Detections
Analytics

Mac OS X : OS X Server < 3.1.2 Heap-Based Buffer Overflow

medium Nessus Plugin ID 74124

Language:

Synopsis

The remote host is missing a security update for OS X Server.

Description

The remote Mac OS X 10.9 host has a version of OS X Server installed that is prior to 3.1.2. It is, therefore, affected by a heap-based buffer overflow vulnerability in the Ruby component that occurs when converting a string to a floating point value. A remote attacker can exploit this, via a specially crafted request to Profile Manager or to a Ruby script, to cause a denial of service condition or the execution of arbitrary code.

Solution

Upgrade to Mac OS X Server version 3.1.2 or later.

See Also

http://support.apple.com/kb/HT6248

http://www.securityfocus.com/archive/1/532166/30/0/threaded

Plugin Details

Severity: Medium

ID: 74124

File Name: macosx_server_3_1_2.nasl

Version: 1.5

Type: local

Agent: macosx

Published: 5/21/2014

Updated: 7/14/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.6

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:apple:mac_os_x_server

Required KB Items: Host/local_checks_enabled, Host/MacOSX/Version, MacOSX/Server/Version

Exploit Ease: No known exploits are available

Patch Publication Date: 5/20/2014

Vulnerability Publication Date: 11/22/2013

Reference Information

CVE: CVE-2013-4164

BID: 63873

APPLE-SA: APPLE-SA-2014-15-20-1