http://curl.haxx.se/docs/adv_20150108A.html

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10743

APPLE-SA-2015-08-13-2

61925

GLSA-201701-47

https://support.apple.com/kb/HT205031

The remote host is affected by the vulnerability described in GLSA-201701-47 (cURL: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in cURL. Please review the       CVE identifiers and bug reports referenced for details.
  Impact :

    Remote attackers could conduct a Man-in-the-Middle attack to obtain       sensitive information, cause a Denial of Service condition, or execute       arbitrary code.
  Workaround :

    There is no known workaround at this time.

The remote host is running a version of Mac OS X 10.10.x that is prior to version 10.10.5. The installed version is affected by multiple vulnerabilities in the following components :

 - apache (CVE-2014-3581, CVE-2014-3583, CVE-2014-8109, CVE-2015-0228, CVE-2015-0253, CVE-2015-3183, CVE-2015-3185)
 - apache_mod_php (CVE-2015-2783, CVE-2015-2787, CVE-2015-3307, CVE-2015-3329, CVE-2015-3330, CVE-2015-4021, CVE-2015-4022, CVE-2015-4024, CVE-2015-4025, CVE-2015-4026, CVE-2015-4147, CVE-2015-4148)
 - Apple ID OD Plug-in (CVE-2015-3799)
 - AppleGraphicsControl (CVE-2015-5768)
 - Bluetooth (CVE-2015-3777, CVE-2015-3779, CVE-2015-3780, CVE-2015-3786, CVE-2015-3787)
 - bootp (CVE-2015-3778)
 - CloudKit (CVE-2015-3782)
 - CoreMedia Playback (CVE-2015-5777, CVE-2015-5778)
 - CoreText (CVE-2015-5761, CVE-2015-5755)
 - curl (CVE-2014-3613, CVE-2014-3620, CVE-2014-3707, CVE-2014-8150, CVE-2014-8151, CVE-2015-3143, CVE-2015-3144, CVE-2015-3145, CVE-2015-3148, CVE-2015-3153)
 - Data Detectors Engine (CVE-2015-5750)
 - Date & Time pref pane (CVE-2015-3757)
 - Dictionary Application (CVE-2015-3774)
 - DiskImages (CVE-2015-3800)
 - dyld (CVE-2015-3760)
 - FontParser (CVE-2015-3804, CVE-2015-5775, CVE-2015-5756)
 - groff (CVE-2009-5044, CVE-2009-5078)
 - ImageIO (CVE-2015-5758, CVE-2015-5781, CVE-2015-5782)
 - Install Framework Legacy (CVE-2015-5784, CVE-2015-5754)
 - IOFireWireFamily (CVE-2015-3769, CVE-2015-3771, CVE-2015-3772)
 - IOGraphics (CVE-2015-3770, CVE-2015-5783)
 - IOHIDFamily (CVE-2015-5774)
 - Kernel (CVE-2015-3766, CVE-2015-3768, CVE-2015-5747, CVE-2015-5748, CVE-2015-3806, CVE-2015-3803, CVE-2015-3802, CVE-2015-3805, CVE-2015-3776, CVE-2015-3761)
 - Libc (CVE-2015-3796, CVE-2015-3797, CVE-2015-3798)
 - Libinfo (CVE-2015-5776)
 - libpthread (CVE-2015-5757)
 - libxml2 (CVE-2014-0191, CVE-2014-3660, CVE-2015-3807)
 - libxpc (CVE-2015-3795)
 - mail_cmds (CVE-2014-7844)
 - Notification Center OSX (CVE-2015-3764)
 - ntfs (CVE-2015-5763)
 - OpenSSH (CVE-2015-5600)
 - OpenSSL (CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792)
 - perl (CVE-2013-7422)
 - PostgreSQL (CVE-2014-0067, CVE-2014-8161, CVE-2015-0241, CVE-2015-0242, CVE-2015-0243, CVE-2015-0244)
 - python (CVE-2013-7040, CVE-2013-7338, CVE-2014-1912, CVE-2014-7185, CVE-2014-9365)
 - QL Office (CVE-2015-5773, CVE-2015-3784)
 - Quartz Composer Framework (CVE-2015-5771)
 - Quick Look (CVE-2015-3781)
 - QuickTime 7 (CVE-2015-3779, CVE-2015-5753, CVE-2015-5779, CVE-2015-3765, CVE-2015-3788, CVE-2015-3789, CVE-2015-3790, CVE-2015-3791, CVE-2015-3792, CVE-2015-5751)
 - SceneKit (CVE-2015-5772, CVE-2015-3783)
 - Security (CVE-2015-3775)
 - SMBClient (CVE-2015-3773)
 - Speech UI (CVE-2015-3794)
 - sudo (CVE-2013-1775, CVE-2013-1776, CVE-2013-2776, CVE-2013-2777, CVE-2014-0106, CVE-2014-9680)
 - tcpdump (CVE-2014-8767, CVE-2014-8769, CVE-2014-9140)
 - Text Formats (CVE-2015-3762)
 - udf (CVE-2015-3767)

 Note that successful exploitation of the most serious issues can result in arbitrary code execution.

The remote host is running a version of Mac OS X 10.10.x that is prior to 10.10.5. It is, therefore, affected by multiple vulnerabilities in the following components :

  - apache
  - apache_mod_php
  - Apple ID OD Plug-in
  - AppleGraphicsControl
  - Bluetooth
  - bootp
  - CloudKit
  - CoreMedia Playback
  - CoreText
  - curl
  - Data Detectors Engine
  - Date & Time pref pane
  - Dictionary Application
  - DiskImages
  - dyld
  - FontParser
  - groff
  - ImageIO
  - Install Framework Legacy
  - IOFireWireFamily
  - IOGraphics
  - IOHIDFamily
  - Kernel
  - Libc
  - Libinfo
  - libpthread
  - libxml2
  - libxpc
  - mail_cmds
  - Notification Center OSX
  - ntfs
  - OpenSSH
  - OpenSSL
  - perl
  - PostgreSQL
  - python
  - QL Office
  - Quartz Composer Framework
  - Quick Look
  - QuickTime 7
  - SceneKit
  - Security
  - SMBClient
  - Speech UI
  - sudo
  - tcpdump
  - Text Formats
  - udf 

Note that successful exploitation of the most serious issues can result in arbitrary code execution.

ID	Name	Product	Family	Severity
96644	GLSA-201701-47 : cURL: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
8981	Mac OS X < 10.10.5 Multiple Vulnerabilities	Nessus Network Monitor	Operating System Detection	high
85408	Mac OS X 10.10.x < 10.10.5 Multiple Vulnerabilities	Nessus	MacOS X Local Security Checks	high

CVE-2014-8151

MEDIUM

Description

References

Details

Risk Information

CVSS v2.0

Vulnerable Software

Configuration 1

Configuration 2

Tenable Plugins

high

high

high