Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.ITUNES_10_2.NASL
HistoryMar 03, 2011 - 12:00 a.m.

Apple iTunes < 10.2 Multiple Vulnerabilities (credentialed check)

2011-03-0300:00:00
This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
www.tenable.com
14

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.664 Medium

EPSS

Percentile

98.0%

JSON

The version of Apple iTunes installed on the remote Windows host is older than 10.2. As such, it is affected by numerous issues in the following components :

  • ImageIO

  • libxml

  • WebKit

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(52534);
  script_version("1.21");
  script_cvs_date("Date: 2018/11/15 20:50:27");

  script_cve_id(
    "CVE-2010-1205",
    "CVE-2010-1824",
    "CVE-2010-2249",
    "CVE-2010-4008",
    "CVE-2010-4494",
    "CVE-2011-0111",
    "CVE-2011-0112",
    "CVE-2011-0113",
    "CVE-2011-0114",
    "CVE-2011-0115",
    "CVE-2011-0116",
    "CVE-2011-0117",
    "CVE-2011-0118",
    "CVE-2011-0119",
    "CVE-2011-0120",
    "CVE-2011-0121",
    "CVE-2011-0122",
    "CVE-2011-0123",
    "CVE-2011-0124",
    "CVE-2011-0125",
    "CVE-2011-0126",
    "CVE-2011-0127",
    "CVE-2011-0128",
    "CVE-2011-0129",
    "CVE-2011-0130",
    "CVE-2011-0131",
    "CVE-2011-0132",
    "CVE-2011-0133",
    "CVE-2011-0134",
    "CVE-2011-0135",
    "CVE-2011-0136",
    "CVE-2011-0137",
    "CVE-2011-0138",
    "CVE-2011-0139",
    "CVE-2011-0140",
    "CVE-2011-0141",
    "CVE-2011-0142",
    "CVE-2011-0143",
    "CVE-2011-0144",
    "CVE-2011-0145",
    "CVE-2011-0146",
    "CVE-2011-0147",
    "CVE-2011-0148",
    "CVE-2011-0149",
    "CVE-2011-0150",
    "CVE-2011-0151",
    "CVE-2011-0152",
    "CVE-2011-0153",
    "CVE-2011-0154",
    "CVE-2011-0155",
    "CVE-2011-0156",
    "CVE-2011-0164",
    "CVE-2011-0165",
    "CVE-2011-0168",
    "CVE-2011-0170",
    "CVE-2011-0191",
    "CVE-2011-0192"
  );
  script_bugtraq_id(
    41174,
    44779,
    46657,
    46658,
    46659,
    46677,
    46684,
    46686,
    46687,
    46688,
    46689,
    46690,
    46691,
    46692,
    46693,
    46694,
    46695,
    46696,
    46698,
    46699,
    46700,
    46701,
    46702,
    46703,
    46704,
    46705,
    46706,
    46707,
    46708,
    46709,
    46710,
    46711,
    46712,
    46713,
    46714,
    46715,
    46716,
    46717,
    46718,
    46719,
    46720,
    46721,
    46722,
    46723,
    46724,
    46725,
    46726,
    46727,
    46728,
    46744,
    46745,
    46746,
    46747,
    46748,
    46749
  );

  script_name(english:"Apple iTunes < 10.2 Multiple Vulnerabilities (credentialed check)");
  script_summary(english:"Checks version of iTunes on Windows");

  script_set_attribute(
    attribute:"synopsis",
    value:
"The remote host contains an application that has multiple
vulnerabilities."
  );
  script_set_attribute(
    attribute:"description",
    value:
"The version of Apple iTunes installed on the remote Windows host is
older than 10.2. As such, it is affected by numerous issues in the
following components :

  - ImageIO

  - libxml

  - WebKit");
  script_set_attribute(attribute:"see_also", value:"https://support.apple.com/en-us/HT4554");
  script_set_attribute(attribute:"see_also", value:"https://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html");
  script_set_attribute(attribute:"solution", value:"Upgrade to Apple iTunes 10.2 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2010/06/25");
  script_set_attribute(attribute:"patch_publication_date", value:"2011/03/02");
  script_set_attribute(attribute:"plugin_publication_date", value:"2011/03/03");

  script_set_attribute(attribute:"plugin_type", value:"local");

  script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:itunes");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.");

  script_dependencies("itunes_detect.nasl");
  script_require_keys("SMB/iTunes/Version");

  exit(0);
}


include("global_settings.inc");
include("misc_func.inc");


version = get_kb_item_or_exit("SMB/iTunes/Version");
fixed_version = "10.2.0.34";

if (ver_compare(ver:version, fix:fixed_version) == -1)
{
  if (report_verbosity > 0)
  {
    path = get_kb_item("SMB/iTunes/Path");
    if (isnull(path)) path = 'n/a';

    report =
      '\n  Path              : '+path+
      '\n  Installed version : '+version+
      '\n  Fixed version     : '+fixed_version+'\n';
    security_hole(port:get_kb_item("SMB/transport"), extra:report);
  }
  else security_hole(get_kb_item("SMB/transport"));
}
else exit(0, "The host is not affected since iTunes "+version+" is installed.");
VendorProductVersionCPE
appleitunescpe:/a:apple:itunes

References

Related

openvas 47
nessus 37
securityvulns 7
slackware 1
ubuntu 1
fedora 9
debian 6
osv 2
altlinux 6
gentoo 2
redhat 1
oraclelinux 1
centos 1
prion 15
ubuntucve 13
nvd 16
debiancve 2
cvelist 16
cve 11
veracode 1
zdi 2
threatpost 1
f5 1
openvas
openvas
Apple iTunes Multiple Vulnerabilities - Mar11
2011-03-10 00:00:00
Apple iTunes Multiple Vulnerabilities (HT4554)
2011-03-10 00:00:00
Apple Safari Multiple Vulnerabilities - March 2011 (Mac OS X)
2011-08-12 00:00:00
nessus
nessus
Apple iTunes < 10.2 Multiple Vulnerabilities (uncredentialed check)
2011-03-03 00:00:00
Safari < 5.0.4 Multiple Vulnerabilities
2011-03-10 00:00:00
Mac OS X : Apple Safari < 5.0.4
2011-03-10 00:00:00
securityvulns
securityvulns
About the security content of iTunes 10.2
2011-03-03 00:00:00
Apple WebKit / Safari / iTunes / libtiff / Google Chrome multiple security vulnerabilities
2011-03-16 00:00:00
About the security content of Safari 5.0.4
2011-03-15 00:00:00
slackware
slackware
[slackware-security] libpng
2010-06-30 06:39:45
ubuntu
ubuntu
libpng vulnerabilities
2010-07-08 00:00:00
fedora
fedora
[SECURITY] Fedora 13 Update: libpng10-1.0.54-1.fc13
2010-07-20 22:32:04
[SECURITY] Fedora 13 Update: libpng-1.2.44-1.fc13
2010-07-01 18:36:39
[SECURITY] Fedora 13 Update: mingw32-libpng-1.2.44-1.fc13
2010-07-27 02:50:02
debian
debian
[SECURITY] [DSA 2072-1] New libpng packages fix several vulnerabilities
2010-07-19 12:27:24
[SECURITY] [DSA 2072-1] New libpng packages fix several vulnerabilities
2010-07-19 12:27:24
[SECURITY] [DSA-2210-2] tiff security update
2011-06-25 10:31:46
osv
osv
libpng - several vulnerabilities
2010-07-19 00:00:00
tiff - several
2011-04-03 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 5 package libpng version 1.2.44-alt1
2010-06-29 00:00:00
Security fix for the ALT Linux 6 package libpng version 1.2.44-alt1
2010-06-29 00:00:00
Security fix for the ALT Linux 10 package libxml2 version 1:2.7.8-alt3
2010-12-27 00:00:00
gentoo
gentoo
Libpng: Multiple vulnerabilities
2010-10-05 00:00:00
libxml2: Multiple vulnerabilities
2011-10-26 00:00:00
redhat
redhat
(RHSA-2010:0534) Important: libpng security update
2010-07-14 00:00:00
oraclelinux
oraclelinux
libpng security update
2010-07-14 00:00:00
centos
centos
libpng, libpng10 security update
2010-07-14 22:40:18
prion
prion
Memory corruption
2011-03-03 20:00:00
Design/Logic Flaw
2010-09-24 19:00:00
Memory corruption
2011-03-03 20:00:00
ubuntucve
ubuntucve
CVE-2010-1824
2010-09-24 00:00:00
CVE-2011-0140
2011-03-03 00:00:00
CVE-2011-0142
2011-03-03 00:00:00
nvd
nvd
CVE-2011-0140
2011-03-03 20:00:02
CVE-2011-0125
2011-03-03 20:00:01
CVE-2011-0164
2011-03-03 20:00:02
debiancve
debiancve
CVE-2010-1824
2010-09-24 19:00:00
CVE-2010-2249
2010-06-30 18:30:01
cvelist
cvelist
CVE-2010-1824
2010-09-24 18:00:00
CVE-2011-0130
2011-03-03 19:00:00
CVE-2010-2249
2010-06-30 18:00:00
cve
cve
CVE-2011-0142
2011-03-03 20:00:02
CVE-2010-2249
2010-06-30 18:30:01
CVE-2011-0121
2011-03-03 20:00:01
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:43:56
zdi
zdi
Apple Webkit Error Message Mutation Remote Code Execution Vulnerability
2011-03-02 00:00:00
Apple Webkit Font Glyph Layout Remote Code Execution Vulnerability
2011-03-02 00:00:00
threatpost
threatpost
Weaknesses in Webkit Becoming Problematic
2011-08-28 23:44:39
f5
f5
K51182024 : libxml2 2.7.8 vulnerability CVE-2010-4494
2020-06-17 00:00:00

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.664 Medium

EPSS

Percentile

98.0%

JSON
Related for ITUNES_10_2.NASL
openvas47nessus37securityvulns7slackware1ubuntu1fedora9debian6osv2altlinux6gentoo2redhat1oraclelinux1centos1prion15ubuntucve13nvd16debiancve2cvelist16cve11veracode1zdi2threatpost1f51