Mac OS X : OS X Server < 3.2.1 Multiple Vulnerabilities
High Nessus Plugin ID 77758
SynopsisThe remote host is missing a security update for OS X Server.
DescriptionThe remote Mac OS X 10.9 host has a version of OS X Server installed that is prior to version 3.2.1. It is, therefore, affected by the following vulnerabilities :
- Multiple vulnerabilities exist within the included PostgreSQL, the more serious of these allow remote code execution or denial of service. (CVE-2014-0060, CVE-2014-0061, CVE-2014-0062, CVE-2014-0063, CVE-2014-0064, CVE-2014-0065, CVE-2014-0066)
- A cross-site scripting vulnerability exists within the Xcode Server. Using a specially crafted website, a remote attacker can exploit this to execute arbitrary code within the server / browser trust relationship.
- A SQL injection vulnerability exists in the Wiki Server due to the improper validation of SQL queries. A remote attacker can exploit this to inject or manipulate SQL queries on the back-end database. (CVE-2014-4424)
SolutionUpgrade to Mac OS X Server version 3.2.1 or later.