Mac OS X Multiple Vulnerabilities (Security Update 2007-007)

This script is Copyright (C) 2007-2013 Tenable Network Security, Inc.


Synopsis :

The remote host is missing a Mac OS X update that fixes various
security issues.

Description :

The remote host is running a version of Mac OS X 10.4 or 10.3 which
does not have the security update 2007-007 applied.

This update contains several security fixes for the following programs :

- bzip2
- CFNetwork
- CoreAudio
- cscope
- gnuzip
- iChat
- Kerberos
- mDNSResponder
- PDFKit
- PHP
- Quartz Composer
- Samba
- SquirrelMail
- Tomcat
- WebCore
- WebKit

See also :

http://docs.info.apple.com/article.html?artnum=306172

Solution :

Install the security update 2007-007 :

http://www.apple.com/support/downloads/securityupdate200700710410universal.html
http://www.apple.com/support/downloads/securityupdate20070071039.html
http://www.apple.com/support/downloads/securityupdate20070071039server.html

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.3
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true