Mac OS X Server v10.6.5 (10H575)

medium Nessus Plugin ID 50681

Language:

Synopsis

The remote host has an application that may be affected by an information disclosure vulnerability.

Description

A memory aliasing issue in Dovecot's handling of user names in Mac OS X Server v10.6.5 may result in a user receiving mail intended for other users.

Note that this vulnerability arises only on Mac OS X Server systems when Dovecot is configured as a mail server.

Solution

Upgrade to Mac OS X Server v10.6.5 (10H575) or later.

See Also

http://support.apple.com/kb/HT4452

http://lists.apple.com/archives/security-announce/2010/Nov/msg00001.html

Plugin Details

Severity: Medium

ID: 50681

File Name: macosx_server_10H575.nasl

Version: 1.12

Type: local

Agent: macosx

Published: 11/22/2010

Updated: 11/27/2023

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 2.5

CVSS v2

Risk Factor: Medium

Base Score: 4

Temporal Score: 3

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS Score Source: CVE-2010-4011

Vulnerability Information

Required KB Items: Host/uname, MacOSX/Server/Version

Exploit Ease: No known exploits are available

Patch Publication Date: 11/15/2010

Vulnerability Publication Date: 11/15/2010

Reference Information

CVE: CVE-2010-4011

BID: 44874