Mac OS X : Java for Mac OS X 10.5 Update 7

#TRUSTED 0461ea5b7643b08e5169e76865ec66f13cf0f17a2846256cf041eb3cc5213b926b57a5dc302ee19a2aa049927f73a1418941cc655bdd1db1934acb30198b64e183aff70aa020fc85684dfec43ce34becf51c35ae3a0f04028420a3cad4a8691b7a752bd5b6b548fec7c7373ad6077c46f0dbf305103eda45e7af7900d2ffe731a66a9b750c4aba305cc197645b27fcbcc1ff0cb5e4e7ff03b876a2ffd02ae53ae3a292d56f850fa8884e4ffb202ec56e48564d7ed10e488167467ac402e0f2b57d8a66570e91d0efcaab1ec5c959a63f39fb69b70611aad673357dd855c7d35101b7247a6c60831ad09c51af0308e3ca03c7ced0b04f887838a85a61fe65c53021389de95c8004bfb251e4d52b341587b4e911c7c3c0186cb789c8456ebb03369e271e2a4b6c953460bba290bf846740760c4e65ff6c1ca665e59438bf0b711f9f3808c01c53675892c4e7843f8ca7175563a320ae31e56fc570dece90367076adfcedb02031a58f7a7bf936790e4b54fd371110e456d9169e10e05aed0e56e17911f62a72b91c429b9c3ffd8d1e985a31a1b9f0aa81f333f91b0f12d0ab42216687de32ace08041b92b5bfaecf624f531d9fc96122646e771716c7eded65226d55761d42d6867e4605392cfdfa87fd63bd53c9d9bc1f383553ecd8c50753e7f4c9adbbe0cb56f9b7c675e903a981df9f6951c6c51a13b7ed6c86b8b5b4ae1f3
#TRUST-RSA-SHA256 8a9b315bd51b43c41ac54f853883e19008b963e0baf408ee79400d0b46764bc27889802df4b7e925a6b7fb63e3bc6723ab9364019a1cedb178c8a0cff78188637d8427cf2adeffcb5db380eeeabfe3d45a18a55e37ce90fb11cadf6400a3351011e107643f57a6940ce1e17689506c3c5024637c2e557b7bbd836cd74cb2aaf39f2e08a2f6861e38e4f00e007c417165cec1bd9513c634b3be8447b74b17e1f28cacb6a26f0b7d6227adfdeb6436d3f59fc163509a52538b11d7d8030c649084b301c9e9a03dc8a5fcefed89569cd2ebd8b56300fcffbefd64c275b464b85862caca95943f53a3c65e51053824e80e94ede2ba4c3fccda7535aad9f702f819132047e36104cd711082d7e6d879e1f46f6efc28713c248fb73b9f23f05d7616900d3b099e693b603a96b9d9ba0e39b7ab34399f8d2c4baeb3953f058e1c25b6b965da13badd242733f859ed136c05449ae4b8715ee6d34dde259246b3d5ef0c5d25b5b1ad5c7c81c60568053d232afcf95cf7d0109ae456e0eb13e72991ae9c587a8e893a2253de0cf2c2dc57a0d6f88eb6dc275bf067b9f1f19ae12219e5e1dfa1d2f19289a3b5f76f4af6b881b3e3a3960c6967e455709f755cf8c0853ac76db06001f49fb53206196344175ea7cc9e7257f33d4d8d04e2addc710265c0e1164fa17e56368c9493f247a9fc95844af1ea75a627c348c30a5ead57d768ae6009
#
# (C) Tenable Network Security, Inc.
#

include('compat.inc');

if (description)
{
  script_id(46673);
  script_version("1.24");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/27");

  script_cve_id(
    "CVE-2009-3555",
    "CVE-2009-3910",
    "CVE-2010-0082",
    "CVE-2010-0084",
    "CVE-2010-0085",
    "CVE-2010-0087",
    "CVE-2010-0088",
    "CVE-2010-0089",
    "CVE-2010-0090",
    "CVE-2010-0091",
    "CVE-2010-0092",
    "CVE-2010-0093",
    "CVE-2010-0094",
    "CVE-2010-0095",
    "CVE-2010-0538",
    "CVE-2010-0539",
    "CVE-2010-0837",
    "CVE-2010-0838",
    "CVE-2010-0840",
    "CVE-2010-0841",
    "CVE-2010-0842",
    "CVE-2010-0843",
    "CVE-2010-0844",
    "CVE-2010-0846",
    "CVE-2010-0847",
    "CVE-2010-0848",
    "CVE-2010-0849",
    "CVE-2010-0886",
    "CVE-2010-0887"
  );
  script_bugtraq_id(
    36935,
    39069,
    39073,
    39078,
    40238,
    40240
  );
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/06/15");

  script_name(english:"Mac OS X : Java for Mac OS X 10.5 Update 7");

  script_set_attribute(attribute:"synopsis", value:
"The remote host has a version of Java that is affected by multiple
vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The remote Mac OS X host is running a version of Java for Mac OS X
10.5 that is missing Update 7.

The remote version of this software contains several security
vulnerabilities, including some that may allow untrusted Java applets
to obtain elevated privileges and lead to execution of arbitrary code
with the privileges of the current user.");
  script_set_attribute(attribute:"see_also", value:"http://support.apple.com/kb/HT4170");
  script_set_attribute(attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2010/May/msg00002.html");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Java for Mac OS X 10.5 Update 7 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2010-0887");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Sun Java Web Start Plugin Command Line Argument Injection');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:"CANVAS");
  script_cwe_id(310);

  script_set_attribute(attribute:"vuln_publication_date", value:"2010/05/18");
  script_set_attribute(attribute:"patch_publication_date", value:"2010/05/18");
  script_set_attribute(attribute:"plugin_publication_date", value:"2010/05/19");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"MacOS X Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2010-2023 Tenable Network Security, Inc.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/MacOSX/packages");

  exit(0);
}


include("misc_func.inc");
include("ssh_func.inc");
include("macosx_func.inc");



enable_ssh_wrappers();

function exec(cmd)
{
  local_var ret, buf;

  if (islocalhost())
    buf = pread_wrapper(cmd:"/bin/bash", argv:make_list("bash", "-c", cmd));
  else
  {
    ret = ssh_open_connection();
    if (!ret) exit(1, "ssh_open_connection() failed.");
    buf = ssh_cmd(cmd:cmd);
    ssh_close_connection();
  }
  if (buf !~ "^[0-9]") exit(1, "Failed to get the version - '"+buf+"'.");

  buf = chomp(buf);
  return buf;
}


packages = get_kb_item("Host/MacOSX/packages");
if (!packages) exit(1, "The 'Host/MacOSX/packages' KB item is missing.");

uname = get_kb_item("Host/uname");
if (!uname) exit(1, "The 'Host/uname' KB item is missing.");

# Mac OS X 10.5 only.
if (!egrep(pattern:"Darwin.* 9\.", string:uname)) exit(0, "The remote Mac is not running Mac OS X 10.5 and thus is not affected.");

plist = "/System/Library/Frameworks/JavaVM.framework/Versions/A/Resources/version.plist";
cmd =
  'cat ' + plist + ' | ' +
  'grep -A 1 CFBundleVersion | ' +
  'tail -n 1 | ' +
  'sed \'s/.*string>\\(.*\\)<\\/string>.*/\\1/g\'';
version = exec(cmd:cmd);
if (!strlen(version)) exit(1, "Can't get version info from '"+plist+"'.");

ver = split(version, sep:'.', keep:FALSE);
for (i=0; i<max_index(ver); i++)
  ver[i] = int(ver[i]);

# Fixed in version 12.6.0.
if (
  ver[0] < 12 ||
  (ver[0] == 12 && ver[1] < 6)
)
{
  gs_opt = get_kb_item("global_settings/report_verbosity");
  if (gs_opt && gs_opt != 'Quiet')
  {
    report =
      '\n  Installed version : ' + version +
      '\n  Fixed version     : 12.6.0\n';
    security_hole(port:0, extra:report);
  }
  else security_hole(0);
}
else exit(0, "The remote host is not affected since JavaVM Framework version "+version+" is installed.");