Mac OS X < 10.6.3 Multiple Vulnerabilities

Critical Nessus Network Monitor Plugin ID 5489

Synopsis

The remote host is missing a Mac OS X update that fixes various security issues.

Description

The remote host is running a version of Mac OS X 10.6 that is older than version 10.6.3. Mac OS X 10.6.3 contains security fixes for the following products :

- AFP Server

- Apache

- CoreAudio

- CoreMedia

- CoreTypes

- CUPS

- DesktopServices

- Disk Images

- Directory Services

- Dovecot

- Event Monitor

- FreeRADIUS

- FTP Server

- iChat Server

- ImageIO

- Image RAW

- Libsystem

- Mail

- MySQL

- OS Services

- Password Server

- PHP

- Podcast Producer

- Preferences

- PS Normalizer

- QuickTime

- Ruby

- Server Admin

- SMB

- Tomcat

- Wiki Server

- X11

Solution

Upgrade to Mac OS X 10.6.3 or later.

See Also

http://support.apple.com/kb/HT4077

http://lists.apple.com/archives/security-announce/2010/mar/msg00001.html

Plugin Details

Severity: Critical

ID: 5489

File Name: 5489.prm

Family: Generic

Published: 2010/03/30

Modified: 2017/02/02

Dependencies: 1735, 8314

Nessus ID: 45372, 45373, 45381, 45440

Risk Information

Risk Factor: Critical

CVSSv2

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

CVSSv3

Base Score: 9.8

Temporal Score: 9.1

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS3#E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:apple:mac_os_x

Patch Publication Date: 2010/03/29

Vulnerability Publication Date: 2010/03/29

Exploitable With

CANVAS (D2ExploitPack)

Core Impact

Reference Information

CVE: CVE-2003-0063, CVE-2006-1329, CVE-2008-4456, CVE-2008-5515, CVE-2008-7247, CVE-2009-0033, CVE-2009-0580, CVE-2009-0689, CVE-2009-0781, CVE-2009-0783, CVE-2009-1904, CVE-2009-2042, CVE-2009-2417, CVE-2009-2422, CVE-2009-2446, CVE-2009-2693, CVE-2009-2901, CVE-2009-2902, CVE-2009-2906, CVE-2009-3009, CVE-2009-3095, CVE-2009-3557, CVE-2009-3558, CVE-2009-3559, CVE-2009-4017, CVE-2009-4019, CVE-2009-4030, CVE-2009-4214, CVE-2010-0041, CVE-2010-0042, CVE-2010-0043, CVE-2010-0057, CVE-2010-0059, CVE-2010-0060, CVE-2010-0062, CVE-2010-0063, CVE-2010-0064, CVE-2010-0065, CVE-2010-0393, CVE-2010-0497, CVE-2010-0498, CVE-2010-0500, CVE-2010-0501, CVE-2010-0502, CVE-2010-0504, CVE-2010-0505, CVE-2010-0507, CVE-2010-0508, CVE-2010-0509, CVE-2010-0510, CVE-2010-0511, CVE-2010-0512, CVE-2010-0513, CVE-2010-0514, CVE-2010-0515, CVE-2010-0516, CVE-2010-0517, CVE-2010-0518, CVE-2010-0519, CVE-2010-0520, CVE-2010-0521, CVE-2010-0524, CVE-2010-0525, CVE-2010-0526, CVE-2010-0533, CVE-2010-0534, CVE-2010-0535, CVE-2010-0537

BID: 6940, 17155, 31486, 35193, 35196, 35233, 35263, 35278, 35416, 35510, 35579, 35609, 36032, 36278, 36573, 37142, 37942, 37944, 37945, 38043, 38524, 38673, 38676, 38677, 39020, 39151, 39152, 39153, 39154, 39155, 39156, 39157, 39159, 39160, 39161, 39163, 39165, 39166, 39167, 39169, 39171, 39172, 39175, 39194, 39230, 39231, 39232, 39236, 39245, 39252, 39255, 39256, 39258, 39264, 39268, 39273, 39274, 39277, 39278, 39281, 39291, 39292

OSVDB: 24009, 54915, 55031, 55053, 55054, 55055, 55056, 55603, 55664, 55734, 56994, 57666, 58519, 60554, 62052, 62053, 62054, 62715, 62934, 62935, 62936, 63369, 63378, 63400, 63401, 63402, 63403, 63404, 63405, 63406, 63408, 63409, 63639

IAVA: 2011-A-0066