0)
  {
    path = get_kb_item("SMB/Safari/Path");
    if (isnull(path)) path = "n/a";

    report =
      '\n  Path              : ' + path +
      '\n  Installed version : ' + version_ui +
      '\n  Fixed version     : 5.0.3 (7533.19.4)\n';
    security_hole(port:get_kb_item("SMB/transport"), extra:report);
  }
  else security_hole(get_kb_item("SMB/transport"));
}
else exit(0, "The remote host is not affected since Safari " + version_ui + " is installed.");
VendorProductVersionCPE
applesafaricpe:/a:apple:safari

References

Related

securityvulns 2
nessus 19
openvas 37
freebsd 2
ubuntucve 29
redhat 1
cve 28
prion 28
oraclelinux 1
debiancve 7
checkpoint_advisories 4
exploitpack 1
seebug 1
packetstorm 1
fedora 6
veracode 8
zdi 1
exploitdb 1
msvr 1
gentoo 1
ubuntu 1
securityvulns
securityvulns
About the security content of Safari 5.0.3 and Safari 4.1.3
2010-11-20 00:00:00
Apple Webkit / Safari / Google Chrome multiple security vulnerabilities
2010-11-23 00:00:00
nessus
nessus
Mac OS X : Apple Safari < 5.0.3 / 4.1.3
2010-11-18 00:00:00
Fedora 13 : webkitgtk-1.2.5-1.fc13 (2010-15957)
2010-10-20 00:00:00
Fedora 12 : webkitgtk-1.2.5-1.fc12 (2010-15982)
2010-10-20 00:00:00
openvas
openvas
Apple Safari Webkit Multiple Vulnerabilities - Nov10
2010-11-23 00:00:00
Apple Safari Webkit < 5.0.3 Multiple Vulnerabilities (HT4455)
2010-11-23 00:00:00
FreeBSD Ports: webkit-gtk2
2010-11-17 00:00:00
freebsd
freebsd
Webkit-gtk2 -- Multiple Vulnabilities
2010-10-01 00:00:00
webkit-gtk2 -- Multiple vulnerabilities
2010-12-28 00:00:00
ubuntucve
ubuntucve
CVE-2010-3818
2010-11-22 00:00:00
CVE-2010-3820
2010-11-22 00:00:00
CVE-2010-3816
2010-11-22 00:00:00
redhat
redhat
(RHSA-2011:0177) Moderate: webkitgtk security update
2011-01-25 00:00:00
cve
cve
CVE-2010-3818
2010-11-22 13:00:00
CVE-2010-3820
2010-11-22 13:00:00
CVE-2010-3816
2010-11-22 13:00:00
prion
prion
Design/Logic Flaw
2010-11-22 13:00:00
Design/Logic Flaw
2010-11-22 13:00:00
Integer overflow
2010-11-22 13:00:00
oraclelinux
oraclelinux
webkitgtk security update
2011-02-10 00:00:00
debiancve
debiancve
CVE-2010-1822
2010-10-04 21:00:00
CVE-2010-3116
2010-08-24 20:00:00
CVE-2010-1813
2010-09-09 22:00:00
checkpoint_advisories
checkpoint_advisories
Apple Safari WebKit Menu Onchange Memory Corruption (CVE-2010-1814)
2011-02-24 00:00:00
Apple Safari and Google Chrome Webkit Object Outline Memory Corruption (CVE-2010-1813)
2011-02-21 00:00:00
Apple Safari WebKit Stale Pointer Use-after-free Code Execution (CVE-2010-3257)
2011-05-31 00:00:00
exploitpack
exploitpack
Webkit (Apple Safari 4.1.25.0.2 Google Chrome 5.0.375.125) - Memory Corruption
2010-09-10 00:00:00
seebug
seebug
Webkit (Apple Safari < 4.1.2/5.0.2 & Google Chrome < 5.0.375.125) - Memory Corruption
2014-07-01 00:00:00
packetstorm
packetstorm
Webkit Memory Corruption
2010-09-11 00:00:00
fedora
fedora
[SECURITY] Fedora 14 Update: qt-4.7.0-8.fc14
2010-11-03 21:08:39
[SECURITY] Fedora 14 Update: qt-4.7.4-2.fc14
2011-09-25 03:32:05
[SECURITY] Fedora 13 Update: webkitgtk-1.2.6-1.fc13
2011-01-07 20:01:55
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:53:17
Access Restrictions Bypass
2020-04-10 00:53:20
Denial Of Service (DoS)
2020-04-10 00:53:18
zdi
zdi
Apple Webkit WholeText Integer Overflow Remote Code Execution Vulnerability
2010-11-23 00:00:00
exploitdb
exploitdb
Webkit (Apple Safari &lt; 4.1.2/5.0.2 / Google Chrome &lt; 5.0.375.125) - Memory Corruption
2010-09-10 00:00:00
msvr
msvr
HTML5 Implementation in Chrome, Opera, and Safari Could Allow Information Disclosure
2011-04-19 00:00:00
gentoo
gentoo
Multiple packages, Multiple vulnerabilities fixed in 2011
2014-12-11 00:00:00
ubuntu
ubuntu
WebKit vulnerabilities
2011-08-23 00:00:00
JSON
Related for SAFARI_5_0_3.NASL
securityvulns2nessus19openvas37freebsd2ubuntucve29redhat1cve28prion28oraclelinux1debiancve7checkpoint_advisories4exploitpack1seebug1packetstorm1fedora6veracode8zdi1exploitdb1msvr1gentoo1ubuntu1