Mac OS X Multiple Vulnerabilities (Security Update 2008-007)

critical Nessus Plugin ID 34374

Synopsis

The remote host is missing a Mac OS X update that fixes various security issues.

Description

The remote host is running a version of Mac OS X 10.5 or 10.4 that does not have the security update 2008-007 applied.

This security update contains fixes for the following products :

- Apache
- Certificates
- ClamAV
- ColorSync
- CUPS
- Finder
- launchd
- libxslt
- MySQL Server
- Networking
- PHP
- Postfix
- PSNormalizer
- QuickLook
- rlogin
- Script Editor
- Single Sign-On
- Tomcat
- vim
- Weblog

Solution

Install Security Update 2008-007 or later.

See Also

http://support.apple.com/kb/HT3216

http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html

Plugin Details

Severity: Critical

ID: 34374

File Name: macosx_SecUpd2008-007.nasl

Version: 1.32

Type: local

Agent: macosx

Published: 10/10/2008

Updated: 5/28/2024

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:apple:mac_os_x:10.5, cpe:/o:apple:mac_os_x:10.4

Required KB Items: Host/MacOSX/packages, Host/uname

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 10/9/2008

Vulnerability Publication Date: 10/15/2007

Exploitable With

CANVAS (D2ExploitPack)

Core Impact

Metasploit (MySQL yaSSL SSL Hello Message Buffer Overflow)

Elliot (Apache Tomcat File Disclosure)

Reference Information

CVE: CVE-2007-2691, CVE-2007-4850, CVE-2007-5333, CVE-2007-5342, CVE-2007-5461, CVE-2007-5969, CVE-2007-6286, CVE-2007-6420, CVE-2008-0002, CVE-2008-0226, CVE-2008-0227, CVE-2008-0674, CVE-2008-1232, CVE-2008-1389, CVE-2008-1678, CVE-2008-1767, CVE-2008-1947, CVE-2008-2079, CVE-2008-2364, CVE-2008-2370, CVE-2008-2371, CVE-2008-2712, CVE-2008-2938, CVE-2008-3294, CVE-2008-3432, CVE-2008-3641, CVE-2008-3642, CVE-2008-3643, CVE-2008-3645, CVE-2008-3646, CVE-2008-3647, CVE-2008-3912, CVE-2008-3913, CVE-2008-3914, CVE-2008-4101, CVE-2008-4211, CVE-2008-4212, CVE-2008-4214, CVE-2008-4215

BID: 30279, 30494, 30496, 30633, 30795, 30994, 31051, 31681, 31692, 31707, 31708, 31711, 31715, 31716, 31718, 31719, 31720, 31721, 31722, 24016, 26070, 26765, 27006, 27140, 27236, 27413, 27703, 27706, 27786, 29106, 29312, 29502, 29653, 29715, 30087

CWE: 119, 16, 189, 20, 200, 22, 264, 352, 362, 399, 79, 94