iTunes < 8.1 Multiple Vulnerabilities (uncredentialed check)

This script is Copyright (C) 2009-2012 Tenable Network Security, Inc.

Synopsis :

The remote host contains an application that may be affected by
multiple vulerabilites.

Description :

According to its banner, the version of iTunes installed on the remote
host is older than 8.1. Such versions may be affected by multiple
vulnerabilities :

- It may be possible to cause a denial of service by
sending a maliciously crafted DAAP header to the
application. Note that this flaw only affects iTunes
running on a Windows host. (CVE-2009-0016)

- When subscribing to a podcast an authentication dialog
may be presented without clarifying the origin of the
authentication request. An attacker could exploit this
flaw in order to steal the user's iTunes credentials.

See also :

Solution :

Upgrade to iTunes 8.1 or later.

Risk factor :

Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 3.7
Public Exploit Available : false

Family: Peer-To-Peer File Sharing

Nessus Plugin ID: 35914 (itunes_8_1_banner.nasl)

Bugtraq ID: 34094

CVE ID: CVE-2009-0016