Apple Remote Desktop < 3.5.4 / 3.7 Multiple Vulnerabilities (Mac OS X)

high Nessus Plugin ID 70609
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The Mac OS X host has a remote management application that is potentially affected by multiple vulnerabilities.

Description

According to its version, the Apple Remote Desktop install on the remote host is earlier than 3.5.4 / 3.7. As such, it is potentially affected the following vulnerabilities :

- A format string vulnerability exists in Remote Desktop's handling of a VNC username. (CVE-2013-5135)

- An information disclosure vulnerability exists because Remote Desktop may use password authentication without warning that the connection would be encrypted if a third-party VNC server supports certain authentication types. Note that this does not affect installs of version 3.5.x or earlier. (CVE_2013-5136)

- An authentication bypass vulnerability exists due to a flaw in the full-screen feature that is triggered when handling text entered in the dialog box upon recovering from sleep mode with a remote connection alive. A local attacker can exploit this to bypass intended access restrictions. (CVE-2013-5229)

Solution

Upgrade to Apple Remote Desktop 3.5.4 / 3.7 or later.

See Also

http://support.apple.com/kb/HT5997

http://support.apple.com/kb/HT5998

http://lists.apple.com/archives/security-announce/2013/Oct/msg00007.html

http://lists.apple.com/archives/security-announce/2013/Oct/msg00008.html

Plugin Details

Severity: High

ID: 70609

File Name: macosx_remote_desktop_3_7.nasl

Version: 1.8

Type: local

Agent: macosx

Published: 10/25/2013

Updated: 11/27/2019

Dependencies: ssh_get_info.nasl

Risk Information

CVSS Score Source: CVE-2013-5135

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:apple:apple_remote_desktop

Required KB Items: Host/local_checks_enabled, Host/MacOSX/Version

Exploit Ease: No known exploits are available

Patch Publication Date: 10/22/2013

Vulnerability Publication Date: 10/22/2013

Reference Information

CVE: CVE-2013-5135, CVE-2013-5136, CVE-2013-5229

BID: 63284, 63286

APPLE-SA: APPLE-SA-2013-10-22-6, APPLE-SA-2013-10-22-7