Mac OS X : OS X Server < 3.1.2 Heap-Based Buffer Overflow

Medium Nessus Plugin ID 74124

Synopsis

The remote host is missing a security update for OS X Server.

Description

The remote Mac OS X 10.9 host has a version of OS X Server installed that is prior to 3.1.2. It is, therefore, affected by a heap-based buffer overflow vulnerability in the Ruby component that occurs when converting a string to a floating point value. A remote attacker can exploit this, via a specially crafted request to Profile Manager or to a Ruby script, to cause a denial of service condition or the execution of arbitrary code.

Solution

Upgrade to Mac OS X Server version 3.1.2 or later.

See Also

http://support.apple.com/kb/HT6248

http://www.securityfocus.com/archive/1/532166/30/0/threaded

Plugin Details

Severity: Medium

ID: 74124

File Name: macosx_server_3_1_2.nasl

Version: 1.5

Type: local

Agent: macosx

Published: 2014/05/21

Updated: 2018/07/14

Dependencies: 50680

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:apple:mac_os_x_server

Required KB Items: Host/local_checks_enabled, Host/MacOSX/Version, MacOSX/Server/Version

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2014/05/20

Vulnerability Publication Date: 2013/11/22

Reference Information

CVE: CVE-2013-4164

BID: 63873

APPLE-SA: APPLE-SA-2014-15-20-1