Vulnerabilities > CVE-2012-0681 - Cryptographic Issues vulnerability in Apple Remote Desktop 3.5.2/3.5.3/3.6.0

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
apple
CWE-310
nessus
NVD
Published: 2012-08-22
Updated: 2013-04-02

Summary

Apple Remote Desktop before 3.6.1 does not recognize the "Encrypt all network data" setting during connections to third-party VNC servers, which allows remote attackers to obtain cleartext VNC session content by sniffing the network.

Vulnerable Configurations

Part Description Count
Application
Apple
3

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

Nessus

NASL familyMacOS X Local Security Checks
NASL idMACOSX_REMOTE_DESKTOP_3_6_1.NASL
descriptionAccording to its version, the Admin component in the Apple Remote Desktop install on the remote host reportedly fails to encrypt data and does not issue a warning when connecting to a third-party VNC server with
last seen2020-06-01
modified2020-06-02
plugin id61621
published2012-08-22
reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/61621
titleApple Remote Desktop < 3.5.3 / 3.6.1 Information Disclosure (Mac OS X)
code
#
# (C) Tenable Network Security, Inc.
#


include("compat.inc");


if (description)
{
  script_id(61621);
  script_version("1.4");
  script_cvs_date("Date: 2018/07/14  1:59:36");

  script_cve_id("CVE-2012-0681");
  script_bugtraq_id(55100);

  script_name(english:"Apple Remote Desktop < 3.5.3 / 3.6.1 Information Disclosure (Mac OS X)");
  script_summary(english:"Reads version from Info.plist");

  script_set_attribute(
    attribute:"synopsis",
    value:
"The Mac OS X host has a remote management tool that is affected by an
information disclosure vulnerability."
  );
  script_set_attribute(
    attribute:"description",
    value:
"According to its version, the Admin component in the Apple Remote
Desktop install on the remote host reportedly fails to encrypt data 
and does not issue a warning when connecting to a third-party VNC 
server with 'Encrypt all network data' set.  This could lead to 
information disclosure."
  );
  script_set_attribute(attribute:"see_also", value:"http://support.apple.com/kb/HT5433");
  script_set_attribute(attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2012/Aug/msg00000.html");
  script_set_attribute(attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2012/Sep/msg00002.html");
  script_set_attribute(attribute:"solution", value:"Upgrade to Apple Remote Desktop 3.5.3 / 3.6.1 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2012/08/20");
  script_set_attribute(attribute:"patch_publication_date", value:"2012/08/20");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/22");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:apple_remote_desktop");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"MacOS X Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.");

  script_dependencies("macosx_remote_desktop_admin_installed.nasl");
  script_require_keys("MacOSX/Remote_Desktop_Admin/Installed");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");

kb_base = "MacOSX/Remote_Desktop_Admin";
get_kb_item_or_exit(kb_base+"/Installed");
path = get_kb_item_or_exit(kb_base+"/Path", exit_code:1);
version = get_kb_item_or_exit(kb_base+"/Version", exit_code:1);

# nb: "This issue does not affect Apple Remote Desktop 3.5.1 and earlier."
if (
  ereg(pattern:"^3\.5\.2($|[^0-9])", string:version) ||
  ereg(pattern:"^3\.6(\.0)?($|[^0-9.])", string:version)
)
{
  if (report_verbosity > 0)
  {
    report = 
      '\n  Path              : ' + path +
      '\n  Installed version : ' + version + 
      '\n  Fixed version     : 3.5.3 / 3.6.1' +
      '\n';
    security_warning(port:0, extra:report);
  }
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_INST_PATH_NOT_VULN, "Apple Remote Desktop", version, path);

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 55100 CVE ID: CVE-2012-0681 Apple Remote Desktop 是管理你网络上的Mac 电脑的最佳方式。 Apple Remote Desktop 3.5.2-3.6中,连接到第三方VNC服务器并设置了“Encrypt all network data”时,数据在未加密的方式下传送,而没有警告,远程攻击者可利用此漏洞获取敏感信息。 0 Apple Remote Desktop 3.x 厂商补丁: Apple ----- Apple已经为此发布了一个安全公告(HT5433)以及相应补丁: HT5433:About the security content of Apple Remote Desktop 3.6.1 链接:http://support.apple.com/kb/HT5433
idSSV:60342
last seen2017-11-19
modified2012-08-23
published2012-08-23
reporterRoot
titleApple Remote Desktop信息泄露漏洞

References