Mac OS X Multiple Vulnerabilities (Security Update 2004-06-07)

This script is Copyright (C) 2004-2013 Tenable Network Security, Inc.


Synopsis :

The remote host is missing a Mac OS X update that fixes a security
issue.

Description :

The remote host is missing Security Update 2004-06-07. This
security update includes fixes for the following components :

DiskImages
LaunchServices
Safari
Terminal

This update fixes a security problem which may allow an attacker
to execute arbitrary commands the on the remote host by abusing
of a flaw in Safari and the components listed above. To exploit
this flaw, an attacker would need to set up a rogue web site with
malformed HTML links, and lure the user of the remote host into
visiting them.

See also :

http://support.apple.com/kb/HT1646

Solution :

Install Security Update 2004-06-07.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.0
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: MacOS X Local Security Checks

Nessus Plugin ID: 12520 (macosx_SecUpd20040607.nasl)

Bugtraq ID: 10486

CVE ID: CVE-2004-0538
CVE-2004-0539