Mac OS X < 10.4.9 Multiple Vulnerabilities (Security Update 2007-003)

This script is Copyright (C) 2007-2013 Tenable Network Security, Inc.


Synopsis :

The remote host is missing a Mac OS X update which fixes a security
issue.

Description :

The remote host is running a version of Mac OS X 10.4 which is older than
version 10.4.9 or a version of Mac OS X 10.3 which does not have
Security Update 2007-003 applied.

This update contains several security fixes for the following programs :

- ColorSync
- CoreGraphics
- Crash Reporter
- CUPS
- Disk Images
- DS Plugins
- Flash Player
- GNU Tar
- HFS
- HID Family
- ImageIO
- Kernel
- MySQL server
- Networking
- OpenSSH
- Printing
- QuickDraw Manager
- servermgrd
- SMB File Server
- Software Update
- sudo
- WebLog

See also :

http://docs.info.apple.com/article.html?artnum=305214

Solution :

Mac OS X 10.4 : Upgrade to Mac OS X 10.4.9 :

http://www.apple.com/support/downloads/macosxserver1049updateppc.html
http://www.apple.com/support/downloads/macosx1049updateintel.html
http://www.apple.com/support/downloads/macosxserver1049updateuniversal.html

Mac OS X 10.3 : Apply Security Update 2007-003 :

http://www.apple.com/support/downloads/securityupdate20070031039client.html
http://www.apple.com/support/downloads/securityupdate20070031039server.html

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.8
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true