Mac OS X : OS X Server < 3.2.1 Multiple Vulnerabilities

This script is Copyright (C) 2014-2016 Tenable Network Security, Inc.


Synopsis :

The remote host is missing a security update for OS X Server.

Description :

The remote Mac OS X 10.9 host has a version of OS X Server installed
that is prior to version 3.2.1. It is, therefore, affected by the
following vulnerabilities :

- Multiple vulnerabilities exist within the included
PostgreSQL, the more serious of these allow remote code
execution or denial of service. (CVE-2014-0060,
CVE-2014-0061, CVE-2014-0062, CVE-2014-0063,
CVE-2014-0064, CVE-2014-0065, CVE-2014-0066)

- A cross-site scripting vulnerability exists within the
Xcode Server. Using a specially crafted website, a
remote attacker can exploit this to execute arbitrary
code within the server / browser trust relationship.
(CVE-2014-4406)

- An SQL injection vulnerability exists in the Wiki Server
due to the improper validation of SQL queries. A remote
attacker can exploit this to inject or manipulate SQL
queries on the back-end database. (CVE-2014-4424)

See also :

http://support.apple.com/kb/HT6448

Solution :

Upgrade to Mac OS X Server version 3.2.1 or later.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.5
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now