BlackBerry Link Multiple Vulnerabilities (Mac OS X)

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote host has software installed that is affected by multiple
vulnerabilities.

Description :

The remote host has a version of BlackBerry Link installed prior to
version 1.1.1.39. It is, therefore, affected by multiple
vulnerabilities :

- A WebDAV server that listens on an IPv6 address allows
remote access to the host's file system. It may also
be possible to utilize this vulnerability via a DNS
rebinding attack to execute arbitrary code by tricking
a user into opening a specially crafted page.
(CVE-2013-3694)

- A flaw in Peer Manager on Mac OS X may allow
context-dependent attackers to bypass access
restrictions on remote file-access folders for WebDAV
requests. (CVE-2013-6798)

See also :

http://www.nessus.org/u?098d279b
http://blog.cmpxchg8b.com/2013/11/qnx.html

Solution :

Upgrade to BlackBerry Link 1.1.1.39.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.9
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: MacOS X Local Security Checks

Nessus Plugin ID: 71041 ()

Bugtraq ID: 63695
63774

CVE ID: CVE-2013-3694
CVE-2013-6798