Detections
Analytics

Mac OS X Multiple Vulnerabilities (Security Update 2009-005)

critical Nessus Plugin ID 40945

Synopsis

The remote host is missing a Mac OS X update that fixes various security issues.

Description

The remote host is running a version of Mac OS X 10.5 or 10.4 that does not have Security Update 2009-005 applied.

This security update contains fixes for the following products :

 - Alias Manager
 - CarbonCore
 - ClamAV
 - ColorSync
 - CoreGraphics
 - CUPS
 - Flash Player plug-in
 - ImageIO
 - Launch Services
 - MySQL
 - PHP
 - SMB
 - Wiki Server

Solution

Install Security Update 2009-005 or later.

See Also

http://support.apple.com/kb/HT3865

http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html

http://www.securityfocus.com/advisories/17867

Plugin Details

Severity: Critical

ID: 40945

File Name: macosx_SecUpd2009-005.nasl

Version: 1.23

Type: local

Agent: macosx

Published: 9/11/2009

Updated: 5/28/2024

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2009-2468

Vulnerability Information

CPE: cpe:/o:apple:mac_os_x:10.5, cpe:/o:apple:mac_os_x:10.4

Required KB Items: Host/uname, Host/MacOSX/packages

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/10/2009

CISA Known Exploited Vulnerability Due Dates: 6/22/2022

Exploitable With

CANVAS (CANVAS)

Core Impact

Reference Information

CVE: CVE-2008-2079, CVE-2008-5498, CVE-2008-6680, CVE-2009-0590, CVE-2009-0591, CVE-2009-0789, CVE-2009-0949, CVE-2009-1241, CVE-2009-1270, CVE-2009-1271, CVE-2009-1272, CVE-2009-1371, CVE-2009-1372, CVE-2009-1862, CVE-2009-1863, CVE-2009-1864, CVE-2009-1865, CVE-2009-1866, CVE-2009-1867, CVE-2009-1868, CVE-2009-1869, CVE-2009-1870, CVE-2009-2468, CVE-2009-2800, CVE-2009-2803, CVE-2009-2804, CVE-2009-2805, CVE-2009-2807, CVE-2009-2809, CVE-2009-2811, CVE-2009-2812, CVE-2009-2813, CVE-2009-2814

BID: 34357, 35759, 36350, 36354, 36355, 36357, 36358, 36359, 36360, 36361, 36363, 36364, 29106, 33002, 34256

CWE: 119, 189, 20, 200, 264, 287, 399, 59, 79, 94