Mac OS X Multiple Vulnerabilities (Security Update 2006-004)

critical Nessus Plugin ID 22125

Synopsis

The remote operating system is missing a vendor-supplied patch.

Description

The remote host is running Apple Mac OS X, but lacks Security Update 2006-004.

This security update contains fixes for the following applications :

AFP Server Bluetooth Bom DHCP dyld fetchmail gnuzip ImageIO LaunchServices OpenSSH telnet WebKit

Solution

Mac OS X 10.4 :

http://www.apple.com/support/downloads/securityupdate2006004macosx1047clientintel.html http://www.apple.com/support/downloads/securityupdate2006004macosx1047clientppc.html

Mac OS X 10.3 :

http://www.apple.com/support/downloads/securityupdate20060041039client.html http://www.apple.com/support/downloads/securityupdate20060041039server.html

See Also

http://www.nessus.org/u?6e97e41a

Plugin Details

Severity: Critical

ID: 22125

File Name: macosx_SecUpd2006-004.nasl

Version: 1.24

Type: local

Agent: macosx

Published: 8/1/2006

Updated: 5/28/2024

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.5

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:apple:mac_os_x:10.3, cpe:/o:apple:mac_os_x:10.4

Required KB Items: Host/MacOSX/packages

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 8/1/2006

Vulnerability Publication Date: 6/26/2006

Exploitable With

Metasploit (Apple iOS MobileMail LibTIFF Buffer Overflow)

Reference Information

CVE: CVE-2005-0488, CVE-2005-0988, CVE-2005-1228, CVE-2005-2335, CVE-2005-3088, CVE-2005-4348, CVE-2006-0321, CVE-2006-0392, CVE-2006-0393, CVE-2006-1472, CVE-2006-1473, CVE-2006-3459, CVE-2006-3461, CVE-2006-3462, CVE-2006-3465, CVE-2006-3495, CVE-2006-3496, CVE-2006-3497, CVE-2006-3498, CVE-2006-3499, CVE-2006-3500, CVE-2006-3501, CVE-2006-3502, CVE-2006-3503, CVE-2006-3504, CVE-2006-3505

BID: 19289