iCal < 1.5.4

medium Nessus Plugin ID 15786

Synopsis

The remote host is missing a Mac OS X update that fixes a security issue.

Description

The remote host is running a version of iCal which is older than version 1.5.4. Such versions have an arbitrary command execution vulnerability. A remote attacker could exploit this by tricking a user into opening or importing a new iCal calendar.

Solution

Upgrade to iCal 1.5.4 or later.

See Also

http://www.nessus.org/u?bd087f47

Plugin Details

Severity: Medium

ID: 15786

File Name: macosx_ical154.nasl

Version: 1.21

Type: local

Agent: macosx

Published: 11/22/2004

Updated: 7/24/2024

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.3

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2004-1021

Vulnerability Information

Required KB Items: Host/MacOSX/packages

Exploit Ease: No known exploits are available

Patch Publication Date: 11/22/2004

Vulnerability Publication Date: 11/23/2004

Reference Information

CVE: CVE-2004-1021

BID: 11728

Secunia: 13277