Mac OS X : OS X Server < 3.1.2 Heap-Based Buffer Overflow
Medium Nessus Plugin ID 74124
SynopsisThe remote host is missing a security update for OS X Server.
DescriptionThe remote Mac OS X 10.9 host has a version of OS X Server installed that is prior to 3.1.2. It is, therefore, affected by a heap-based buffer overflow vulnerability in the Ruby component that occurs when converting a string to a floating point value. A remote attacker can exploit this, via a specially crafted request to Profile Manager or to a Ruby script, to cause a denial of service condition or the execution of arbitrary code.
SolutionUpgrade to Mac OS X Server version 3.1.2 or later.