Vulnerabilities > CVE-2013-1005 - Resource Management Errors vulnerability in Apple Iphone OS and Itunes

047910
CVSS 9.3 - CRITICAL
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
apple
microsoft
CWE-399
critical
nessus

Summary

WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.

Vulnerable Configurations

Part Description Count
Application
Apple
176
OS
Microsoft
3
OS
Apple
107

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyWindows
    NASL idITUNES_11_0_3.NASL
    descriptionThe version of Apple iTunes installed on the remote Windows host is older than 11.0.3. It therefore is potentially affected by several issues : - An error exists related to certificate validation that could allow disclosure of sensitive information and could allow the application to trust data from untrusted sources. (CVE-2013-1014) - The included version of WebKit contains several errors that could lead to memory corruption and possibly arbitrary code execution. The vendor notes one possible attack vector is a man-in-the-middle attack while the application browses the
    last seen2020-06-01
    modified2020-06-02
    plugin id66498
    published2013-05-17
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/66498
    titleApple iTunes < 11.0.3 Multiple Vulnerabilities (credentialed check)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(66498);
      script_version("1.14");
      script_cvs_date("Date: 2019/11/27");
    
      script_cve_id(
        "CVE-2012-2824",
        "CVE-2012-2857",
        "CVE-2012-3748",
        "CVE-2012-5112",
        "CVE-2013-0879",
        "CVE-2013-0912",
        "CVE-2013-0948",
        "CVE-2013-0949",
        "CVE-2013-0950",
        "CVE-2013-0951",
        "CVE-2013-0952",
        "CVE-2013-0953",
        "CVE-2013-0954",
        "CVE-2013-0955",
        "CVE-2013-0956",
        "CVE-2013-0958",
        "CVE-2013-0959",
        "CVE-2013-0960",
        "CVE-2013-0961",
        "CVE-2013-0991",
        "CVE-2013-0992",
        "CVE-2013-0993",
        "CVE-2013-0994",
        "CVE-2013-0995",
        "CVE-2013-0996",
        "CVE-2013-0997",
        "CVE-2013-0998",
        "CVE-2013-0999",
        "CVE-2013-1000",
        "CVE-2013-1001",
        "CVE-2013-1002",
        "CVE-2013-1003",
        "CVE-2013-1004",
        "CVE-2013-1005",
        "CVE-2013-1006",
        "CVE-2013-1007",
        "CVE-2013-1008",
        "CVE-2013-1010",
        "CVE-2013-1011",
        "CVE-2013-1014"
      );
      script_bugtraq_id(
        54203,
        54749,
        55867,
        56362,
        57576,
        57580,
        57581,
        57582,
        57584,
        57585,
        57586,
        57587,
        57588,
        57589,
        57590,
        58388,
        58495,
        58496,
        59941,
        59944,
        59953,
        59954,
        59955,
        59956,
        59957,
        59958,
        59959,
        59960,
        59963,
        59964,
        59965,
        59967,
        59970,
        59971,
        59972,
        59973,
        59974,
        59976,
        59977
      );
      script_xref(name:"EDB-ID", value:"28081");
    
      script_name(english:"Apple iTunes < 11.0.3 Multiple Vulnerabilities (credentialed check)");
      script_summary(english:"Checks version of iTunes on Windows");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote host contains an application that has multiple
    vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of Apple iTunes installed on the remote Windows host is
    older than 11.0.3.  It therefore is potentially affected by several
    issues :
    
      - An error exists related to certificate validation
        that could allow disclosure of sensitive information
        and could allow the application to trust data from
        untrusted sources. (CVE-2013-1014)
    
      - The included version of WebKit contains several errors
        that could lead to memory corruption and possibly
        arbitrary code execution. The vendor notes one possible
        attack vector is a man-in-the-middle attack while the
        application browses the 'iTunes Store'.
        (CVE-2012-2824, CVE-2012-2857, CVE-2012-3748,
        CVE-2012-5112, CVE-2013-0879, CVE-2013-0912,
        CVE-2013-0948, CVE-2013-0949, CVE-2013-0950,
        CVE-2013-0951, CVE-2013-0952, CVE-2013-0953,
        CVE-2013-0954, CVE-2013-0955, CVE-2013-0956,
        CVE-2013-0958, CVE-2013-0959, CVE-2013-0960,
        CVE-2013-0961, CVE-2013-0991, CVE-2013-0992,
        CVE-2013-0993, CVE-2013-0994, CVE-2013-0995,
        CVE-2013-0996, CVE-2013-0997, CVE-2013-0998,
        CVE-2013-0999, CVE-2013-1000, CVE-2013-1001,
        CVE-2013-1002, CVE-2013-1003, CVE-2013-1004,
        CVE-2013-1005, CVE-2013-1006, CVE-2013-1007,
        CVE-2013-1008, CVE-2013-1010, CVE-2013-1011)");
      script_set_attribute(attribute:"see_also", value:"http://www.zerodayinitiative.com/advisories/ZDI-13-107/");
      script_set_attribute(attribute:"see_also", value:"http://www.zerodayinitiative.com/advisories/ZDI-13-108/");
      script_set_attribute(attribute:"see_also", value:"http://www.zerodayinitiative.com/advisories/ZDI-13-109/");
      script_set_attribute(attribute:"see_also", value:"http://support.apple.com/kb/HT5766");
      script_set_attribute(attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2013/May/msg00000.html");
      script_set_attribute(attribute:"see_also", value:"http://www.securityfocus.com/archive/1/526623/30/0/threaded");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Apple iTunes 11.0.3 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2012-5112");
    
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/05/16");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/05/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/05/17");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:itunes");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("itunes_detect.nasl");
      script_require_keys("SMB/iTunes/Version");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    
    
    version = get_kb_item_or_exit("SMB/iTunes/Version");
    fixed_version = "11.0.3.42";
    path = get_kb_item_or_exit("SMB/iTunes/Path");
    
    if (ver_compare(ver:version, fix:fixed_version) == -1)
    {
      port = get_kb_item("SMB/transport");
      if (!port) port = 445;
    
      if (report_verbosity > 0)
      {
        report =
          '\n  Path              : '+path+
          '\n  Installed version : '+version+
          '\n  Fixed version     : '+fixed_version+'\n';
        security_hole(port:port, extra:report);
      }
      else security_hole(port);
    }
    else audit(AUDIT_INST_PATH_NOT_VULN, "iTunes", version, path);
    
  • NASL familyMisc.
    NASL idAPPLETV_6_0.NASL
    descriptionAccording to its banner, the remote Apple TV 2nd generation or later device is prior to 6.0. It is, therefore, reportedly affected by multiple vulnerabilities, the most serious issues of which could result in arbitrary code execution.
    last seen2020-06-01
    modified2020-06-02
    plugin id70257
    published2013-10-01
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/70257
    titleApple TV < 6.0 Multiple Vulnerabilities
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SAFARI6_0_5.NASL
    descriptionThe version of Apple Safari installed on the remote Mac OS X 10.7 or 10.8 host is earlier than 6.0.5. It is, therefore, potentially affected by several issues : - Multiple memory corruption vulnerabilities exist in WebKit that could lead to unexpected program termination or arbitrary code execution. (CVE-2013-0879 / CVE-2013-0991 / CVE-2013-0992 / CVE-2013-0993 / CVE-2013-0994 / CVE-2013-0995 / CVE-2013-0996 / CVE-2013-0997 / CVE-2013-0998 / CVE-2013-0999 / CVE-2013-1000 / CVE-2013-1001 / CVE-2013-1002 / CVE-2013-1003 / CVE-2013-1004 / CVE-2013-1005 / CVE-2013-1006 / CVE-2013-1007 / CVE-2013-1008 / CVE-2013-1009 / CVE-2013-1010 / CVE-2013-1011 / CVE-2013-1023) - A cross-site scripting issue exists in WebKit
    last seen2020-06-01
    modified2020-06-02
    plugin id66810
    published2013-06-05
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/66810
    titleMac OS X : Apple Safari < 6.0.5 Multiple Vulnerabilities
  • NASL familyPeer-To-Peer File Sharing
    NASL idITUNES_11_0_3_BANNER.NASL
    descriptionThe version of Apple iTunes on the remote host is prior to version 11.0.3. It is, therefore, affected by multiple vulnerabilities : - An error exists related to certificate validation. A man-in-the-middle attacker can exploit this to spoof HTTPS servers, which allows the disclosure of sensitive information or the application to trust data from untrusted sources. Note that this issue affects the application regardless of the operating system. (CVE-2013-1014) - The version of WebKit included in iTunes contains several errors that can lead to memory corruption and arbitrary code execution. The vendor states that one possible vector is a man-in-the-middle attack while the application browses the
    last seen2020-06-01
    modified2020-06-02
    plugin id66499
    published2013-05-17
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/66499
    titleApple iTunes < 11.0.3 Multiple Vulnerabilities (uncredentialed check)

Oval

accepted2015-06-22T04:00:41.890-04:00
classvulnerability
contributors
  • nameShane Shaffer
    organizationG2, Inc.
  • nameShane Shaffer
    organizationG2, Inc.
  • nameBernd Eggenmueller
    organizationbaramundi software
definition_extensions
commentApple iTunes is installed
ovaloval:org.mitre.oval:def:12353
descriptionWebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
familywindows
idoval:org.mitre.oval:def:17601
statusaccepted
submitted2013-07-30T11:32:03.685-04:00
titleWebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1
version7