Mac OS X < 10.4.9 Multiple Vulnerabilities (Security Update 2007-003)

Critical Nessus Plugin ID 24811

Synopsis

The remote host is missing a Mac OS X update which fixes a security issue.

Description

The remote host is running a version of Mac OS X 10.4 which is older than version 10.4.9 or a version of Mac OS X 10.3 which does not have Security Update 2007-003 applied.

This update contains several security fixes for the following programs :

- ColorSync
- CoreGraphics
- Crash Reporter
- CUPS
- Disk Images
- DS Plugins
- Flash Player
- GNU Tar
- HFS
- HID Family
- ImageIO
- Kernel
- MySQL server
- Networking
- OpenSSH
- Printing
- QuickDraw Manager
- servermgrd
- SMB File Server
- Software Update
- sudo
- WebLog

Solution

Mac OS X 10.4 : Upgrade to Mac OS X 10.4.9 :

http://www.apple.com/support/downloads/macosxserver1049updateppc.html http://www.apple.com/support/downloads/macosx1049updateintel.html http://www.apple.com/support/downloads/macosxserver1049updateuniversal.html

Mac OS X 10.3 : Apply Security Update 2007-003 :

http://www.apple.com/support/downloads/securityupdate20070031039client.html http://www.apple.com/support/downloads/securityupdate20070031039server.html

See Also

http://docs.info.apple.com/article.html?artnum=305214

Plugin Details

Severity: Critical

ID: 24811

File Name: macosx_10_4_9.nasl

Version: 1.29

Type: combined

Agent: macosx

Published: 2007/03/13

Updated: 2018/07/14

Dependencies: 11936, 12634

Risk Information

Risk Factor: Critical

CVSS v2.0

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/o:apple:mac_os_x

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2007/03/13

Vulnerability Publication Date: 2005/09/28

Reference Information

CVE: CVE-2007-0719, CVE-2007-0467, CVE-2007-0720, CVE-2007-0721, CVE-2007-0722, CVE-2006-6061, CVE-2006-6062, CVE-2006-5679, CVE-2007-0229, CVE-2007-0267, CVE-2007-0299, CVE-2007-0723, CVE-2006-5330, CVE-2006-0300, CVE-2006-6097, CVE-2007-0318, CVE-2007-0724, CVE-2007-1071, CVE-2007-0733, CVE-2006-5836, CVE-2006-6129, CVE-2006-6173, CVE-2006-1516, CVE-2006-1517, CVE-2006-2753, CVE-2006-3081, CVE-2006-4031, CVE-2006-4226, CVE-2006-3469, CVE-2006-6130, CVE-2007-0236, CVE-2007-0726, CVE-2006-0225, CVE-2006-4924, CVE-2006-5051, CVE-2006-5052, CVE-2007-0728, CVE-2007-0588, CVE-2007-0730, CVE-2007-0731, CVE-2007-0463, CVE-2005-2959, CVE-2006-4829

BID: 20982, 21236, 21291, 21349, 22041, 22948

CWE: 79, 119, 362, 399