CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
Confidence
High
EPSS
Percentile
99.7%
The remote Mac OS X 10.7 or 10.8 host has a Java runtime that is missing the Java for OS X 2013-001 update, which updates the Java version to 1.6.0_41. It is, therefore, affected by several security vulnerabilities, the most serious of which may allow an untrusted Java applet to execute arbitrary code with the privileges of the current user outside the Java sandbox.
#TRUSTED 26e49091a12a6c6253745cea48f676cc0adc918cba6998911ae5384db3bbb0f92584333efd41a7fb058ce61b2837e9ffdb8bfac5abf6beb0668fe95ebdbb0218389eda419fe0e17d7f29dcb7ffca79234a3cab7c42235427a020a0e55469872f1053b19b08ea8f318543b41cc5524f9c85d539417c98229235007721163a6774014813af383583fb2ab451af3b8ab9920998aad302bb06c81747248a579294b53c3fda39c2abf4db8d95891532c4aab0991006a60392ba97abefab784c55b5f9f855af008764dbf453428036a47675df663d220f398d5531369ee428f2fa9abc0cf4230ce8fc375e3838d806fad9be8a1148fa8b4543e17d40408184453d8c570c4745f97c3baef6f471598d1332188013620430b7af9fcb0c0fb2680f38c7579c82d11c825772cdb157307fd8dbcae3f662ea4dd84420c3c16e49f80fe96f9343eefbf4b25e9f0ab4115f1af76e18f0ab8d9798ae49e3a1be20bc636ccbf4ac7aefc5d509dbe6ba8adef3e7e8639a1381f43f8c9425b91aefaf20a44a3515e11a709a6ed188d8ce83782b264eed1d394ced21c4e4ed133165b85b2d159f5b023ec19d6950fa33fa35ee33fcfd66862acafc37095dbb9e2b54fa139392460632a0f86a53f31fcf88787d605958f2cd974859c0b127fbcf9099fc04f7afa2c4c1b585d003fb90e21a53a3ca02894732ad858d7dec90be4c52e5d91ed597981ebb
#TRUST-RSA-SHA256 27f216fa453b1ed39f6273486d724f547d616e35fcb4e6d706d7df2dbbffe2a528a84aea287c7c5d95afdff9aeae94ba2caae5a7b9a6331f8ee93ca9d9073baaebf604574df41f81583fd6ab0bd0e58ada2e8868821f8748770269e3bb2177f962497a091a9273767b5e67913d3c9758fbfcb431ea09117e1972f684a66228666432d808d89a398ff8395ef3da05057e8f9ce319e3677e858e407c690896645489bf501f97b299513b3a5b5505e1fde2f8a7c5e795d958389fddeef47727aa78f02d6c83e8da2046c7d7e7236ff03e4f129c6d2118a941adf87f12730ce77d6060d420308cc2e21dbf152b0832821c8e13ce888e2ee19dcd2d8f09a08ebe19a341eed9c50ad440a97a9dbb3acb0766be12f9d1695cbc6ba0a8d13354d351811119c9a46670b20205006c7f91dacf753d8ec6d11c7dbe8ae20d802d71a4a76058ebfa0b21a554c7bb3d21d1f6ead4810b32d08a642ae7cf365fec7c1dcb1be902125077cdd3767a6e20cf79ec6789c25f7c77b8a5b7bcba5b83d1c02c65f60a7fa0badc9770dc4256ebc64e49a7451e9a35bb562876dad6d05b7b4208927b3385202e06187e37a05a1c40c66f9173f5d369b909d2fe340c8f0310aa414429f9d337dc5dd207e5696dc54b178d09b50a10ec53f8ea705db1a5e2648535cf98c3f1ee56eb31f7f2245dc9336b94f7d88dc98046c3da3fdd6abfc68d8e6e15c0562e
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(64700);
script_version("1.14");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/27");
script_cve_id(
"CVE-2012-3213",
"CVE-2012-3342",
"CVE-2013-0351",
"CVE-2013-0409",
"CVE-2013-0419",
"CVE-2013-0423",
"CVE-2013-0424",
"CVE-2013-0425",
"CVE-2013-0426",
"CVE-2013-0427",
"CVE-2013-0428",
"CVE-2013-0429",
"CVE-2013-0432",
"CVE-2013-0433",
"CVE-2013-0434",
"CVE-2013-0435",
"CVE-2013-0438",
"CVE-2013-0440",
"CVE-2013-0441",
"CVE-2013-0442",
"CVE-2013-0443",
"CVE-2013-0445",
"CVE-2013-0446",
"CVE-2013-0450",
"CVE-2013-1473",
"CVE-2013-1475",
"CVE-2013-1476",
"CVE-2013-1478",
"CVE-2013-1480",
"CVE-2013-1481",
"CVE-2013-1486",
"CVE-2013-1487",
"CVE-2013-1488"
);
script_bugtraq_id(
57686,
57687,
57689,
57691,
57692,
57694,
57696,
57699,
57700,
57702,
57703,
57708,
57709,
57710,
57711,
57712,
57713,
57714,
57715,
57716,
57717,
57718,
57719,
57720,
57724,
57727,
57728,
57729,
57730,
57731,
58029,
58031
);
script_xref(name:"APPLE-SA", value:"APPLE-SA-2013-02-19-1");
script_name(english:"Mac OS X : Java for OS X 2013-001");
script_summary(english:"Checks version of the JavaVM framework");
script_set_attribute(
attribute:"synopsis",
value:
"The remote host has a version of Java that is affected by multiple
vulnerabilities."
);
script_set_attribute(
attribute:"description",
value:
"The remote Mac OS X 10.7 or 10.8 host has a Java runtime that is
missing the Java for OS X 2013-001 update, which updates the Java
version to 1.6.0_41. It is, therefore, affected by several security
vulnerabilities, the most serious of which may allow an untrusted Java
applet to execute arbitrary code with the privileges of the current user
outside the Java sandbox."
);
script_set_attribute(attribute:"see_also", value:"http://www.oracle.com/technetwork/java/javase/releasenotes-136954.html");
script_set_attribute(attribute:"see_also", value:"http://support.apple.com/kb/HT5666");
script_set_attribute(attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2013/Feb/msg00002.html");
script_set_attribute(attribute:"see_also", value:"http://www.securityfocus.com/archive/1/525745/30/0/threaded");
script_set_attribute(
attribute:"solution",
value:
"Apply the Java for OS X 2013-001 update, which includes version
14.6.0 of the JavaVM Framework."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"metasploit_name", value:'Java Applet Driver Manager Privileged toString() Remote Code Execution');
script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2013/02/01");
script_set_attribute(attribute:"patch_publication_date", value:"2013/02/19");
script_set_attribute(attribute:"plugin_publication_date", value:"2013/02/20");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:java_1.6");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"MacOS X Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2013-2023 Tenable Network Security, Inc.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/MacOSX/Version");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("ssh_func.inc");
include("macosx_func.inc");
enable_ssh_wrappers();
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
os = get_kb_item("Host/MacOSX/Version");
if (!os) audit(AUDIT_OS_NOT, "Mac OS X");
if (!ereg(pattern:"Mac OS X 10\.[78]([^0-9]|$)", string:os))
audit(AUDIT_OS_NOT, "Mac OS X 10.7 / 10.8");
cmd = 'ls /System/Library/Java';
results = exec_cmd(cmd:cmd);
if (isnull(results)) exit(1, "Unable to determine if the Java runtime is installed.");
if ('JavaVirtualMachines' >!< results) audit(AUDIT_NOT_INST, "Java for OS X");
plist = "/System/Library/Frameworks/JavaVM.framework/Versions/A/Resources/version.plist";
cmd =
'plutil -convert xml1 -o - \'' + plist + '\' | ' +
'grep -A 1 CFBundleVersion | ' +
'tail -n 1 | ' +
'sed \'s/.*string>\\(.*\\)<\\/string>.*/\\1/g\'';
version = exec_cmd(cmd:cmd);
if (!strlen(version)) exit(1, "Failed to get the version of the JavaVM Framework.");
version = chomp(version);
if (!ereg(pattern:"^[0-9]+\.", string:version)) exit(1, "The JavaVM Framework version does not appear to be numeric ("+version+").");
fixed_version = "14.6.0";
if (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)
{
if (report_verbosity > 0)
{
report =
'\n Framework : JavaVM' +
'\n Installed version : ' + version +
'\n Fixed version : ' + fixed_version + '\n';
security_hole(port:0, extra:report);
}
else security_hole(0);
}
else audit(AUDIT_INST_VER_NOT_VULN, "JavaVM Framework", version);
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3213
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3342
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0351
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0409
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0419
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0423
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0424
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0425
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0426
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0427
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0428
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0429
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0432
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0433
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0434
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0435
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0438
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0440
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0441
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0442
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0443
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0445
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0446
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0450
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1473
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1475
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1476
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1478
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1480
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1481
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1486
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1487
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1488
lists.apple.com/archives/security-announce/2013/Feb/msg00002.html
support.apple.com/kb/HT5666
www.oracle.com/technetwork/java/javase/releasenotes-136954.html
www.securityfocus.com/archive/1/525745/30/0/threaded