Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.SAFARI_5_1_1.NASL
HistoryOct 13, 2011 - 12:00 a.m.

Safari < 5.1.1 Multiple Vulnerabilities

2011-10-1300:00:00
This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
www.tenable.com
25
JSON

The version of Safari installed on the remote Windows host is earlier than 5.1.1. Thus, it is potentially affected by numerous issues in the following components :

  • Safari
  • WebKit
#
# (C) Tenable Network Security, Inc.
#


if (NASL_LEVEL < 3000) exit(0);

include("compat.inc");


if (description)
{
  script_id(56483);
  script_version("1.12");
  script_cvs_date("Date: 2018/07/27 18:38:15");

  script_cve_id(
    "CVE-2011-1440",
    "CVE-2011-2338",
    "CVE-2011-2339",
    "CVE-2011-2341",
    "CVE-2011-2351",
    "CVE-2011-2352",
    "CVE-2011-2354",
    "CVE-2011-2356",
    "CVE-2011-2359",
    "CVE-2011-2788",
    "CVE-2011-2790",
    "CVE-2011-2792",
    "CVE-2011-2797",
    "CVE-2011-2799",
    "CVE-2011-2800",
    "CVE-2011-2805",
    "CVE-2011-2809",
    "CVE-2011-2811",
    "CVE-2011-2813",
    "CVE-2011-2814",
    "CVE-2011-2815",
    "CVE-2011-2816",
    "CVE-2011-2817",
    "CVE-2011-2818",
    "CVE-2011-2819",
    "CVE-2011-2820",
    "CVE-2011-2823",
    "CVE-2011-2827",
    "CVE-2011-2831",
    "CVE-2011-3229",
    "CVE-2011-3232",
    "CVE-2011-3233",
    "CVE-2011-3234",
    "CVE-2011-3235",
    "CVE-2011-3236",
    "CVE-2011-3237",
    "CVE-2011-3238",
    "CVE-2011-3239",
    "CVE-2011-3241",
    "CVE-2011-3243"
  );
  script_bugtraq_id(
    47604,
    48479,
    48960,
    49279,
    49658,
    49850,
    50089,
    50163,
    51032
  );

  script_name(english:"Safari < 5.1.1 Multiple Vulnerabilities");
  script_summary(english:"Checks Safari's version number");

  script_set_attribute(
    attribute:"synopsis",
    value:
"The remote host contains a web browser that is affected by several
vulnerabilities."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The version of Safari installed on the remote Windows host is earlier
than 5.1.1.  Thus, it is potentially affected by numerous issues in 
the following components :

  - Safari
  - WebKit"
  );
  # http://vttynotes.blogspot.com/2011/10/cve-2011-3229-steal-files-and-inject-js.html
  script_set_attribute(
    attribute:"see_also", 
    value:"http://www.nessus.org/u?95007eac"
  );
  script_set_attribute(
    attribute:"see_also", 
    value:"http://support.apple.com/kb/HT5000"
  );
  script_set_attribute(
    attribute:"see_also", 
    value:"http://lists.apple.com/archives/security-announce/2011/Oct/msg00004.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Upgrade to Safari 5.1.1 or later."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2011/04/27");
  script_set_attribute(attribute:"patch_publication_date", value:"2011/10/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2011/10/13");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:safari");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.");

  script_dependencies("safari_installed.nasl");
  script_require_keys("SMB/Safari/FileVersion");

  exit(0);
}


include("global_settings.inc");
include("misc_func.inc");


version = get_kb_item_or_exit("SMB/Safari/FileVersion");

version_ui = get_kb_item("SMB/Safari/ProductVersion");
if (isnull(version_ui)) version_ui = version;

fixed_version = '5.34.51.22';
fixed_version_ui = '5.1.1 (7534.51.22)';

if (ver_compare(ver:version, fix:fixed_version) == -1)
{
  if (report_verbosity > 0)
  {
    path = get_kb_item("SMB/Safari/Path");
    if (isnull(path)) path = "n/a";

    report = 
      '\n  Path              : ' + path + 
      '\n  Installed version : ' + version_ui + 
      '\n  Fixed version     : ' + fixed_version_ui + '\n';
    security_hole(port:get_kb_item("SMB/transport"), extra:report);
  }
  else security_hole(get_kb_item("SMB/transport"));
}
else exit(0, "The remote host is not affected since Safari " + version_ui + " is installed.");
VendorProductVersionCPE
applesafaricpe:/a:apple:safari

References

Related

openvas 26
nessus 8
securityvulns 11
debian 4
osv 2
seebug 2
chrome 2
threatpost 2
prion 40
debiancve 15
cve 40
ubuntucve 39
checkpoint_advisories 6
packetstorm 1
mozilla 1
openvas
openvas
Apple Safari Multiple Vulnerabilities (Oct 2011) - Windows
2012-05-24 00:00:00
Apple Safari Multiple Vulnerabilities - Oct 2011 (Windows)
2012-05-24 00:00:00
Apple MAC OS X v10.6.8 Safari Multiple Vulnerabilities
2011-10-20 00:00:00
nessus
nessus
Mac OS X : Apple Safari < 5.1.1
2011-10-13 00:00:00
Debian DSA-2307-1 : chromium-browser - several vulnerabilities
2011-09-12 00:00:00
Apple iTunes < 10.5 Multiple Vulnerabilities (uncredentialed check)
2011-10-12 00:00:00
securityvulns
securityvulns
Apple Safari / WebKit multiple security vulnerabilities
2011-10-15 00:00:00
APPLE-SA-2011-10-12-4 Safari 5.1.1
2011-10-15 00:00:00
Google Сhrome multiple security vulnerabilities
2011-09-13 00:00:00
debian
debian
[SECURITY] [DSA 2307-1] chromium-browser security update
2011-09-11 17:36:04
[SECURITY] [DSA 2307-1] chromium-browser security update
2011-09-11 17:36:04
[SECURITY] [DSA 2245-1] chromium-browser security update
2011-05-29 10:50:22
osv
osv
chromium-browser - several
2011-09-11 00:00:00
chromium-browser - several vulnerabilities
2011-05-29 00:00:00
seebug
seebug
Apple iTunes多个安全漏洞
2011-10-13 00:00:00
Apple Safari safari-extension:// URL处理遍历远程代码执行漏洞
2011-10-17 00:00:00
chrome
chrome
Stable Channel Update
2011-08-02 00:00:00
Stable Channel Update
2011-08-22 00:00:00
threatpost
threatpost
Google Fixes 30 Bugs in Chrome, Pays $17K in Bounties
2011-08-02 18:10:51
Google Fixes 11 Flaws in Chrome 13.0.782.215
2011-08-23 11:16:36
prion
prion
Memory corruption
2011-10-12 18:55:00
Design/Logic Flaw
2011-08-29 15:55:00
Memory corruption
2011-10-12 18:55:00
debiancve
debiancve
CVE-2011-2359
2011-08-03 00:55:00
CVE-2011-2823
2011-08-29 15:55:00
CVE-2011-2351
2011-06-29 17:55:00
cve
cve
CVE-2011-3237
2011-10-12 18:55:00
CVE-2011-2823
2011-08-29 15:55:00
CVE-2011-2351
2011-06-29 17:55:00
ubuntucve
ubuntucve
CVE-2011-2338
2011-10-12 00:00:00
CVE-2011-2823
2011-08-29 00:00:00
CVE-2011-2359
2011-08-03 00:00:00
checkpoint_advisories
checkpoint_advisories
Google Chrome and Apple Safari Apple Webkit Ruby Memory Corruption - Ver2 (CVE-2011-1440)
2014-03-31 00:00:00
Google Chrome and Apple Safari Apple Webkit Ruby Memory Corruption (CVE-2011-1440)
2012-01-17 00:00:00
Google Chrome and Apple Safari Display Box Rendering Memory Corruption (CVE-2011-2818)
2011-11-01 00:00:00
packetstorm
packetstorm
Apple Safari Directory Traversal
2011-10-15 00:00:00
mozilla
mozilla
Potentially exploitable crash in the YARR regular expression library — Mozilla
2011-09-27 00:00:00
JSON
Related for SAFARI_5_1_1.NASL
openvas26nessus8securityvulns11debian4osv2seebug2chrome2threatpost2prion40debiancve15cve40ubuntucve39checkpoint_advisories6packetstorm1mozilla1