Mac OS X Java JRE Plug-in Capability Arbitrary Package Access (Security Update 2005-002)

2005-02-2200:00:00

www.tenable.com

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

6.5

Confidence

Low

EPSS

0.192

Percentile

96.3%

JSON

The remote host is missing Security Update 2005-002. This security update contains a security bugfix for Java 1.4.2.

A vulnerability in the Java Plug-in may allow an untrusted applet to escalate privileges, through JavaScript calling into Java code, including reading and writing files with the privileges of the user running the applet. Releases prior to Java 1.4.2 on Mac OS X are not affected by this vulnerability.

#
# (C) Tenable Network Security, Inc.
#

if ( ! defined_func("bn_random") ) exit(0);

include("compat.inc");

if(description)
{
 script_id(17195);
 script_version("1.17");

 script_cve_id("CVE-2004-1029");
 script_bugtraq_id(11726);

 script_name(english:"Mac OS X Java JRE Plug-in Capability Arbitrary Package Access (Security Update 2005-002)");
 script_summary(english:"Check for Security Update 2005-002");

 script_set_attribute( attribute:"synopsis", value:
"The remote host is missing a Mac OS X update that fixes a security
issue." );
 script_set_attribute( attribute:"description",  value:
"The remote host is missing Security Update 2005-002. This security
update contains a security bugfix for Java 1.4.2.

A vulnerability in the Java Plug-in may allow an untrusted applet to
escalate privileges, through JavaScript calling into Java code,
including reading and writing files with the privileges of the user
running the applet.  Releases prior to Java 1.4.2 on Mac OS X are not
affected by this vulnerability." );
 script_set_attribute(
   attribute:"see_also",
   value:"http://support.apple.com/kb/TA22931"
 );
 script_set_attribute(
   attribute:"solution", 
   value:"Install Security Update 2005-002."
 );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
 script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"true");
 script_cwe_id(264);
 script_set_attribute(attribute:"plugin_publication_date", value: "2005/02/22");
 script_set_attribute(attribute:"vuln_publication_date", value: "2004/11/22");
 script_set_attribute(attribute:"plugin_modification_date", value:"2024/05/28");
 script_set_attribute(attribute:"patch_publication_date", value: "2004/11/22");
 script_set_attribute(attribute:"plugin_type", value:"local");
 script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x:10.2");
 script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x:10.3");
 script_end_attributes();

 script_category(ACT_GATHER_INFO);
 script_family(english:"MacOS X Local Security Checks");

 script_copyright(english:"This script is Copyright (C) 2005-2024 Tenable Network Security, Inc.");

 script_dependencies("ssh_get_info.nasl");
 script_require_keys("Host/MacOSX/packages");
 exit(0);
}


packages = get_kb_item("Host/MacOSX/packages");
if ( ! packages ) exit(0);

uname = get_kb_item("Host/uname");
# MacOS X 10.2.8, 10.3.7 only
if ( egrep(pattern:"Darwin.* (6\.8\.|7\.[78]\.)", string:uname) )
{
  if ( egrep(pattern:"^Java142\.pkg", string:packages) &&
      !egrep(pattern:"^SecUpd(Srvr)?2005-002", string:packages) ) security_warning(0);
	else non_vuln = 1;
}
else if ( egrep(pattern:"Darwin.* (6\.9|[0-9][0-9]\.|7\.(9\.|[0-9][0-9]\.))", string:uname) ) non_vuln = 1;

if ( non_vuln )
{
 set_kb_item(name:"CVE-2004-1029", value:TRUE);
}