Mac OS X Multiple Vulnerabilities (Security Update 2015-005) (GHOST) (Logjam)

This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.


Synopsis :

The remote host is missing a Mac OS X update that fixes multiple
security vulnerabilities.

Description :

The remote host is running a version of Mac OS X 10.8.5 or 10.9.5
that is missing Security Update 2015-005. It is, therefore, affected
multiple vulnerabilities in the following components :

- Admin Framework
- afpserver
- apache
- AppleFSCompression
- AppleGraphicsControl
- AppleThunderboltEDMService
- ATS
- Bluetooth
- Certificate Trust Policy
- CFNetwork HTTPAuthentication
- CoreText
- coreTLS
- DiskImages
- Display Drivers
- EFI
- FontParser
- Graphics Driver
- ImageIO
- Install Framework Legacy
- Intel Graphics Driver
- IOAcceleratorFamily
- IOFireWireFamily
- Kernel
- kext tools
- Mail
- ntfs
- ntp
- OpenSSL
- QuickTime
- Security
- Spotlight
- SQLite
- System Stats
- TrueTypeScaler
- zip

Note that successful exploitation of the most serious issues can
result in arbitrary code execution.

See also :

https://support.apple.com/en-ca/HT204942
http://www.nessus.org/u?956357d4
http://www.nessus.org/u?c7a6ddbd
https://weakdh.org/

Solution :

Install Security Update 2015-005 or later.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.3
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true