Detections
Analytics
Mac OS X : OS X Server < 3.2.1 Multiple Vulnerabilities
high Nessus Plugin ID 77758
Language:
Synopsis
The remote host is missing a security update for OS X Server.Description
The remote Mac OS X 10.9 host has a version of OS X Server installed that is prior to version 3.2.1. It is, therefore, affected by the following vulnerabilities :- Multiple vulnerabilities exist within the included PostgreSQL, the more serious of these allow remote code execution or denial of service. (CVE-2014-0060, CVE-2014-0061, CVE-2014-0062, CVE-2014-0063, CVE-2014-0064, CVE-2014-0065, CVE-2014-0066)
- A cross-site scripting vulnerability exists within the Xcode Server. Using a specially crafted website, a remote attacker can exploit this to execute arbitrary code within the server / browser trust relationship.
(CVE-2014-4406)
- A SQL injection vulnerability exists in the Wiki Server due to the improper validation of SQL queries. A remote attacker can exploit this to inject or manipulate SQL queries on the back-end database. (CVE-2014-4424)
Solution
Upgrade to Mac OS X Server version 3.2.1 or later.See Also
Plugin Details
Severity: High
ID: 77758
File Name: macosx_server_3_2_1.nasl
Version: 1.8
Type: local
Agent: macosx
Family: MacOS X Local Security Checks
Published: 9/19/2014
Updated: 7/14/2018
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: High
Base Score: 7.5
Temporal Score: 5.5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
Vulnerability Information
CPE: cpe:/a:apple:mac_os_x_server
Required KB Items: Host/local_checks_enabled, Host/MacOSX/Version, MacOSX/Server/Version
Exploit Ease: No known exploits are available
Patch Publication Date: 9/17/2014
Vulnerability Publication Date: 9/17/2014
Reference Information
CVE: CVE-2014-0060, CVE-2014-0061, CVE-2014-0062, CVE-2014-0063, CVE-2014-0064, CVE-2014-0065, CVE-2014-0066, CVE-2014-4406, CVE-2014-4424
BID: 65723, 65724, 65727, 65719, 65725, 65731, 65728, 69918, 69935