Mac OS X < 10.11 Multiple Vulnerabilities (GHOST)

This script is Copyright (C) 2015-2017 Tenable Network Security, Inc.


Synopsis :

The remote host is missing a Mac OS X update that fixes multiple
security vulnerabilities.

Description :

The remote host is running a version of Mac OS X that is 10.6.8 or
later but prior to 10.11. It is, therefore, affected by multiple
vulnerabilities in the following components :

- Address Book
- AirScan
- apache_mod_php
- Apple Online Store Kit
- AppleEvents
- Audio
- bash
- Certificate Trust Policy
- CFNetwork Cookies
- CFNetwork FTPProtocol
- CFNetwork HTTPProtocol
- CFNetwork Proxies
- CFNetwork SSL
- CoreCrypto
- CoreText
- Dev Tools
- Disk Images
- dyld
- EFI
- Finder
- Game Center
- Heimdal
- ICU
- Install Framework Legacy
- Intel Graphics Driver
- IOAudioFamily
- IOGraphics
- IOHIDFamily
- IOStorageFamily
- Kernel
- libc
- libpthread
- libxpc
- Login Window
- lukemftpd
- Mail
- Multipeer Connectivity
- NetworkExtension
- Notes
- OpenSSH
- OpenSSL
- procmail
- remote_cmds
- removefile
- Ruby
- Safari
- Safari Downloads
- Safari Extensions
- Safari Safe Browsing
- Security
- SMB
- SQLite
- Telephony
- Terminal
- tidy
- Time Machine
- WebKit
- WebKit CSS
- WebKit JavaScript Bindings
- WebKit Page Loading
- WebKit Plug-ins

Note that successful exploitation of the most serious issues can
result in arbitrary code execution.

See also :

https://support.apple.com/en-us/HT205267
http://www.nessus.org/u?76b3b492
http://www.nessus.org/u?c7a6ddbd

Solution :

Upgrade to Mac OS X 10.11 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.3
(CVSS2#E:POC/RL:OF/RC:ND)
Public Exploit Available : true

Family: MacOS X Local Security Checks

Nessus Plugin ID: 86270 ()

Bugtraq ID: 60440
66355
69573
70152
70154
70165
70935
71230
71621
71800
71833
71929
71932
72325
72505
72539
72541
72611
72701
73031
73037
73182
73225
73227
73306
73431
73434
74204
74228
74239
74240
74446
74457
75037
76763
76764
76765
76766

CVE ID: CVE-2013-3951
CVE-2014-2532
CVE-2014-3618
CVE-2014-6277
CVE-2014-7186
CVE-2014-7187
CVE-2014-8080
CVE-2014-8090
CVE-2014-8146
CVE-2014-8147
CVE-2014-8611
CVE-2014-9425
CVE-2014-9427
CVE-2014-9652
CVE-2014-9705
CVE-2014-9709
CVE-2015-0231
CVE-2015-0232
CVE-2015-0235
CVE-2015-0273
CVE-2015-0286
CVE-2015-0287
CVE-2015-1351
CVE-2015-1352
CVE-2015-1855
CVE-2015-2301
CVE-2015-2305
CVE-2015-2331
CVE-2015-2348
CVE-2015-2783
CVE-2015-2787
CVE-2015-3329
CVE-2015-3330
CVE-2015-3414
CVE-2015-3415
CVE-2015-3416
CVE-2015-3785
CVE-2015-3801
CVE-2015-5522
CVE-2015-5523
CVE-2015-5764
CVE-2015-5765
CVE-2015-5767
CVE-2015-5780
CVE-2015-5788
CVE-2015-5789
CVE-2015-5790
CVE-2015-5791
CVE-2015-5792
CVE-2015-5793
CVE-2015-5794
CVE-2015-5795
CVE-2015-5796
CVE-2015-5797
CVE-2015-5798
CVE-2015-5799
CVE-2015-5800
CVE-2015-5801
CVE-2015-5802
CVE-2015-5803
CVE-2015-5804
CVE-2015-5805
CVE-2015-5806
CVE-2015-5807
CVE-2015-5808
CVE-2015-5809
CVE-2015-5810
CVE-2015-5811
CVE-2015-5812
CVE-2015-5813
CVE-2015-5814
CVE-2015-5815
CVE-2015-5816
CVE-2015-5817
CVE-2015-5818
CVE-2015-5819
CVE-2015-5820
CVE-2015-5821
CVE-2015-5822
CVE-2015-5823
CVE-2015-5824
CVE-2015-5825
CVE-2015-5826
CVE-2015-5827
CVE-2015-5828
CVE-2015-5830
CVE-2015-5831
CVE-2015-5833
CVE-2015-5836
CVE-2015-5839
CVE-2015-5840
CVE-2015-5841
CVE-2015-5842
CVE-2015-5847
CVE-2015-5849
CVE-2015-5851
CVE-2015-5853
CVE-2015-5854
CVE-2015-5855
CVE-2015-5858
CVE-2015-5860
CVE-2015-5862
CVE-2015-5863
CVE-2015-5864
CVE-2015-5865
CVE-2015-5866
CVE-2015-5867
CVE-2015-5868
CVE-2015-5869
CVE-2015-5870
CVE-2015-5871
CVE-2015-5872
CVE-2015-5873
CVE-2015-5874
CVE-2015-5875
CVE-2015-5876
CVE-2015-5877
CVE-2015-5878
CVE-2015-5879
CVE-2015-5881
CVE-2015-5882
CVE-2015-5883
CVE-2015-5884
CVE-2015-5885
CVE-2015-5887
CVE-2015-5888
CVE-2015-5889
CVE-2015-5890
CVE-2015-5891
CVE-2015-5893
CVE-2015-5894
CVE-2015-5896
CVE-2015-5897
CVE-2015-5899
CVE-2015-5900
CVE-2015-5901
CVE-2015-5902
CVE-2015-5903
CVE-2015-5912
CVE-2015-5913
CVE-2015-5914
CVE-2015-5915
CVE-2015-5917
CVE-2015-5922

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now