SMB in Apple Mac OS X before 10.8.4, when file sharing is enabled, allows remote authenticated users to create or modify files outside of a shared directory via unspecified vectors.

The remote Mac OS X host is affected by an unauthorized file access vulnerability.  If SMB file sharing is enabled, an authenticated user may be able to write files outside the shared directory.

The remote host is running a version of Mac OS X 10.8 that is older than 10.8.4. The newer version contains numerous security-related fixes :

  - A local security-bypass vulnerability exists that affects the Disk Management component. The issue can be exploited by an unauthorized attacker to disable FileVault using the command-line. (CVE-2013-0985)

  - A security-bypass vulnerability in SMB file sharing can occur whereby an authenticated attacker can write files outside the shared directory. (CVE-2013-0990)

  - A remote buffer-overflow vulnerability exists when handling certain PICT images. (CVE-2013-0975)

  - A security-bypass vulnerability exists whereby an attacker with access to a user's session may be able to log into previously accessed sites. An attacker can exploit this issue even if Private Browsing was used. (CVE-2013-0982)

  - A remote-code execution issue affects the text glyphs because of an unbounded stack allocation when handling maliciously crafted URLs. (CVE-2013-0983)

  - A remote-code execution vulnerability exists due to improper handling of text tracks. (CVE-2013-1024)

  - A buffer-overflow vulnerability exists in the Directory Service daemon that can be exploited via a specially crafted network message. (CVE-2013-0984)

The remote host is running a version of Mac OS X 10.6 or 10.7 that does not have Security Update 2013-002 applied.  This update contains numerous security-related fixes for the following components :

  - CoreMedia Playback (10.7 only)
  - Directory Service (10.6 only)
  - OpenSSL
  - QuickDraw Manager
  - QuickTime
  - Ruby (10.6 only)
  - SMB (10.7 only)

The remote host is running a version of Mac OS X 10.8.x that is prior to 10.8.4. The newer version contains multiple security-related fixes for the following components :

  - CFNetwork
  - CoreAnimation
  - CoreMedia Playback
  - CUPS
  - Disk Management
  - OpenSSL
  - QuickDraw Manager
  - QuickTime
  - SMB

ID	Name	Product	Family	Severity
66836	Mac OS X 10.7 / 10.8 Unauthorized File Access (remote check)	Nessus	Misc.	medium
6857	Mac OS X 10.8 < 10.8.4 Multiple Vulnerabilities (Security Update 2013-002)	Nessus Network Monitor	Web Clients	critical
66809	Mac OS X Multiple Vulnerabilities (Security Update 2013-002)	Nessus	MacOS X Local Security Checks	critical
66808	Mac OS X 10.8.x < 10.8.4 Multiple Vulnerabilities	Nessus	MacOS X Local Security Checks	high

Detections

Analytics

CVE-2013-0990

high

Tenable Plugins

medium

critical

critical

high