Detections
Analytics
Mac OS X iChat Link Handling Arbitrary Command Execution (Security Update 2004-09-16)
medium Nessus Plugin ID 14768
Synopsis
The remote host is missing a Mac OS X update that fixes a security issue.Description
The remote host is missing Security Update 2004-09-16.This security update is for iChat. There is a bug in older versions of iChat where an attacker may execute commands on the local system by sending malformed links which will execute local commands to an iChat user on the remote host.
Solution
Install Security Update 2004-09-16.See Also
Plugin Details
Severity: Medium
ID: 14768
File Name: macosx_SecUpd20040916.nasl
Version: 1.15
Type: local
Agent: macosx
Family: MacOS X Local Security Checks
Published: 9/17/2004
Updated: 5/28/2024
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.2
CVSS v2
Risk Factor: Medium
Base Score: 6.8
Temporal Score: 5
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P
Vulnerability Information
CPE: cpe:/o:apple:mac_os_x:10.2, cpe:/o:apple:mac_os_x:10.3
Required KB Items: Host/MacOSX/packages
Exploit Ease: No known exploits are available
Patch Publication Date: 9/16/2004
Vulnerability Publication Date: 9/16/2004
Reference Information
CVE: CVE-2004-0873
BID: 11207