Detections
Analytics
Mac OS X : OS X Server < 3.0 Multiple Vulnerabilities
high Nessus Plugin ID 70590
Language:
Synopsis
The remote host is missing a security update for OS X Server.Description
The remote Mac OS X host has a version of OS X Server installed that is prior to 3.0. It is, therefore, affected by the following vulnerabilities :- A denial of service vulnerability exists in the included JSON Ruby Gem, which can be abused to exhaust all available memory resources. (CVE-2013-0269)
- Multiple cross-site scripting vulnerabilities exist in the included Ruby on Rails software. (CVE-2013-1854 / CVE-2013-1855 / CVE-2013-1856 / CVE-2013-1857)
- A buffer overflow exists in the included FreeRADIUS software that can be triggered when parsing the 'not after' timestamp in a client certificate when using TLS-based EAP methods. (CVE-2012-3547)
- A logic issue exists whereby the RADIUS service could choose an incorrect certificate from a list of configured certificates.
Solution
Upgrade to Mac OS X Server version 3.0 or later.See Also
http://support.apple.com/kb/HT5999
http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html
Plugin Details
Severity: High
ID: 70590
File Name: macosx_server_3_0.nasl
Version: 1.5
Type: local
Agent: macosx
Family: MacOS X Local Security Checks
Published: 10/24/2013
Updated: 7/14/2018
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: High
Base Score: 7.5
Temporal Score: 5.5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
Vulnerability Information
CPE: cpe:/a:apple:mac_os_x_server
Required KB Items: Host/local_checks_enabled, Host/MacOSX/Version, MacOSX/Server/Version
Exploit Ease: No known exploits are available
Patch Publication Date: 10/23/2013
Vulnerability Publication Date: 9/10/2012
Reference Information
CVE: CVE-2012-3547, CVE-2013-0269, CVE-2013-1854, CVE-2013-1855, CVE-2013-1856, CVE-2013-1857, CVE-2013-5143