Mac OS X : OS X Server < 2.2.2 Multiple Vulnerabilities

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.


Synopsis :

The remote host is missing a security update for OS X Server.

Description :

The remote Mac OS X 10.8 host has a version of OS X Server that is
older than version 2.2.2. As such, it is reportedly affected by the
following vulnerabilities :

- Two vulnerabilities exist in the included ClamAV
software, the most serious of which could allow an
attacker to execute arbitrary code remotely.
(CVE-2013-2020 / CVE-2013-2021)

- Three vulnerabilities exist in the included PostgreSQL
software, the most serious of which could result in
data corruption or privilege escalation.
(CVE-2013-1899 / CVE-2013-1900 / CVE-2013-1901)

- Multiple cross-site scripting issues exist in the
included Wiki Server software (CVE-2013-1034)

See also :

http://support.apple.com/kb/HT5892
http://lists.apple.com/archives/security-announce/2013/Sep/msg00004.html
http://www.securityfocus.com/archive/1/528681/30/0/threaded

Solution :

Upgrade to Mac OS X Server v2.2.2 or later.

Risk factor :

High / CVSS Base Score : 8.5
(CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C)
CVSS Temporal Score : 7.4
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: MacOS X Local Security Checks

Nessus Plugin ID: 69932 ()

Bugtraq ID: 58876
58878
58879
59434
60118
62449

CVE ID: CVE-2013-1034
CVE-2013-1899
CVE-2013-1900
CVE-2013-1901
CVE-2013-2020
CVE-2013-2021