MS09-044: Vulnerabilities in Remote Desktop Connection Could Allow Remote Code Execution (Mac OS X)

#TRUSTED 4d428bad214152a43bb39dcf6a9e56ac073fb0714f6e4ab3951f0a7782a2df8c01e2996318f3053cc0e388ee0dbea4b97a0d64b26e8dd8823bb03891c54b8a80d08dc1ed9e82ee3613dff2c2689bbcb2b1db247a75d57eb39b78cf0b4f8e9981aa1efa359ede093f9934d9f4c758a8b0739d50a8e8fe6bf5fd7b67c2138abcb84e384f7b9cb17e9b73ed575434f2175e277284c163946c83afb9d71537a217a480feffc3e0c886ea83cf036e4c92edeca68212b37c5f5027a653badf55f90b79d1b0208543e497e98b18aafdce0c16ce08631b785f2dfb1f1046fd6093ef53ba21cdbf07f1c578773801f1cd4104177ac64b17d8be5a3e71e43ccd8b555525936a08a7126f6e0e6fbd4984b2ed3c7e51e9f02b52de93189ce5e6118323a1383aee1b9c3546b66b9b2398d372d324096fd12761e69317bd1a78f6c332b9d4f5777610cd5effd5cf7bdfd4ae1521fe451a33e067715d1a221ac33b5be4ca8c7315d0a47aa2b8670e2646b39168272da36b65093de893915aef533258e704da97f68bb2f2cdc32798f3342171cb45ea90ba627f2be743a661994f4d6cab56740ea66c9ab3be34d7cba48e2803a906d1c5a6fc39365d6410efae448e2bcfa28012874aada9c26b8c14c5301da9ee6e8eba115cc95647da813f521dd9b4c2d5594ee9653e316efbe9fce88f6c7791093bae5b5b699539ee0ee2241e95cdc069308cc8
#TRUST-RSA-SHA256 3b5e297e79a38b3cdae869c68499ec7e00407f2941826228006e305a43c72db594e5685a37400335f9fb4bf2b2a691c2bdf08bb45b3b18021af27b880eccbf0d4dc6a4448413bef458e4edcb8d58c8112c1be4b1831e25821d2baa39c092a66e8e39839f5d9e878a715c2006c902f6e938178dfd1971ec78f70da05c6cbbc4bdca6219a502ea866cbbb9b1356bceef40102fae14fc8744ec3fbed5946233f8dc4b0da6d13cbb85745aee51c0f562c6c54779ef3ef10ae07294b39fc6a8696a78e46479536f225ba27b49fc2768cde9b1e62239e05f6554fd7e206b769445f90cd46194a79633190d1d689debcc1cad95c6232df272f176983ceec8dd1b49f52a34d458552aeffdc17a690a48184ba2ba2496f4a7177147f1363ff593203143440596d63eaec1c8e055f9cfe96ad3bc0218e2c0e527ce2b6ee430e59fb470cb69f4352031c4060f86d82afba6c165b57f060c72e9ab1783a6bc7292d35688733d8caff3360d49edb1a35ed41535e1568ac602638fff7d6a0607f74bcb70491ffc8977b53e180da93b87fcf9017301bc59badc4dc365e7de824ca3a94f408648fc83d31918313d2225590d17a1a0234bd109b1debc638d9aad6e801f1ef49e31bda2a2b02e45e62b2ba45ee0fc8e708d87230f910e727249f37d4e0db91f64539d309e6ac4573a8dbec2d8e8405e01fde2317191474f7313ec6c939254ab2ff224
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
 script_id(40563);
 script_version("1.24");
 script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/27");

  script_cve_id("CVE-2009-1133", "CVE-2009-1929");
 script_bugtraq_id(35971, 35973);
 script_xref(name:"IAVA", value:"2009-A-0071-S");
 script_xref(name:"MSFT", value:"MS09-044");
 script_xref(name:"MSKB", value:"974283");

 script_name(english:"MS09-044: Vulnerabilities in Remote Desktop Connection Could Allow Remote Code Execution (Mac OS X)");
 script_summary(english:"Check for Remote Desktop Connection for Mac OS X");

 script_set_attribute(attribute:"synopsis", value:
"Arbitrary code can be executed on the remote host through Microsoft
Remote Desktop Connection.");
 script_set_attribute(attribute:"description", value:
"The remote host contains a version of the Remote Desktop client that
contains several vulnerabilities that may allow an attacker to execute
arbitrary code on the remote host.

To exploit these vulnerabilities, an attacker would need to trick a
user of the remote host into connecting to a rogue RDP server.");
  script_set_attribute(attribute:"see_also", value:"http://technet.microsoft.com/en-us/security/bulletin/ms09-044");
 script_set_attribute(attribute:"solution", value:"Microsoft has released a patch for Remote Desktop Client for Mac OS X.");
 script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C");
 script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
 script_set_attribute(attribute:"cvss_score_source", value:"CVE-2009-1929");
 script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"false");
 script_cwe_id(119);

 script_set_attribute(attribute:"patch_publication_date", value:"2009/08/11");
 script_set_attribute(attribute:"plugin_publication_date", value:"2009/08/11");

 script_set_attribute(attribute:"plugin_type", value:"local");
 script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:remote_desktop_client");
 script_set_attribute(attribute:"stig_severity", value:"II");
 script_end_attributes();

 script_category(ACT_GATHER_INFO);
 script_family(english:"MacOS X Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2009-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

 script_dependencies("ssh_get_info.nasl");
 script_require_keys("Host/MacOSX/packages");

 exit(0);
}


include("misc_func.inc");
include("ssh_func.inc");
include("macosx_func.inc");



enable_ssh_wrappers();

uname = get_kb_item("Host/uname");
if ( egrep(pattern:"Darwin.*", string:uname) )
{
  file    = GetBundleVersionCmd(file:"Remote Desktop Connection.app", path:"/Applications");
  file    = ereg_replace(pattern:"version\.plist", replace:"Info.plist", string:file);
  if ( ! islocalhost() )
  {
   ret = ssh_open_connection();
   if ( ! ret ) exit(0);
   buf = ssh_cmd(cmd:file);
   ssh_close_connection();
  }
  else
  {
  buf = pread_wrapper(cmd:"/bin/bash", argv:make_list("bash", "-c", file));
  }

 if ( buf =~ "^2" )
 {
  v = split(buf, sep:'.', keep:FALSE);
  if ( int(v[0]) == 2 && int(v[1]) == 0 && int(v[2]) == 0 )
	security_hole(port:0);
 }
}