Mac OS X Fraudulent DigiNotar Digital Certificates (Security Update 2011-005)

This script is Copyright (C) 2011-2012 Tenable Network Security, Inc.


Synopsis :

The remote Mac OS X host contains support for an untrusted
certificate authority.

Description :

The remote host is running a version of Mac OS X 10.6 or 10.7 that
does not have Security Update 2011-005 applied. Due to the issuance
of several fraudulent SSL certificates, this security update removes
DigiNotar from the list of trusted root certificates as well as the
list of Extended Validation (EV) certificate authorities. It also
configures default system trust settings so that DigiNotar's
certificates, including those issued by other authorities, are not
trusted.

See also :

http://support.apple.com/kb/HT4920
http://lists.apple.com/archives/security-announce/2011/Sep/msg00000.html

Solution :

Install Security Update 2011-005 or later.

Risk factor :

Medium / CVSS Base Score : 5.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N)

Family: MacOS X Local Security Checks

Nessus Plugin ID: 56141 ()

Bugtraq ID:

CVE ID: