This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.
The Mac OS X host has a remote management application that is
potentially affected by multiple vulnerabilities.
According to its version, the Apple Remote Desktop install on the
remote host is earlier than 3.5.4 / 3.7. As such, it is potentially
affected the following vulnerabilities :
- A format string vulnerability exists in Remote
Desktop's handling of a VNC username. (CVE-2013-5135)
- An information disclosure vulnerability exists because
Remote Desktop may use password authentication without
warning that the connection would be encrypted if a
third-party VNC server supports certain authentication
types. Note that this does not affect installs of
version 3.5.x or earlier. (CVE_2013-5136)
- An authentication bypass vulnerability exists due to a
flaw in the full-screen feature that is triggered when
handling text entered in the dialog box upon recovering
from sleep mode with a remote connection alive. A local
attacker can exploit this to bypass intended access
See also :
Upgrade to Apple Remote Desktop 3.5.4 / 3.7 or later.
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 8.1
Public Exploit Available : false
Family: MacOS X Local Security Checks
Nessus Plugin ID: 70609 ()
Bugtraq ID: 6328463286
CVE ID: CVE-2013-5135CVE-2013-5136CVE-2013-5229
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.