Mac OS X Multiple Vulnerabilities (Security Update 2006-007)

critical Nessus Plugin ID 23740

Synopsis

The remote host is missing a Mac OS X update which fixes a security issue.

Description

The remote host is running a version of Mac OS X which does not have the security update 2006-007 applied.

Security Update 2006-007 contains several security fixes for the following programs :

- AirPort
- ATS
- CFNetwork
- Finder
- Font Book
- Font Importer
- Installer
- OpenSSL
- PHP
- PPP
- Samba
- Security Framework
- VPN
- WebKit
- gnuzip
- perl

Solution

Install the missing security update :

For Mac OS X 10.4 :
http://www.apple.com/support/downloads/securityupdate20060071048clientppc.html http://www.apple.com/support/downloads/securityupdate20060071048clientintel.html http://www.apple.com/support/downloads/securityupdate20060071048serverppc.html

For Mac OS X 10.3 :
http://www.apple.com/support/downloads/securityupdate20060071039client.html http://www.apple.com/support/downloads/securityupdate20060071039server.html

See Also

http://www.nessus.org/u?2ea04761

Plugin Details

Severity: Critical

ID: 23740

File Name: macosx_SecUpd2006-007.nasl

Version: 1.24

Type: local

Agent: macosx

Published: 11/29/2006

Updated: 5/28/2024

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:apple:mac_os_x:10.3, cpe:/o:apple:mac_os_x:10.4

Required KB Items: Host/MacOSX/packages

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 11/28/2006

Vulnerability Publication Date: 11/1/2006

Reference Information

CVE: CVE-2006-4396, CVE-2006-4398, CVE-2006-4400, CVE-2006-4401, CVE-2006-4402, CVE-2006-4403, CVE-2006-4404, CVE-2006-4406, CVE-2006-4407, CVE-2006-4408, CVE-2006-4409, CVE-2006-4410, CVE-2006-4411, CVE-2006-4412, CVE-2006-5710

BID: 21335, 20862