Mac OS X Multiple Vulnerabilities (Security Update 2007-007)

critical Nessus Plugin ID 25830

Synopsis

The remote host is missing a Mac OS X update that fixes various security issues.

Description

The remote host is running a version of Mac OS X 10.4 or 10.3 which does not have the security update 2007-007 applied.

This update contains several security fixes for the following programs :

- bzip2
- CFNetwork
- CoreAudio
- cscope
- gnuzip
- iChat
- Kerberos
- mDNSResponder
- PDFKit
- PHP
- Quartz Composer
- Samba
- SquirrelMail
- Tomcat
- WebCore
- WebKit

Solution

Install the security update 2007-007 :

http://www.apple.com/support/downloads/securityupdate200700710410universal.html http://www.apple.com/support/downloads/securityupdate20070071039.html http://www.apple.com/support/downloads/securityupdate20070071039server.html

See Also

http://docs.info.apple.com/article.html?artnum=306172

Plugin Details

Severity: Critical

ID: 25830

File Name: macosx_SecUpd2007-007.nasl

Version: 1.19

Type: local

Agent: macosx

Published: 8/2/2007

Updated: 5/28/2024

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:apple:mac_os_x:10.3, cpe:/o:apple:mac_os_x:10.4

Required KB Items: Host/MacOSX/packages

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 8/1/2007

Vulnerability Publication Date: 11/9/2004

Exploitable With

CANVAS (CANVAS)

Core Impact

Metasploit (Samba "username map script" Command Execution)

Reference Information

CVE: CVE-2004-0996, CVE-2004-2541, CVE-2005-0758, CVE-2005-2090, CVE-2005-3128, CVE-2006-2842, CVE-2006-3174, CVE-2006-4019, CVE-2006-6142, CVE-2007-0450, CVE-2007-0478, CVE-2007-1001, CVE-2007-1262, CVE-2007-1287, CVE-2007-1358, CVE-2007-1460, CVE-2007-1461, CVE-2007-1484, CVE-2007-1521, CVE-2007-1583, CVE-2007-1711, CVE-2007-1717, CVE-2007-1860, CVE-2007-2403, CVE-2007-2404, CVE-2007-2405, CVE-2007-2406, CVE-2007-2407, CVE-2007-2408, CVE-2007-2409, CVE-2007-2410, CVE-2007-2442, CVE-2007-2443, CVE-2007-2446, CVE-2007-2447, CVE-2007-2589, CVE-2007-2798, CVE-2007-3742, CVE-2007-3744, CVE-2007-3745, CVE-2007-3746, CVE-2007-3747, CVE-2007-3748, CVE-2007-3944

BID: 11697, 13582, 23910, 23972, 23973, 24195, 24196, 24197, 24198, 24653, 25159

CWE: 119, 16, 20, 22, 352, 59, 79