Mac OS X Multiple Vulnerabilities (Security Update 2010-007)

high Nessus Plugin ID 50549

Language:

New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote host is missing a Mac OS X update that fixes security issues.

Description

The remote host is running a version of Mac OS X 10.5 that does not have Security Update 2010-007 applied.

This security update contains fixes for the following products :

 - AFP Server
 - Apache mod_perl
 - ATS
 - CFNetwork
 - CoreGraphics
 - CoreText
 - CUPS
 - Directory Services
 - diskdev_cmds
 - Disk Images
 - Flash Player plug-in
 - gzip
 - ImageIO
 - Image RAW
 - MySQL
 - Password Server
 - PHP
 - Printing
 - python
 - QuickLook
 - Safari RSS
 - Wiki Server
 - X11

Solution

Install Security Update 2010-007 or later.

See Also

http://support.apple.com/kb/HT4435

http://lists.apple.com/archives/security-announce/2010/Nov/msg00000.html

Plugin Details

Severity: High

ID: 50549

File Name: macosx_SecUpd2010-007.nasl

Version: 1.48

Type: local

Agent: macosx

Published: 11/10/2010

Updated: 7/14/2018

Dependencies: ssh_get_info.nasl

Risk Information

VPR

Risk Factor: Critical

Score: 9.8

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 8.1

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: E:H/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/o:apple:mac_os_x

Required KB Items: Host/MacOSX/packages, Host/uname

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 11/10/2010

Vulnerability Publication Date: 11/10/2010

Exploitable With

CANVAS (CANVAS)

Core Impact

Metasploit (Adobe Flash Player "Button" Remote Code Execution)

ExploitHub (EH-11-164)

Reference Information

CVE: CVE-2008-4546, CVE-2009-0796, CVE-2009-0946, CVE-2009-2624, CVE-2009-3793, CVE-2009-4134, CVE-2010-0105, CVE-2010-0205, CVE-2010-0209, CVE-2010-0397, CVE-2010-1205, CVE-2010-1297, CVE-2010-1449, CVE-2010-1450, CVE-2010-1752, CVE-2010-1811, CVE-2010-1828, CVE-2010-1829, CVE-2010-1830, CVE-2010-1831, CVE-2010-1832, CVE-2010-1836, CVE-2010-1837, CVE-2010-1838, CVE-2010-1840, CVE-2010-1841, CVE-2010-1845, CVE-2010-1846, CVE-2010-1848, CVE-2010-1849, CVE-2010-1850, CVE-2010-2160, CVE-2010-2161, CVE-2010-2162, CVE-2010-2163, CVE-2010-2164, CVE-2010-2165, CVE-2010-2166, CVE-2010-2167, CVE-2010-2169, CVE-2010-2170, CVE-2010-2171, CVE-2010-2172, CVE-2010-2173, CVE-2010-2174, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2179, CVE-2010-2180, CVE-2010-2181, CVE-2010-2182, CVE-2010-2183, CVE-2010-2184, CVE-2010-2185, CVE-2010-2186, CVE-2010-2187, CVE-2010-2188, CVE-2010-2189, CVE-2010-2213, CVE-2010-2214, CVE-2010-2215, CVE-2010-2216, CVE-2010-2249, CVE-2010-2484, CVE-2010-2497, CVE-2010-2498, CVE-2010-2499, CVE-2010-2500, CVE-2010-2519, CVE-2010-2520, CVE-2010-2531, CVE-2010-2805, CVE-2010-2806, CVE-2010-2807, CVE-2010-2808, CVE-2010-2884, CVE-2010-2941, CVE-2010-3053, CVE-2010-3054, CVE-2010-3636, CVE-2010-3638, CVE-2010-3639, CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, CVE-2010-3652, CVE-2010-3654, CVE-2010-3783, CVE-2010-3784, CVE-2010-3785, CVE-2010-3796, CVE-2010-3797, CVE-2010-3976, CVE-2010-4010

BID: 31537, 34383, 34550, 38478, 39658, 40361, 40363, 40365, 40586, 40779, 40780, 40781, 40782, 40783, 40784, 40785, 40786, 40787, 40788, 40789, 40790, 40791, 40792, 40793, 40794, 40795, 40796, 40797, 40798, 40799, 40800, 40801, 40802, 40803, 40805, 40806, 40807, 40808, 40809, 41049, 41174, 42285, 42621, 42624, 44504, 44530, 44671, 44729, 44800, 44802, 44804, 44806, 44807, 44808, 44812, 44814, 44815, 44816, 44817, 44819, 44822, 44829, 44832, 44833, 44835, 99999

CWE: 20, 79, 189, 399