New! Vulnerability Priority Rating (VPR)
Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.
VPR Score: 3.7
Synopsis
The remote host is missing a security update for OS X Server.
Description
The remote Mac OS X host has a version of OS X Server installed that is prior to 5.0.15. It is, therefore, affected by the following vulnerabilities :
- A denial of service vulnerability exists due to an assertion flaw that is triggered when parsing malformed DNSSEC keys. An unauthenticated, remote attacker can exploit this, via a specially crafted query to a zone containing such a key, to cause a validating resolver to exit. (CVE-2015-5722)
- A denial of service vulnerability exists in the fromwire_openpgpkey() function in openpgpkey_61.c that is triggered when the length of data is less than 1. An unauthenticated, remote attacker can exploit this, via a specially crafted response to a query, to cause an assertion failure that terminates named. (CVE-2015-5986)
- A flaw exists in the web service component due to HTTP header field references missing from configuration files.
A remote attacker can exploit this to bypass access restrictions. (CVE-2015-7031)
Solution
Upgrade to Mac OS X Server version 5.0.15 or later.
Note that OS X Server 5.0.15 is available only for OS X 10.10.5 and OS X 10.11.1 or later.