Mac OS X 10.6.x < 10.6.8 Multiple Vulnerabilities

critical Nessus Plugin ID 55416

Language:

New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote host is missing a Mac OS X update that fixes several security issues.

Description

The remote host is running a version of Mac OS X 10.6.x that is prior to 10.6.8. This update contains security-related fixes for the following components :

 - App Store
 - ATS
 - Certificate Trust Policy
 - CoreFoundation
 - CoreGraphics
 - FTP Server
 - ImageIO
 - International Components for Unicode
 - Kernel
 - Libsystem
 - libxslt
 - MobileMe
 - MySQL
 - OpenSSL
 - patch
 - QuickLook
 - QuickTime
 - Samba
 - servermgrd
 - subversion

Solution

Upgrade to Mac OS X 10.6.8 or later.

See Also

http://support.apple.com/kb/HT4723

http://lists.apple.com/archives/security-announce/2011/Jun/msg00000.html

Plugin Details

Severity: Critical

ID: 55416

File Name: macosx_10_6_8.nasl

Version: 1.20

Type: combined

Agent: macosx

Published: 6/24/2011

Updated: 8/22/2018

Dependencies: ssh_get_info.nasl, os_fingerprint.nasl

Risk Information

VPR

Risk Factor: High

Score: 8.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.7

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: E:H/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/o:apple:mac_os_x

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/23/2011

Vulnerability Publication Date: 2/23/2010

Reference Information

CVE: CVE-2009-3245, CVE-2010-0740, CVE-2010-2632, CVE-2010-3677, CVE-2010-3682, CVE-2010-3790, CVE-2010-3833, CVE-2010-3834, CVE-2010-3835, CVE-2010-3836, CVE-2010-3837, CVE-2010-3838, CVE-2010-3864, CVE-2010-4180, CVE-2010-4651, CVE-2011-0014, CVE-2011-0195, CVE-2011-0197, CVE-2011-0198, CVE-2011-0199, CVE-2011-0201, CVE-2011-0202, CVE-2011-0203, CVE-2011-0204, CVE-2011-0205, CVE-2011-0206, CVE-2011-0207, CVE-2011-0208, CVE-2011-0209, CVE-2011-0210, CVE-2011-0211, CVE-2011-0212, CVE-2011-0213, CVE-2011-0715, CVE-2011-0719, CVE-2011-1132

BID: 38562, 39013, 42599, 42646, 43676, 43819, 44794, 44884, 45164, 46264, 46597, 46734, 46768, 47668, 48418, 48419, 48420, 48422, 48426, 48427, 48429, 48430, 48436, 48437, 48439, 48440, 48442, 48443, 48444, 48445, 48447

CWE: 20