Vulnerabilities > CVE-2010-1824 - USE After Free vulnerability in Google Chrome

047910
CVSS 9.3 - CRITICAL
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
google
apple
CWE-416
critical
nessus

Summary

Use-after-free vulnerability in WebKit, as used in Apple iTunes before 10.2 on Windows, Apple Safari, and Google Chrome before 6.0.472.59, allows remote attackers to execute arbitrary code or cause a denial of service via vectors related to SVG styles, the DOM tree, and error messages.

Vulnerable Configurations

Part Description Count
Application
Google
682
Application
Apple
157

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyWindows
    NASL idGOOGLE_CHROME_6_0_472_59.NASL
    descriptionThe version of Google Chrome installed on the remote host is earlier than 6.0.472.59. Such versions are reportedly affected by multiple vulnerabilities : - A use-after-free error exists when using document APIs during parse. (Issue #50250) - A use-after-free error exists in SVG styles. (Issue #50712) - A use-after-free error exists with nested SVG elements. (Issue #51252) - A race condition exists in console handling. (Issue #51919) - An unlikely browser crash exists in pop-up blocking. (Issue #53176) - A memory corruption error exists in Geolocation. (Issue #53394) - An error exists by failing to prompt for extension history access. (Issue #54006)
    last seen2020-06-01
    modified2020-06-02
    plugin id49237
    published2010-09-15
    reporterThis script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/49237
    titleGoogle Chrome < 6.0.472.59 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(49237);
      script_version("1.16");
      script_cvs_date("Date: 2018/11/15 20:50:27");
    
      script_cve_id(
        "CVE-2010-1823",
        "CVE-2010-1824",
        "CVE-2010-1825",
        "CVE-2010-3412",
        "CVE-2010-3413",
        "CVE-2010-3415",
        "CVE-2010-3417"
      );
      script_bugtraq_id(43228, 46677);
      script_xref(name:"MSVR", value:"MSVR11-001");
    
      script_name(english:"Google Chrome < 6.0.472.59 Multiple Vulnerabilities");
      script_summary(english:"Checks version number of Google Chrome");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote host contains a web browser that is affected by multiple
    vulnerabilities.");
    
      script_set_attribute(attribute:"description", value:
    "The version of Google Chrome installed on the remote host is earlier
    than 6.0.472.59.  Such versions are reportedly affected by multiple
    vulnerabilities :
    
      - A use-after-free error exists when using document APIs
        during parse. (Issue #50250)
    
      - A use-after-free error exists in SVG styles.
       (Issue #50712)
    
      - A use-after-free error exists with nested SVG elements.
       (Issue #51252)
    
      - A race condition exists in console handling.
        (Issue #51919)
    
      - An unlikely browser crash exists in pop-up blocking.
        (Issue #53176)
    
      - A memory corruption error exists in Geolocation.
        (Issue #53394)
    
      - An error exists by failing to prompt for extension
        history access. (Issue #54006)");
    
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?03c00fdf");
      script_set_attribute(attribute:"solution", value:"Upgrade to Google Chrome 6.0.472.59 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2010/09/14");
      script_set_attribute(attribute:"patch_publication_date", value:"2010/09/14");
      script_set_attribute(attribute:"plugin_publication_date", value:"2010/09/15");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
    
      script_set_attribute(attribute:"cpe", value:"cpe:/a:google:chrome");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.");
    
      script_dependencies("google_chrome_installed.nasl");
      script_require_keys("SMB/Google_Chrome/Installed");
    
      exit(0);
    }
    
    include("google_chrome_version.inc");
    
    get_kb_item_or_exit("SMB/Google_Chrome/Installed");
    
    installs = get_kb_list("SMB/Google_Chrome/*");
    google_chrome_check_version(installs:installs, fix:'6.0.472.59', severity:SECURITY_HOLE);
    
  • NASL familyWindows
    NASL idSAFARI_5_0_4.NASL
    descriptionThe version of Safari installed on the remote Windows host is earlier than 5.0.4. It therefore is potentially affected by several issues in the following components : - ImageIO - libxml - WebKit
    last seen2020-06-01
    modified2020-06-02
    plugin id52613
    published2011-03-10
    reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/52613
    titleSafari < 5.0.4 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(52613);
      script_version("1.18");
      script_cvs_date("Date: 2018/07/27 18:38:15");
    
      script_cve_id(
        "CVE-2010-1205",
        "CVE-2010-1824",
        "CVE-2010-2249",
        "CVE-2010-4008",
        "CVE-2010-4494",
        "CVE-2011-0111",
        "CVE-2011-0112",
        "CVE-2011-0113",
        "CVE-2011-0114",
        "CVE-2011-0115",
        "CVE-2011-0116",
        "CVE-2011-0117",
        "CVE-2011-0118",
        "CVE-2011-0119",
        "CVE-2011-0120",
        "CVE-2011-0121",
        "CVE-2011-0122",
        "CVE-2011-0123",
        "CVE-2011-0124",
        "CVE-2011-0125",
        "CVE-2011-0126",
        "CVE-2011-0127",
        "CVE-2011-0128",
        "CVE-2011-0129",
        "CVE-2011-0130",
        "CVE-2011-0131",
        "CVE-2011-0132",
        "CVE-2011-0133",
        "CVE-2011-0134",
        "CVE-2011-0135",
        "CVE-2011-0136",
        "CVE-2011-0137",
        "CVE-2011-0138",
        "CVE-2011-0139",
        "CVE-2011-0140",
        "CVE-2011-0141",
        "CVE-2011-0142",
        "CVE-2011-0143",
        "CVE-2011-0144",
        "CVE-2011-0145",
        "CVE-2011-0146",
        "CVE-2011-0147",
        "CVE-2011-0148",
        "CVE-2011-0149",
        "CVE-2011-0150",
        "CVE-2011-0151",
        "CVE-2011-0152",
        "CVE-2011-0153",
        "CVE-2011-0154",
        "CVE-2011-0155",
        "CVE-2011-0156",
        "CVE-2011-0160",
        "CVE-2011-0161",
        "CVE-2011-0163",
        "CVE-2011-0165",
        "CVE-2011-0166",
        "CVE-2011-0167",
        "CVE-2011-0168",
        "CVE-2011-0169",
        "CVE-2011-0170",
        "CVE-2011-0191",
        "CVE-2011-0192"
      );
      script_bugtraq_id(
        41174,
        44779,
        46657,
        46658,
        46659,
        46677,
        46684,
        46686,
        46687,
        46688,
        46689,
        46690,
        46691,
        46692,
        46693,
        46694,
        46695,
        46696,
        46698,
        46699,
        46700,
        46701,
        46702,
        46704,
        46705,
        46706,
        46707,
        46708,
        46709,
        46710,
        46711,
        46712,
        46713,
        46714,
        46715,
        46716,
        46717,
        46718,
        46719,
        46720,
        46721,
        46722,
        46723,
        46724,
        46725,
        46726,
        46727,
        46728,
        46744,
        46745,
        46746,
        46747,
        46748,
        46749,
        46808,
        46809,
        46811,
        46814,
        46816
      );
    
      script_name(english:"Safari < 5.0.4 Multiple Vulnerabilities");
      script_summary(english:"Checks Safari's version number");
    
      script_set_attribute(
        attribute:"synopsis",
        value:
    "The remote host contains a web browser that is affected by several
    vulnerabilities."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "The version of Safari installed on the remote Windows host is earlier
    than 5.0.4.  It therefore is potentially affected by several issues in
    the following components :
    
      - ImageIO
    
      - libxml
    
      - WebKit"
      );
      script_set_attribute(attribute:"see_also", value:"http://support.apple.com/kb/HT4566");
      script_set_attribute(attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2011/Mar/msg00004.html");
      script_set_attribute(attribute:"solution", value:"Upgrade to Safari 5.0.4 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2010/06/25");
      script_set_attribute(attribute:"patch_publication_date", value:"2011/03/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/03/10");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:safari");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.");
    
      script_dependencies("safari_installed.nasl");
      script_require_keys("SMB/Safari/FileVersion");
    
      exit(0);
    }
    
    
    include("global_settings.inc");
    include("misc_func.inc");
    
    
    version = get_kb_item_or_exit("SMB/Safari/FileVersion");
    
    version_ui = get_kb_item("SMB/Safari/ProductVersion");
    if (isnull(version_ui)) version_ui = version;
    
    if (ver_compare(ver:version, fix:"5.33.20.27") == -1)
    {
      if (report_verbosity > 0)
      {
        path = get_kb_item("SMB/Safari/Path");
        if (isnull(path)) path = "n/a";
    
        report =
          '\n  Path              : ' + path +
          '\n  Installed version : ' + version_ui +
          '\n  Fixed version     : 5.0.4 (7533.20.27)\n';
        security_hole(port:get_kb_item("SMB/transport"), extra:report);
      }
      else security_hole(get_kb_item("SMB/transport"));
    }
    else exit(0, "The remote host is not affected since Safari " + version_ui + " is installed.");
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1195-1.NASL
    descriptionA large number of security issues were discovered in the WebKit browser and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id55967
    published2011-08-24
    reporterUbuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/55967
    titleUbuntu 10.04 LTS / 10.10 : webkit vulnerabilities (USN-1195-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-1195-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(55967);
      script_version("1.12");
      script_cvs_date("Date: 2019/09/19 12:54:27");
    
      script_cve_id("CVE-2010-1824", "CVE-2010-2646", "CVE-2010-2651", "CVE-2010-2900", "CVE-2010-2901", "CVE-2010-3120", "CVE-2010-3254", "CVE-2010-3812", "CVE-2010-3813", "CVE-2010-4040", "CVE-2010-4042", "CVE-2010-4197", "CVE-2010-4198", "CVE-2010-4199", "CVE-2010-4204", "CVE-2010-4206", "CVE-2010-4492", "CVE-2010-4493", "CVE-2010-4577", "CVE-2010-4578", "CVE-2011-0482", "CVE-2011-0778");
      script_bugtraq_id(41976, 44241, 44646, 44954, 44960, 45170, 45390, 45718, 45719, 45720, 45721, 45722, 45788, 46144, 46677);
      script_xref(name:"USN", value:"1195-1");
    
      script_name(english:"Ubuntu 10.04 LTS / 10.10 : webkit vulnerabilities (USN-1195-1)");
      script_summary(english:"Checks dpkg output for updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Ubuntu host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "A large number of security issues were discovered in the WebKit
    browser and JavaScript engines. If a user were tricked into viewing a
    malicious website, a remote attacker could exploit a variety of issues
    related to web browser security, including cross-site scripting
    attacks, denial of service attacks, and arbitrary code execution.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/1195-1/"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected libwebkit-1.0-2 package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libwebkit-1.0-2");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.10");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2010/07/06");
      script_set_attribute(attribute:"patch_publication_date", value:"2011/08/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/08/24");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(10\.04|10\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 10.04 / 10.10", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"10.04", pkgname:"libwebkit-1.0-2", pkgver:"1.2.7-0ubuntu0.10.04.1")) flag++;
    if (ubuntu_check(osver:"10.10", pkgname:"libwebkit-1.0-2", pkgver:"1.2.7-0ubuntu0.10.10.1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libwebkit-1.0-2");
    }
    
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SAFARI5_0_4.NASL
    descriptionThe version of Apple Safari installed on the remote Mac OS X host is earlier than 5.0.4. As such, it is potentially affected by several issues in the following components : - libxml - WebKit
    last seen2020-06-01
    modified2020-06-02
    plugin id52612
    published2011-03-10
    reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/52612
    titleMac OS X : Apple Safari < 5.0.4
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(52612);
      script_version("1.18");
      script_cvs_date("Date: 2018/07/14  1:59:35");
    
      script_cve_id(
        "CVE-2010-1824",
        "CVE-2010-4008",
        "CVE-2010-4494",
        "CVE-2011-0111",
        "CVE-2011-0112",
        "CVE-2011-0113",
        "CVE-2011-0114",
        "CVE-2011-0115",
        "CVE-2011-0116",
        "CVE-2011-0117",
        "CVE-2011-0118",
        "CVE-2011-0119",
        "CVE-2011-0120",
        "CVE-2011-0121",
        "CVE-2011-0122",
        "CVE-2011-0123",
        "CVE-2011-0124",
        "CVE-2011-0125",
        "CVE-2011-0126",
        "CVE-2011-0127",
        "CVE-2011-0128",
        "CVE-2011-0129",
        "CVE-2011-0130",
        "CVE-2011-0131",
        "CVE-2011-0132",
        "CVE-2011-0133",
        "CVE-2011-0134",
        "CVE-2011-0135",
        "CVE-2011-0136",
        "CVE-2011-0137",
        "CVE-2011-0138",
        "CVE-2011-0139",
        "CVE-2011-0140",
        "CVE-2011-0141",
        "CVE-2011-0142",
        "CVE-2011-0143",
        "CVE-2011-0144",
        "CVE-2011-0145",
        "CVE-2011-0146",
        "CVE-2011-0147",
        "CVE-2011-0148",
        "CVE-2011-0149",
        "CVE-2011-0150",
        "CVE-2011-0151",
        "CVE-2011-0152",
        "CVE-2011-0153",
        "CVE-2011-0154",
        "CVE-2011-0155",
        "CVE-2011-0156",
        "CVE-2011-0160",
        "CVE-2011-0161",
        "CVE-2011-0163",
        "CVE-2011-0165",
        "CVE-2011-0166",
        "CVE-2011-0167",
        "CVE-2011-0168",
        "CVE-2011-0169"
      );
      script_bugtraq_id(
        44779,
        46677,
        46684,
        46686,
        46687,
        46688,
        46689,
        46690,
        46691,
        46692,
        46693,
        46694,
        46695,
        46696,
        46698,
        46699,
        46700,
        46701,
        46702,
        46704,
        46705,
        46706,
        46707,
        46708,
        46709,
        46710,
        46711,
        46712,
        46713,
        46714,
        46715,
        46716,
        46717,
        46718,
        46719,
        46720,
        46721,
        46722,
        46723,
        46724,
        46725,
        46726,
        46727,
        46728,
        46744,
        46745,
        46746,
        46747,
        46748,
        46749,
        46808,
        46809,
        46811,
        46814,
        46816
      );
    
      script_name(english:"Mac OS X : Apple Safari < 5.0.4");
      script_summary(english:"Check the Safari SourceVersion");
    
      script_set_attribute(
        attribute:"synopsis",
        value:
    "The remote host contains a web browser that is affected by several
    vulnerabilities."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "The version of Apple Safari installed on the remote Mac OS X host is
    earlier than 5.0.4. As such, it is potentially affected by several
    issues in the following components :
    
      - libxml
    
      - WebKit"
      );
      script_set_attribute(attribute:"see_also", value:"http://support.apple.com/kb/HT4566");
      script_set_attribute(attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2011/Mar/msg00004.html");
      script_set_attribute(attribute:"solution", value:"Upgrade to Apple Safari 5.0.4 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2010/09/14");
      script_set_attribute(attribute:"patch_publication_date", value:"2011/03/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/03/10");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:safari");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"MacOS X Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.");
    
      script_dependencies("macosx_Safari31.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/uname", "Host/MacOSX/Version", "MacOSX/Safari/Installed");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
    os = get_kb_item("Host/MacOSX/Version");
    if (!os) audit(AUDIT_OS_NOT, "Mac OS X");
    
    uname = get_kb_item_or_exit("Host/uname");
    if (!egrep(pattern:"Darwin.* (9\.[0-8]\.|10\.)", string:uname)) audit(AUDIT_OS_NOT, "Mac OS X 10.5 / 10.6");
    
    
    get_kb_item_or_exit("MacOSX/Safari/Installed");
    path = get_kb_item_or_exit("MacOSX/Safari/Path", exit_code:1);
    version = get_kb_item_or_exit("MacOSX/Safari/Version", exit_code:1);
    
    fixed_version = "5.0.4";
    
    if (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)
    {
      if (report_verbosity > 0)
      {
        report =
          '\n  Installed version : ' + version +
          '\n  Fixed version     : ' + fixed_version + '\n';
        security_hole(port:0, extra:report);
      }
      else security_hole(0);
    }
    else audit(AUDIT_INST_VER_NOT_VULN, "Safari", version);
    
  • NASL familyWindows
    NASL idITUNES_10_2.NASL
    descriptionThe version of Apple iTunes installed on the remote Windows host is older than 10.2. As such, it is affected by numerous issues in the following components : - ImageIO - libxml - WebKit
    last seen2020-06-01
    modified2020-06-02
    plugin id52534
    published2011-03-03
    reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/52534
    titleApple iTunes < 10.2 Multiple Vulnerabilities (credentialed check)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(52534);
      script_version("1.21");
      script_cvs_date("Date: 2018/11/15 20:50:27");
    
      script_cve_id(
        "CVE-2010-1205",
        "CVE-2010-1824",
        "CVE-2010-2249",
        "CVE-2010-4008",
        "CVE-2010-4494",
        "CVE-2011-0111",
        "CVE-2011-0112",
        "CVE-2011-0113",
        "CVE-2011-0114",
        "CVE-2011-0115",
        "CVE-2011-0116",
        "CVE-2011-0117",
        "CVE-2011-0118",
        "CVE-2011-0119",
        "CVE-2011-0120",
        "CVE-2011-0121",
        "CVE-2011-0122",
        "CVE-2011-0123",
        "CVE-2011-0124",
        "CVE-2011-0125",
        "CVE-2011-0126",
        "CVE-2011-0127",
        "CVE-2011-0128",
        "CVE-2011-0129",
        "CVE-2011-0130",
        "CVE-2011-0131",
        "CVE-2011-0132",
        "CVE-2011-0133",
        "CVE-2011-0134",
        "CVE-2011-0135",
        "CVE-2011-0136",
        "CVE-2011-0137",
        "CVE-2011-0138",
        "CVE-2011-0139",
        "CVE-2011-0140",
        "CVE-2011-0141",
        "CVE-2011-0142",
        "CVE-2011-0143",
        "CVE-2011-0144",
        "CVE-2011-0145",
        "CVE-2011-0146",
        "CVE-2011-0147",
        "CVE-2011-0148",
        "CVE-2011-0149",
        "CVE-2011-0150",
        "CVE-2011-0151",
        "CVE-2011-0152",
        "CVE-2011-0153",
        "CVE-2011-0154",
        "CVE-2011-0155",
        "CVE-2011-0156",
        "CVE-2011-0164",
        "CVE-2011-0165",
        "CVE-2011-0168",
        "CVE-2011-0170",
        "CVE-2011-0191",
        "CVE-2011-0192"
      );
      script_bugtraq_id(
        41174,
        44779,
        46657,
        46658,
        46659,
        46677,
        46684,
        46686,
        46687,
        46688,
        46689,
        46690,
        46691,
        46692,
        46693,
        46694,
        46695,
        46696,
        46698,
        46699,
        46700,
        46701,
        46702,
        46703,
        46704,
        46705,
        46706,
        46707,
        46708,
        46709,
        46710,
        46711,
        46712,
        46713,
        46714,
        46715,
        46716,
        46717,
        46718,
        46719,
        46720,
        46721,
        46722,
        46723,
        46724,
        46725,
        46726,
        46727,
        46728,
        46744,
        46745,
        46746,
        46747,
        46748,
        46749
      );
    
      script_name(english:"Apple iTunes < 10.2 Multiple Vulnerabilities (credentialed check)");
      script_summary(english:"Checks version of iTunes on Windows");
    
      script_set_attribute(
        attribute:"synopsis",
        value:
    "The remote host contains an application that has multiple
    vulnerabilities."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "The version of Apple iTunes installed on the remote Windows host is
    older than 10.2. As such, it is affected by numerous issues in the
    following components :
    
      - ImageIO
    
      - libxml
    
      - WebKit");
      script_set_attribute(attribute:"see_also", value:"https://support.apple.com/en-us/HT4554");
      script_set_attribute(attribute:"see_also", value:"https://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html");
      script_set_attribute(attribute:"solution", value:"Upgrade to Apple iTunes 10.2 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2010/06/25");
      script_set_attribute(attribute:"patch_publication_date", value:"2011/03/02");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/03/03");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
    
      script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:itunes");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.");
    
      script_dependencies("itunes_detect.nasl");
      script_require_keys("SMB/iTunes/Version");
    
      exit(0);
    }
    
    
    include("global_settings.inc");
    include("misc_func.inc");
    
    
    version = get_kb_item_or_exit("SMB/iTunes/Version");
    fixed_version = "10.2.0.34";
    
    if (ver_compare(ver:version, fix:fixed_version) == -1)
    {
      if (report_verbosity > 0)
      {
        path = get_kb_item("SMB/iTunes/Path");
        if (isnull(path)) path = 'n/a';
    
        report =
          '\n  Path              : '+path+
          '\n  Installed version : '+version+
          '\n  Fixed version     : '+fixed_version+'\n';
        security_hole(port:get_kb_item("SMB/transport"), extra:report);
      }
      else security_hole(get_kb_item("SMB/transport"));
    }
    else exit(0, "The host is not affected since iTunes "+version+" is installed.");
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_2_LIBWEBKIT-110111.NASL
    descriptionVarious bugs in webkit have been fixed. The CVE id
    last seen2020-06-01
    modified2020-06-02
    plugin id53764
    published2011-05-05
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/53764
    titleopenSUSE Security Update : libwebkit (openSUSE-SU-2011:0024-1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update libwebkit-3787.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(53764);
      script_version("1.8");
      script_cvs_date("Date: 2019/10/25 13:36:41");
    
      script_cve_id("CVE-2009-0945", "CVE-2009-1681", "CVE-2009-1684", "CVE-2009-1685", "CVE-2009-1686", "CVE-2009-1687", "CVE-2009-1688", "CVE-2009-1689", "CVE-2009-1690", "CVE-2009-1691", "CVE-2009-1692", "CVE-2009-1693", "CVE-2009-1694", "CVE-2009-1695", "CVE-2009-1696", "CVE-2009-1697", "CVE-2009-1698", "CVE-2009-1699", "CVE-2009-1700", "CVE-2009-1701", "CVE-2009-1702", "CVE-2009-1703", "CVE-2009-1709", "CVE-2009-1710", "CVE-2009-1711", "CVE-2009-1712", "CVE-2009-1713", "CVE-2009-1714", "CVE-2009-1715", "CVE-2009-1718", "CVE-2009-1724", "CVE-2009-1725", "CVE-2009-2195", "CVE-2009-2199", "CVE-2009-2200", "CVE-2009-2419", "CVE-2009-2797", "CVE-2009-2816", "CVE-2009-2841", "CVE-2009-3272", "CVE-2009-3384", "CVE-2009-3933", "CVE-2009-3934", "CVE-2010-0046", "CVE-2010-0047", "CVE-2010-0048", "CVE-2010-0049", "CVE-2010-0050", "CVE-2010-0051", "CVE-2010-0052", "CVE-2010-0053", "CVE-2010-0054", "CVE-2010-0315", "CVE-2010-0647", "CVE-2010-0650", "CVE-2010-0651", "CVE-2010-0656", "CVE-2010-0659", "CVE-2010-0661", "CVE-2010-1029", "CVE-2010-1126", "CVE-2010-1233", "CVE-2010-1236", "CVE-2010-1386", "CVE-2010-1387", "CVE-2010-1388", "CVE-2010-1389", "CVE-2010-1390", "CVE-2010-1391", "CVE-2010-1392", "CVE-2010-1393", "CVE-2010-1394", "CVE-2010-1395", "CVE-2010-1396", "CVE-2010-1397", "CVE-2010-1398", "CVE-2010-1399", "CVE-2010-1400", "CVE-2010-1401", "CVE-2010-1402", "CVE-2010-1403", "CVE-2010-1404", "CVE-2010-1405", "CVE-2010-1406", "CVE-2010-1407", "CVE-2010-1408", "CVE-2010-1409", "CVE-2010-1410", "CVE-2010-1412", "CVE-2010-1413", "CVE-2010-1414", "CVE-2010-1415", "CVE-2010-1416", "CVE-2010-1417", "CVE-2010-1418", "CVE-2010-1419", "CVE-2010-1421", "CVE-2010-1422", "CVE-2010-1729", "CVE-2010-1749", "CVE-2010-1757", "CVE-2010-1758", "CVE-2010-1759", "CVE-2010-1760", "CVE-2010-1761", "CVE-2010-1762", "CVE-2010-1763", "CVE-2010-1764", "CVE-2010-1766", "CVE-2010-1767", "CVE-2010-1769", "CVE-2010-1770", "CVE-2010-1771", "CVE-2010-1772", "CVE-2010-1773", "CVE-2010-1774", "CVE-2010-1780", "CVE-2010-1781", "CVE-2010-1782", "CVE-2010-1783", "CVE-2010-1784", "CVE-2010-1785", "CVE-2010-1786", "CVE-2010-1787", "CVE-2010-1788", "CVE-2010-1789", "CVE-2010-1790", "CVE-2010-1791", "CVE-2010-1792", "CVE-2010-1793", "CVE-2010-1807", "CVE-2010-1812", "CVE-2010-1813", "CVE-2010-1814", "CVE-2010-1815", "CVE-2010-1822", "CVE-2010-1823", "CVE-2010-1824", "CVE-2010-1825", "CVE-2010-2264", "CVE-2010-2295", "CVE-2010-2297", "CVE-2010-2300", "CVE-2010-2301", "CVE-2010-2302", "CVE-2010-2441", "CVE-2010-3116", "CVE-2010-3257", "CVE-2010-3259", "CVE-2010-3312", "CVE-2010-3803", "CVE-2010-3804", "CVE-2010-3805", "CVE-2010-3808", "CVE-2010-3809", "CVE-2010-3810", "CVE-2010-3811", "CVE-2010-3812", "CVE-2010-3813", "CVE-2010-3816", "CVE-2010-3817", "CVE-2010-3818", "CVE-2010-3819", "CVE-2010-3820", "CVE-2010-3821", "CVE-2010-3822", "CVE-2010-3823", "CVE-2010-3824", "CVE-2010-3826", "CVE-2010-3829", "CVE-2010-3900");
    
      script_name(english:"openSUSE Security Update : libwebkit (openSUSE-SU-2011:0024-1)");
      script_summary(english:"Check for the libwebkit-3787 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Various bugs in webkit have been fixed. The CVE id's are :
    
    CVE-2009-0945, CVE-2009-1681, CVE-2009-1684, CVE-2009-1685,
    CVE-2009-1686, CVE-2009-1687, CVE-2009-1688, CVE-2009-1689,
    CVE-2009-1691, CVE-2009-1690, CVE-2009-1692, CVE-2009-1693,
    CVE-2009-1694, CVE-2009-1695, CVE-2009-1696, CVE-2009-1697,
    CVE-2009-1698, CVE-2009-1699, CVE-2009-1700, CVE-2009-1701,
    CVE-2009-1702, CVE-2009-1703, CVE-2009-1709, CVE-2009-1710,
    CVE-2009-1711, CVE-2009-1712, CVE-2009-1713, CVE-2009-1714,
    CVE-2009-1715, CVE-2009-1718, CVE-2009-1724, CVE-2009-1725,
    CVE-2009-2195, CVE-2009-2199, CVE-2009-2200, CVE-2009-2419,
    CVE-2009-2797, CVE-2009-2816, CVE-2009-2841, CVE-2009-3272,
    CVE-2009-3384, CVE-2009-3933, CVE-2009-3934, CVE-2010-0046,
    CVE-2010-0047, CVE-2010-0048, CVE-2010-0049, CVE-2010-0050,
    CVE-2010-0052, CVE-2010-0053, CVE-2010-0054, CVE-2010-0315,
    CVE-2010-0647, CVE-2010-0051, CVE-2010-0650, CVE-2010-0651,
    CVE-2010-0656, CVE-2010-0659, CVE-2010-0661, CVE-2010-1029,
    CVE-2010-1126, CVE-2010-1233, CVE-2010-1236, CVE-2010-1386,
    CVE-2010-1387, CVE-2010-1388, CVE-2010-1389, CVE-2010-1390,
    CVE-2010-1391, CVE-2010-1392, CVE-2010-1393, CVE-2010-1394,
    CVE-2010-1395, CVE-2010-1396, CVE-2010-1397, CVE-2010-1398,
    CVE-2010-1399, CVE-2010-1400, CVE-2010-1401, CVE-2010-1402,
    CVE-2010-1403, CVE-2010-1404, CVE-2010-1405, CVE-2010-1406,
    CVE-2010-1407, CVE-2010-1408, CVE-2010-1409, CVE-2010-1410,
    CVE-2010-1412, CVE-2010-1413, CVE-2010-1414, CVE-2010-1415,
    CVE-2010-1416, CVE-2010-1417, CVE-2010-1418, CVE-2010-1419,
    CVE-2010-1421, CVE-2010-1422, CVE-2010-1729, CVE-2010-1749,
    CVE-2010-1757, CVE-2010-1758, CVE-2010-1759, CVE-2010-1760,
    CVE-2010-1761, CVE-2010-1762, CVE-2010-1763, CVE-2010-1764,
    CVE-2010-1766, CVE-2010-1767, CVE-2010-1769, CVE-2010-1770,
    CVE-2010-1771, CVE-2010-1772, CVE-2010-1773, CVE-2010-1774,
    CVE-2010-1780, CVE-2010-1781, CVE-2010-1782, CVE-2010-1783,
    CVE-2010-1784, CVE-2010-1785, CVE-2010-1786, CVE-2010-1787,
    CVE-2010-1788, CVE-2010-1789, CVE-2010-1790, CVE-2010-1791,
    CVE-2010-1792, CVE-2010-1793, CVE-2010-1807, CVE-2010-1812,
    CVE-2010-1813, CVE-2010-1814, CVE-2010-1815, CVE-2010-1822,
    CVE-2010-1823, CVE-2010-1824, CVE-2010-1825, CVE-2010-2264,
    CVE-2010-2295, CVE-2010-2297, CVE-2010-2300, CVE-2010-2301,
    CVE-2010-2302, CVE-2010-2441, CVE-2010-3116, CVE-2010-3257,
    CVE-2010-3259, CVE-2010-3312, CVE-2010-3803, CVE-2010-3804,
    CVE-2010-3805, CVE-2010-3808, CVE-2010-3809, CVE-2010-3810,
    CVE-2010-3811, CVE-2010-3812, CVE-2010-3813, CVE-2010-3816,
    CVE-2010-3817, CVE-2010-3818, CVE-2010-3819, CVE-2010-3820,
    CVE-2010-3821, CVE-2010-3822, CVE-2010-3823, CVE-2010-3824,
    CVE-2010-3826, CVE-2010-3829, CVE-2010-3900, CVE-2010-4040"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=601349"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.opensuse.org/opensuse-updates/2011-01/msg00013.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected libwebkit packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
      script_cwe_id(20, 79, 94, 119, 189, 200, 264, 310, 352, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libwebkit-1_0-2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libwebkit-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libwebkit-lang");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:webkit-jsc");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.2");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2011/01/11");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/05/05");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE11\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.2", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE11.2", reference:"libwebkit-1_0-2-1.2.6-0.5.1") ) flag++;
    if ( rpm_check(release:"SUSE11.2", reference:"libwebkit-devel-1.2.6-0.5.1") ) flag++;
    if ( rpm_check(release:"SUSE11.2", reference:"libwebkit-lang-1.2.6-0.5.1") ) flag++;
    if ( rpm_check(release:"SUSE11.2", reference:"webkit-jsc-1.2.6-0.5.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libwebkit-1_0-2 / libwebkit-devel / libwebkit-lang / webkit-jsc");
    }
    
  • NASL familyPeer-To-Peer File Sharing
    NASL idITUNES_10_2_BANNER.NASL
    descriptionThe version of Apple iTunes on the remote host is prior to version 10.2. It is, therefore, affected by multiple vulnerabilities in the WebKit, ImageIO, and libxml components. Note that these only affect iTunes for Windows.
    last seen2020-06-01
    modified2020-06-02
    plugin id52535
    published2011-03-03
    reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/52535
    titleApple iTunes < 10.2 Multiple Vulnerabilities (uncredentialed check)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(52535);
      script_version("1.22");
      script_cvs_date("Date: 2018/11/15 20:50:24");
    
      script_cve_id(
        "CVE-2010-1205",
        "CVE-2010-1824",
        "CVE-2010-2249",
        "CVE-2010-4008",
        "CVE-2010-4494",
        "CVE-2011-0111",
        "CVE-2011-0112",
        "CVE-2011-0113",
        "CVE-2011-0114",
        "CVE-2011-0115",
        "CVE-2011-0116",
        "CVE-2011-0117",
        "CVE-2011-0118",
        "CVE-2011-0119",
        "CVE-2011-0120",
        "CVE-2011-0121",
        "CVE-2011-0122",
        "CVE-2011-0123",
        "CVE-2011-0124",
        "CVE-2011-0125",
        "CVE-2011-0126",
        "CVE-2011-0127",
        "CVE-2011-0128",
        "CVE-2011-0129",
        "CVE-2011-0130",
        "CVE-2011-0131",
        "CVE-2011-0132",
        "CVE-2011-0133",
        "CVE-2011-0134",
        "CVE-2011-0135",
        "CVE-2011-0136",
        "CVE-2011-0137",
        "CVE-2011-0138",
        "CVE-2011-0139",
        "CVE-2011-0140",
        "CVE-2011-0141",
        "CVE-2011-0142",
        "CVE-2011-0143",
        "CVE-2011-0144",
        "CVE-2011-0145",
        "CVE-2011-0146",
        "CVE-2011-0147",
        "CVE-2011-0148",
        "CVE-2011-0149",
        "CVE-2011-0150",
        "CVE-2011-0151",
        "CVE-2011-0152",
        "CVE-2011-0153",
        "CVE-2011-0154",
        "CVE-2011-0155",
        "CVE-2011-0156",
        "CVE-2011-0164",
        "CVE-2011-0165",
        "CVE-2011-0168",
        "CVE-2011-0170",
        "CVE-2011-0191",
        "CVE-2011-0192"
      );
      script_bugtraq_id(
        41174,
        44779,
        46657,
        46658,
        46659,
        46677,
        46684,
        46686,
        46687,
        46688,
        46689,
        46690,
        46691,
        46692,
        46693,
        46694,
        46695,
        46696,
        46698,
        46699,
        46700,
        46701,
        46702,
        46703,
        46704,
        46705,
        46706,
        46707,
        46708,
        46709,
        46710,
        46711,
        46712,
        46713,
        46714,
        46715,
        46716,
        46717,
        46718,
        46719,
        46720,
        46721,
        46722,
        46723,
        46724,
        46725,
        46726,
        46727,
        46728,
        46744,
        46745,
        46746,
        46747,
        46748,
        46749
      );
    
      script_name(english:"Apple iTunes < 10.2 Multiple Vulnerabilities (uncredentialed check)");
      script_summary(english:"Checks the version of iTunes.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote host contains a multimedia application that has multiple
    vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of Apple iTunes on the remote host is prior to version
    10.2. It is, therefore, affected by multiple vulnerabilities in the
    WebKit, ImageIO, and libxml components. Note that these only affect
    iTunes for Windows.");
      script_set_attribute(attribute:"see_also", value:"https://support.apple.com/en-us/HT4554");
      script_set_attribute(attribute:"see_also", value:"https://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html");
      script_set_attribute(attribute:"solution", value:"Upgrade to Apple iTunes 10.2 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2010/06/25");
      script_set_attribute(attribute:"patch_publication_date", value:"2011/03/02");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/03/03");
    
      script_set_attribute(attribute:"plugin_type", value:"remote");
    
      script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:itunes");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
    
      script_family(english:"Peer-To-Peer File Sharing");
    
      script_copyright(english:"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.");
    
      script_dependencies("itunes_sharing.nasl");
      script_require_keys("iTunes/sharing");
      script_require_ports("Services/www", 3689);
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("http.inc");
    
    port = get_http_port(default:3689, embedded:TRUE, ignore_broken:TRUE);
    
    get_kb_item_or_exit("iTunes/" + port + "/enabled");
    
    type = get_kb_item_or_exit("iTunes/" + port + "/type");
    source = get_kb_item_or_exit("iTunes/" + port + "/source");
    version = get_kb_item_or_exit("iTunes/" + port + "/version");
    
    if (type != 'Windows') audit(AUDIT_OS_NOT, "Windows");
    
    fixed_version = "10.2";
    
    if (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)
    {
      if (report_verbosity > 0)
      {
        report = '\n  Version source    : ' + source +
                 '\n  Installed version : ' + version +
                 '\n  Fixed version     : ' + fixed_version + '\n';
        security_hole(port:port, extra:report);
      }
      else security_hole(port);
    }
    else audit(AUDIT_LISTEN_NOT_VULN, "iTunes", port, version);
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_3_LIBWEBKIT-110104.NASL
    descriptionVarious bugs in webkit have been fixed. The CVE id
    last seen2020-06-01
    modified2020-06-02
    plugin id75629
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75629
    titleopenSUSE Security Update : libwebkit (openSUSE-SU-2011:0024-1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update libwebkit-3787.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(75629);
      script_version("1.5");
      script_cvs_date("Date: 2019/10/25 13:36:41");
    
      script_cve_id("CVE-2009-0945", "CVE-2009-1681", "CVE-2009-1684", "CVE-2009-1685", "CVE-2009-1686", "CVE-2009-1687", "CVE-2009-1688", "CVE-2009-1689", "CVE-2009-1690", "CVE-2009-1691", "CVE-2009-1692", "CVE-2009-1693", "CVE-2009-1694", "CVE-2009-1695", "CVE-2009-1696", "CVE-2009-1697", "CVE-2009-1698", "CVE-2009-1699", "CVE-2009-1700", "CVE-2009-1701", "CVE-2009-1702", "CVE-2009-1703", "CVE-2009-1709", "CVE-2009-1710", "CVE-2009-1711", "CVE-2009-1712", "CVE-2009-1713", "CVE-2009-1714", "CVE-2009-1715", "CVE-2009-1718", "CVE-2009-1724", "CVE-2009-1725", "CVE-2009-2195", "CVE-2009-2199", "CVE-2009-2200", "CVE-2009-2419", "CVE-2009-2797", "CVE-2009-2816", "CVE-2009-2841", "CVE-2009-3272", "CVE-2009-3384", "CVE-2009-3933", "CVE-2009-3934", "CVE-2010-0046", "CVE-2010-0047", "CVE-2010-0048", "CVE-2010-0049", "CVE-2010-0050", "CVE-2010-0051", "CVE-2010-0052", "CVE-2010-0053", "CVE-2010-0054", "CVE-2010-0315", "CVE-2010-0647", "CVE-2010-0650", "CVE-2010-0651", "CVE-2010-0656", "CVE-2010-0659", "CVE-2010-0661", "CVE-2010-1029", "CVE-2010-1126", "CVE-2010-1233", "CVE-2010-1236", "CVE-2010-1386", "CVE-2010-1387", "CVE-2010-1388", "CVE-2010-1389", "CVE-2010-1390", "CVE-2010-1391", "CVE-2010-1392", "CVE-2010-1393", "CVE-2010-1394", "CVE-2010-1395", "CVE-2010-1396", "CVE-2010-1397", "CVE-2010-1398", "CVE-2010-1399", "CVE-2010-1400", "CVE-2010-1401", "CVE-2010-1402", "CVE-2010-1403", "CVE-2010-1404", "CVE-2010-1405", "CVE-2010-1406", "CVE-2010-1407", "CVE-2010-1408", "CVE-2010-1409", "CVE-2010-1410", "CVE-2010-1412", "CVE-2010-1413", "CVE-2010-1414", "CVE-2010-1415", "CVE-2010-1416", "CVE-2010-1417", "CVE-2010-1418", "CVE-2010-1419", "CVE-2010-1421", "CVE-2010-1422", "CVE-2010-1729", "CVE-2010-1749", "CVE-2010-1757", "CVE-2010-1758", "CVE-2010-1759", "CVE-2010-1760", "CVE-2010-1761", "CVE-2010-1762", "CVE-2010-1763", "CVE-2010-1764", "CVE-2010-1766", "CVE-2010-1767", "CVE-2010-1769", "CVE-2010-1770", "CVE-2010-1771", "CVE-2010-1772", "CVE-2010-1773", "CVE-2010-1774", "CVE-2010-1780", "CVE-2010-1781", "CVE-2010-1782", "CVE-2010-1783", "CVE-2010-1784", "CVE-2010-1785", "CVE-2010-1786", "CVE-2010-1787", "CVE-2010-1788", "CVE-2010-1789", "CVE-2010-1790", "CVE-2010-1791", "CVE-2010-1792", "CVE-2010-1793", "CVE-2010-1807", "CVE-2010-1812", "CVE-2010-1813", "CVE-2010-1814", "CVE-2010-1815", "CVE-2010-1822", "CVE-2010-1823", "CVE-2010-1824", "CVE-2010-1825", "CVE-2010-2264", "CVE-2010-2295", "CVE-2010-2297", "CVE-2010-2300", "CVE-2010-2301", "CVE-2010-2302", "CVE-2010-2441", "CVE-2010-3116", "CVE-2010-3257", "CVE-2010-3259", "CVE-2010-3312", "CVE-2010-3803", "CVE-2010-3804", "CVE-2010-3805", "CVE-2010-3808", "CVE-2010-3809", "CVE-2010-3810", "CVE-2010-3811", "CVE-2010-3812", "CVE-2010-3813", "CVE-2010-3816", "CVE-2010-3817", "CVE-2010-3818", "CVE-2010-3819", "CVE-2010-3820", "CVE-2010-3821", "CVE-2010-3822", "CVE-2010-3823", "CVE-2010-3824", "CVE-2010-3826", "CVE-2010-3829", "CVE-2010-3900");
    
      script_name(english:"openSUSE Security Update : libwebkit (openSUSE-SU-2011:0024-1)");
      script_summary(english:"Check for the libwebkit-3787 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Various bugs in webkit have been fixed. The CVE id's are :
    
    CVE-2009-0945, CVE-2009-1681, CVE-2009-1684, CVE-2009-1685,
    CVE-2009-1686, CVE-2009-1687, CVE-2009-1688, CVE-2009-1689,
    CVE-2009-1691, CVE-2009-1690, CVE-2009-1692, CVE-2009-1693,
    CVE-2009-1694, CVE-2009-1695, CVE-2009-1696, CVE-2009-1697,
    CVE-2009-1698, CVE-2009-1699, CVE-2009-1700, CVE-2009-1701,
    CVE-2009-1702, CVE-2009-1703, CVE-2009-1709, CVE-2009-1710,
    CVE-2009-1711, CVE-2009-1712, CVE-2009-1713, CVE-2009-1714,
    CVE-2009-1715, CVE-2009-1718, CVE-2009-1724, CVE-2009-1725,
    CVE-2009-2195, CVE-2009-2199, CVE-2009-2200, CVE-2009-2419,
    CVE-2009-2797, CVE-2009-2816, CVE-2009-2841, CVE-2009-3272,
    CVE-2009-3384, CVE-2009-3933, CVE-2009-3934, CVE-2010-0046,
    CVE-2010-0047, CVE-2010-0048, CVE-2010-0049, CVE-2010-0050,
    CVE-2010-0052, CVE-2010-0053, CVE-2010-0054, CVE-2010-0315,
    CVE-2010-0647, CVE-2010-0051, CVE-2010-0650, CVE-2010-0651,
    CVE-2010-0656, CVE-2010-0659, CVE-2010-0661, CVE-2010-1029,
    CVE-2010-1126, CVE-2010-1233, CVE-2010-1236, CVE-2010-1386,
    CVE-2010-1387, CVE-2010-1388, CVE-2010-1389, CVE-2010-1390,
    CVE-2010-1391, CVE-2010-1392, CVE-2010-1393, CVE-2010-1394,
    CVE-2010-1395, CVE-2010-1396, CVE-2010-1397, CVE-2010-1398,
    CVE-2010-1399, CVE-2010-1400, CVE-2010-1401, CVE-2010-1402,
    CVE-2010-1403, CVE-2010-1404, CVE-2010-1405, CVE-2010-1406,
    CVE-2010-1407, CVE-2010-1408, CVE-2010-1409, CVE-2010-1410,
    CVE-2010-1412, CVE-2010-1413, CVE-2010-1414, CVE-2010-1415,
    CVE-2010-1416, CVE-2010-1417, CVE-2010-1418, CVE-2010-1419,
    CVE-2010-1421, CVE-2010-1422, CVE-2010-1729, CVE-2010-1749,
    CVE-2010-1757, CVE-2010-1758, CVE-2010-1759, CVE-2010-1760,
    CVE-2010-1761, CVE-2010-1762, CVE-2010-1763, CVE-2010-1764,
    CVE-2010-1766, CVE-2010-1767, CVE-2010-1769, CVE-2010-1770,
    CVE-2010-1771, CVE-2010-1772, CVE-2010-1773, CVE-2010-1774,
    CVE-2010-1780, CVE-2010-1781, CVE-2010-1782, CVE-2010-1783,
    CVE-2010-1784, CVE-2010-1785, CVE-2010-1786, CVE-2010-1787,
    CVE-2010-1788, CVE-2010-1789, CVE-2010-1790, CVE-2010-1791,
    CVE-2010-1792, CVE-2010-1793, CVE-2010-1807, CVE-2010-1812,
    CVE-2010-1813, CVE-2010-1814, CVE-2010-1815, CVE-2010-1822,
    CVE-2010-1823, CVE-2010-1824, CVE-2010-1825, CVE-2010-2264,
    CVE-2010-2295, CVE-2010-2297, CVE-2010-2300, CVE-2010-2301,
    CVE-2010-2302, CVE-2010-2441, CVE-2010-3116, CVE-2010-3257,
    CVE-2010-3259, CVE-2010-3312, CVE-2010-3803, CVE-2010-3804,
    CVE-2010-3805, CVE-2010-3808, CVE-2010-3809, CVE-2010-3810,
    CVE-2010-3811, CVE-2010-3812, CVE-2010-3813, CVE-2010-3816,
    CVE-2010-3817, CVE-2010-3818, CVE-2010-3819, CVE-2010-3820,
    CVE-2010-3821, CVE-2010-3822, CVE-2010-3823, CVE-2010-3824,
    CVE-2010-3826, CVE-2010-3829, CVE-2010-3900, CVE-2010-4040"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=601349"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.opensuse.org/opensuse-updates/2011-01/msg00013.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected libwebkit packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
      script_cwe_id(20, 79, 94, 119, 189, 200, 264, 310, 352, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libwebkit-1_0-2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libwebkit-1_0-2-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libwebkit-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libwebkit-lang");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:webkit-jsc");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.3");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2011/01/04");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE11\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.3", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE11.3", reference:"libwebkit-1_0-2-1.2.6-0.2.1") ) flag++;
    if ( rpm_check(release:"SUSE11.3", reference:"libwebkit-devel-1.2.6-0.2.1") ) flag++;
    if ( rpm_check(release:"SUSE11.3", reference:"libwebkit-lang-1.2.6-0.2.1") ) flag++;
    if ( rpm_check(release:"SUSE11.3", reference:"webkit-jsc-1.2.6-0.2.1") ) flag++;
    if ( rpm_check(release:"SUSE11.3", cpu:"x86_64", reference:"libwebkit-1_0-2-32bit-1.2.6-0.2.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libwebkit-1_0-2 / libwebkit-1_0-2-32bit / libwebkit-devel / etc");
    }
    

Oval

accepted2013-08-12T04:10:04.260-04:00
classvulnerability
contributors
  • nameSecPod Team
    organizationSecPod Technologies
  • nameShane Shaffer
    organizationG2, Inc.
  • nameShane Shaffer
    organizationG2, Inc.
  • nameShane Shaffer
    organizationG2, Inc.
  • nameShane Shaffer
    organizationG2, Inc.
  • nameMaria Kedovskaya
    organizationALTX-SOFT
definition_extensions
commentGoogle Chrome is installed
ovaloval:org.mitre.oval:def:11914
descriptionUse-after-free vulnerability in WebKit, as used in Apple iTunes before 10.2 on Windows, Apple Safari, and Google Chrome before 6.0.472.59, allows remote attackers to execute arbitrary code or cause a denial of service via vectors related to SVG styles, the DOM tree, and error messages.
familywindows
idoval:org.mitre.oval:def:7151
statusaccepted
submitted2010-09-30T08:37:08
titleVulnerability in WebKit used in Google Chrome version less than 6.0.472.59 via vectors related to SVG styles
version52