Mac OS X Multiple Vulnerabilities (Security Update 2006-001)

high Nessus Plugin ID 20990

Synopsis

The remote operating system is missing a vendor-supplied patch.

Description

The remote host is running Apple Mac OS X, but lacks Security Update 2006-001.

This security update contains fixes for the following applications :

apache_mod_php automount Bom Directory Services iChat IPSec LaunchServices LibSystem loginwindow Mail rsync Safari Syndication

Solution

Mac OS X 10.4 :
http://www.apple.com/support/downloads/securityupdate2006001macosx1045ppc.html http://www.apple.com/support/downloads/securityupdate2006001macosx1045intel.html

Mac OS X 10.3 :
http://www.apple.com/support/downloads/securityupdate20060011039client.html http://www.apple.com/support/downloads/securityupdate20060011039server.html

See Also

http://docs.info.apple.com/article.html?artnum=303382

Plugin Details

Severity: High

ID: 20990

File Name: macosx_SecUpd2006-001.nasl

Version: 1.24

Type: local

Agent: macosx

Published: 3/2/2006

Updated: 5/28/2024

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.5

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: cpe:/o:apple:mac_os_x:10.3, cpe:/o:apple:mac_os_x:10.4

Required KB Items: Host/MacOSX/packages

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/3/2006

Vulnerability Publication Date: 12/21/2005

Exploitable With

Metasploit (Safari Archive Metadata Command Execution)

Reference Information

CVE: CVE-2005-2713, CVE-2005-2714, CVE-2005-3319, CVE-2005-3353, CVE-2005-3391, CVE-2005-3392, CVE-2005-3706, CVE-2005-3712, CVE-2005-4217, CVE-2005-4504, CVE-2006-0383, CVE-2006-0384, CVE-2006-0386, CVE-2006-0387, CVE-2006-0388, CVE-2006-0389, CVE-2006-0391, CVE-2006-0395, CVE-2006-0848

BID: 16736, 16907