Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2013 Greenbone AGOPENVAS:1361412562310803807
HistoryJun 06, 2013 - 12:00 a.m.

Apple iTunes Multiple Vulnerabilities (Jun 2013) - Mac OS X

2013-06-0600:00:00
Copyright (C) 2013 Greenbone AG
plugins.openvas.org
8

6.1 Medium

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.012 Low

EPSS

Percentile

85.3%

JSON

Apple iTunes is prone to multiple vulnerabilities.

# SPDX-FileCopyrightText: 2013 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/a:apple:itunes";

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.803807");
  script_version("2024-02-08T14:36:53+0000");
  script_cve_id("CVE-2013-1014", "CVE-2013-1011", "CVE-2013-1010", "CVE-2013-1008",
                "CVE-2013-1007", "CVE-2013-1006", "CVE-2013-1005", "CVE-2013-1004",
                "CVE-2013-1003", "CVE-2013-1002", "CVE-2013-1001", "CVE-2013-1000",
                "CVE-2013-0999", "CVE-2013-0998", "CVE-2013-0997", "CVE-2013-0996",
                "CVE-2013-0995", "CVE-2013-0994", "CVE-2013-0993", "CVE-2013-0992",
                "CVE-2013-0991");
  script_tag(name:"cvss_base", value:"9.3");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_tag(name:"last_modification", value:"2024-02-08 14:36:53 +0000 (Thu, 08 Feb 2024)");
  script_tag(name:"creation_date", value:"2013-06-06 13:03:34 +0530 (Thu, 06 Jun 2013)");
  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");
  script_name("Apple iTunes Multiple Vulnerabilities (Jun 2013) - Mac OS X");

  script_xref(name:"URL", value:"http://support.apple.com/kb/HT5766");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/59941");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/59944");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/59953");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/59954");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/59955");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/59956");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/59957");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/59958");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/59959");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/59960");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/59963");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/59964");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/59965");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/59967");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/59970");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/59971");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/59972");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/59973");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/59974");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/59976");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/59977");
  script_xref(name:"URL", value:"http://secunia.com/advisories/53471");
  script_xref(name:"URL", value:"http://lists.apple.com/archives/security-announce/2013/May/msg00000.html");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2013 Greenbone AG");
  script_family("General");
  script_dependencies("secpod_itunes_detect_macosx.nasl");
  script_mandatory_keys("Apple/iTunes/MacOSX/Version");

  script_tag(name:"impact", value:"Successful exploitation will allow attackers to execute arbitrary code,
  conduct Man-in-the-Middle (MitM) attack or cause heap-based buffer overflow.");

  script_tag(name:"affected", value:"Apple iTunes before 11.0.3 on Mac OS X.");

  script_tag(name:"insight", value:"Multiple flaws due to

  - Improper validation of SSL certificates.

  - Integer overflow error within the 'string.replace()' method.

  - Some vulnerabilities are due to a bundled vulnerable version of WebKit.

  - Array indexing error when handling JSArray objects.

  - Boundary error within the 'string.concat()' method.");

  script_tag(name:"solution", value:"Upgrade to version 11.0.3 or later.");

  script_tag(name:"summary", value:"Apple iTunes is prone to multiple vulnerabilities.");

  exit(0);
}

include("host_details.inc");
include("version_func.inc");

if(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE))
  exit(0);

vers = infos["version"];
path = infos["location"];

if(version_is_less(version:vers, test_version:"11.0.3")) {
  report = report_fixed_ver(installed_version:vers, fixed_version:"11.0.3", install_path:path);
  security_message(port:0, data:report);
  exit(0);
}

exit(99);

Related

openvas 3
kaspersky 1
nessus 8
securityvulns 10
cve 21
cvelist 21
ubuntucve 20
zdi 3
prion 21
openvas
openvas
Apple iTunes Multiple Vulnerabilities (Jun 2013) - Windows
2013-06-06 00:00:00
Apple iTunes Multiple Vulnerabilities - June13 (Mac OS X)
2013-06-06 00:00:00
Apple iTunes Multiple Vulnerabilities - June13 (Windows)
2013-06-06 00:00:00
kaspersky
kaspersky
KLA10076 Multiple vulnerabilities in Apple iTunes
2013-05-22 00:00:00
nessus
nessus
Safari < 6.0.5 Multiple Security Vulnerabilities
2013-06-05 00:00:00
Mac OS X : Apple Safari < 6.0.5 Multiple Vulnerabilities
2013-06-05 00:00:00
iTunes < 11.0.3 Multiple Vulnerabilities
2013-05-19 00:00:00
securityvulns
securityvulns
APPLE-SA-2013-06-04-2 Safari 6.0.5
2013-06-17 00:00:00
WebKit / Apple Safari multiple security vulnerabilities
2013-06-17 00:00:00
Apple iTunes multiple security vulnerabilities
2013-05-27 00:00:00
cve
cve
CVE-2013-1008
2013-05-20 14:44:00
CVE-2013-1006
2013-05-20 14:44:00
CVE-2013-1007
2013-05-20 14:44:00
cvelist
cvelist
CVE-2013-1008
2013-05-19 10:00:00
CVE-2013-1007
2013-05-19 10:00:00
CVE-2013-1014
2013-05-19 10:00:00
ubuntucve
ubuntucve
CVE-2013-1007
2013-05-20 00:00:00
CVE-2013-1001
2013-05-20 00:00:00
CVE-2013-1002
2013-05-20 00:00:00
zdi
zdi
Webkit.org Webkit string.concat() Remote Code Execution Vulnerability
2013-05-30 00:00:00
Webkit.org Webkit string.replace Remote Code Execution Vulnerability
2013-05-30 00:00:00
Apple Safari Array Indexing Remote Code Execution Vulnerability
2013-05-30 00:00:00
prion
prion
Memory corruption
2013-05-20 14:44:00
Code injection
2013-05-20 14:44:00
Memory corruption
2013-05-20 14:44:00

6.1 Medium

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.012 Low

EPSS

Percentile

85.3%

JSON
Related for OPENVAS:1361412562310803807
openvas3kaspersky1nessus8securityvulns10cve21cvelist21ubuntucve20zdi3prion21