ID CVE-2007-5850 Type cve Reporter NVD Modified 2017-07-28T21:33:54
Description
Heap-based buffer overflow in Desktop Services in Apple Mac OS X 10.4.11 allows user-assisted attackers to execute arbitrary code via a directory with a crafted .DS_Store file.
{"seebug": [{"lastseen": "2017-11-19T21:51:06", "_object_types": ["robots.models.base.Bulletin", "robots.models.seebug.SeebugBulletin"], "references": [], "enchantments_done": [], "description": "CVE-2007-4708\r\nCVE-2007-4709\r\nCVE-2007-4710\r\nCVE-2007-5847\r\nCVE-2007-5848\r\nCVE-2007-5849\r\nCVE-2007-5850\r\nCVE-2007-5851\r\nCVE-2007-5853\r\nCVE-2007-5854\r\nCVE-2007-5855\r\nCVE-2007-5856\r\nCVE-2007-5857\r\nCVE-2007-5859\r\nCVE-2007-5876\r\nCVE-2007-5860\r\nCVE-2007-5861\r\n\r\nThese issues affect Mac OS X and various applications, including Address Book, CFNetwork, ColorSync, CoreFoundation, CUPS, Desktop Services, iChat, IO Storage Family, Launch Services, Mail, Quick Look, Safari, Safari RSS, SMB, Software Update, Spin Tracer, Spotlight, tcpdump, and XQuery.\r\n\r\nAttackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers.\r\n\r\nApple Mac OS X 10.5.1 and prior versions are vulnerable to these issues. \n\nrPath rPath Linux 1\r\nApple Mac OS X Server 10.5.1 \r\nApple Mac OS X Server 10.4.11 \r\nApple Mac OS X Server 10.4.10 \r\nApple Mac OS X Server 10.4.9 \r\nApple Mac OS X Server 10.4.8 \r\nApple Mac OS X Server 10.4.7 \r\nApple Mac OS X Server 10.4.6 \r\nApple Mac OS X Server 10.4.5 \r\nApple Mac OS X Server 10.4.4 \r\nApple Mac OS X Server 10.4.3 \r\nApple Mac OS X Server 10.4.2 \r\nApple Mac OS X Server 10.4.1 \r\nApple Mac OS X Server 10.4 \r\nApple Mac OS X Server 10.5\r\nApple Mac OS X 10.5.1 \r\nApple Mac OS X 10.4.11 \r\nApple Mac OS X 10.4.10 \r\nApple Mac OS X 10.4.9 \r\nApple Mac OS X 10.4.8 \r\nApple Mac OS X 10.4.7 \r\nApple Mac OS X 10.4.6 \r\nApple Mac OS X 10.4.5 \r\nApple Mac OS X 10.4.4 \r\nApple Mac OS X 10.4.3 \r\nApple Mac OS X 10.4.2 \r\nApple Mac OS X 10.4.1 \r\nApple Mac OS X 10.4 \r\nApple Mac OS X 10.5\r\n\n Apple Mac OS X Server 10.4.11 \r\n\r\nApple Security Update 2007-009 (10.4.11 PPC)\r\n<a href=http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16521&cat= target=_blank>http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16521&cat=</a> 1&platform=osx&method=sa/SecUpd2007-009Univ.dmg\r\n\r\nApple Security Update 2007-009 (10.4.11 Universal)\r\n<a href=http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16521&cat= target=_blank>http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16521&cat=</a> 1&platform=osx&method=sa/SecUpd2007-009Univ.dmg\r\n\r\n\r\nApple Mac OS X 10.4.11 \r\n\r\nApple Security Update 2007-009 (10.4.11 PPC)\r\n<a href=http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16521&cat= target=_blank>http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16521&cat=</a> 1&platform=osx&method=sa/SecUpd2007-009Univ.dmg\r\n\r\nApple Security Update 2007-009 (10.4.11 Universal)\r\n<a href=http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16521&cat= target=_blank>http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16521&cat=</a> 1&platform=osx&method=sa/SecUpd2007-009Univ.dmg\r\n\r\n\r\nApple Mac OS X Server 10.5.1 \r\n\r\nApple Security Update 2007-009 (10.5.1)\r\n<a href=http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16527&cat= target=_blank>http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16527&cat=</a> 1&platform=osx&method=sa/SecUpd2007-009.dmg\r\n\r\n\r\nApple Mac OS X 10.5.1 \r\n\r\nApple Security Update 2007-009 (10.5.1)\r\n<a href=http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16527&cat= target=_blank>http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16527&cat=</a> 1&platform=osx&method=sa/SecUpd2007-009.dmg", "reporter": "Root", "published": "2008-01-06T00:00:00", "type": "seebug", "title": "Apple Mac OS X v10.5.1 2007-009 Multiple Security Vulnerabilities", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2007-4708", "CVE-2007-4709", "CVE-2007-4710", "CVE-2007-5847", "CVE-2007-5848", "CVE-2007-5849", "CVE-2007-5850", "CVE-2007-5851", "CVE-2007-5853", "CVE-2007-5854", "CVE-2007-5855", "CVE-2007-5856", "CVE-2007-5857", "CVE-2007-5859", "CVE-2007-5860", "CVE-2007-5861", "CVE-2007-5876"], "_object_type": "robots.models.seebug.SeebugBulletin", "modified": "2008-01-06T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-2771", "id": "SSV:2771", "sourceData": "", "sourceHref": "", "cvss": {"score": 9.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:NONE/"}, "status": "details"}], "openvas": [{"lastseen": "2017-07-02T21:09:49", "references": [], "pluginID": "102023", "description": "The remote host is missing Security Update 2007-009.\n One or more of the following components are affected:\n\n Address Book\n CFNetwork\n ColorSync\n Core Foundation\n CUPS\n Desktop Services\n Flash Player Plug-in\n GNU Tar\n iChat\n IO Storage Family\n Launch Services\n Mail\n perl\n python\n Quick Look\n ruby\n Safari\n Safari RSS\n Samba\n Shockwave Plug-in\n SMB\n Software Update\n Spin Tracer\n Spotlight\n tcpdump\n XQuery", "edition": 1, "reporter": "Copyright (C) 2010 LSS", "published": "2010-05-12T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "Mac OS X Security Update 2007-009", "type": "openvas", "naslFamily": "Mac OS X Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5855", "CVE-2007-6165", "CVE-2007-1662", "CVE-2007-4768", "CVE-2007-4351", "CVE-2007-5857", "CVE-2007-1661", "CVE-2007-6077", "CVE-2007-4709", "CVE-2007-5848", "CVE-2007-4572", "CVE-2007-5379", "CVE-2007-4710", "CVE-2007-1659", "CVE-2006-0024", "CVE-2007-5856", "CVE-2007-4965", "CVE-2007-5770", "CVE-2007-4708", "CVE-2007-5861", "CVE-2007-1660", "CVE-2007-5476", "CVE-2007-5858", "CVE-2007-5850", "CVE-2007-5116", "CVE-2007-5860", "CVE-2007-3798", "CVE-2007-4131", "CVE-2007-4767", "CVE-2007-5859", "CVE-2007-5851", "CVE-2007-3876", "CVE-2007-5398", "CVE-2007-5854", "CVE-2007-5863", "CVE-2007-4766", "CVE-2007-1218", "CVE-2007-5847", "CVE-2007-5849", "CVE-2007-5853", "CVE-2007-5380"], "modified": "2017-02-22T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=102023", "id": "OPENVAS:102023", "sourceData": "###################################################################\n# OpenVAS Vulnerability Test\n#\n# Mac OS X Security Update 2007-009\n#\n# LSS-NVT-2010-012\n#\n# Developed by LSS Security Team <http://security.lss.hr>\n#\n# Copyright (C) 2010 LSS <http://www.lss.hr>\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public\n# License along with this program. If not, see\n# <http://www.gnu.org/licenses/>.\n###################################################################\n\ntag_solution = \"Update your Mac OS X operating system.\n\n For more information see:\n http://support.apple.com/kb/HT2012\";\n\ntag_summary = \"The remote host is missing Security Update 2007-009.\n One or more of the following components are affected:\n\n Address Book\n CFNetwork\n ColorSync\n Core Foundation\n CUPS\n Desktop Services\n Flash Player Plug-in\n GNU Tar\n iChat\n IO Storage Family\n Launch Services\n Mail\n perl\n python\n Quick Look\n ruby\n Safari\n Safari RSS\n Samba\n Shockwave Plug-in\n SMB\n Software Update\n Spin Tracer\n Spotlight\n tcpdump\n XQuery\";\n\n\nif(description)\n{\n script_id(102023);\n script_version(\"$Revision: 5394 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-22 10:22:42 +0100 (Wed, 22 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-05-12 14:48:44 +0200 (Wed, 12 May 2010)\");\n script_cve_id(\"CVE-2007-4708\",\"CVE-2007-4709\",\"CVE-2007-4710\",\"CVE-2007-5847\",\"CVE-2007-5848\",\"CVE-2007-4351\",\"CVE-2007-5849\",\"CVE-2007-5850\",\"CVE-2007-5476\",\"CVE-2007-4131\",\"CVE-2007-5851\",\"CVE-2007-5853\",\"CVE-2007-5854\",\"CVE-2007-6165\",\"CVE-2007-5855\",\"CVE-2007-5116\",\"CVE-2007-4965\",\"CVE-2007-5856\",\"CVE-2007-5857\",\"CVE-2007-5770\",\"CVE-2007-5379\",\"CVE-2007-5380\",\"CVE-2007-6077\",\"CVE-2007-5858\",\"CVE-2007-5859\",\"CVE-2007-4572\",\"CVE-2007-5398\",\"CVE-2006-0024\",\"CVE-2007-3876\",\"CVE-2007-5863\",\"CVE-2007-5860\",\"CVE-2007-5861\",\"CVE-2007-1218\",\"CVE-2007-3798\",\"CVE-2007-1659\",\"CVE-2007-1660\",\"CVE-2007-1661\",\"CVE-2007-1662\",\"CVE-2007-4766\",\"CVE-2007-4767\",\"CVE-2007-4768\");\n script_name(\"Mac OS X Security Update 2007-009\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2010 LSS\");\n script_family(\"Mac OS X Local Security Checks\");\n script_require_ports(\"Services/ssh\", 22);\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\",\"ssh/login/osx_version\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"pkg-lib-macosx.inc\");\ninclude(\"version_func.inc\");\n\nssh_osx_name = get_kb_item(\"ssh/login/osx_name\");\nif (!ssh_osx_name) exit (0);\n\nssh_osx_ver = get_kb_item(\"ssh/login/osx_version\");\nif (!ssh_osx_ver) exit (0);\n\nssh_osx_rls = ssh_osx_name + ' ' + ssh_osx_ver;\n\npkg_for_ver = make_list(\"Mac OS X 10.4.11\",\"Mac OS X Server 10.4.11\",\"Mac OS X 10.5.1\",\"Mac OS X Server 10.5.1\");\n\nif (rlsnotsupported(rls:ssh_osx_rls, list:pkg_for_ver)) { security_message(0); exit(0);}\n\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X 10.4.11\")) {\n if (version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:osx_ver(ver:\"Mac OS X 10.4.11\"))) { security_message(0); exit(0);}\n else if ((ssh_osx_ver==osx_ver(ver:\"Mac OS X 10.4.11\")) && (isosxpkgvuln(fixed:\"com.apple.pkg.update.security.\", diff:\"2007.009\"))) { security_message(0); exit(0);}\n}\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X Server 10.4.11\")) {\n if (version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:osx_ver(ver:\"Mac OS X Server 10.4.11\"))) { security_message(0); exit(0);}\n else if ((ssh_osx_ver==osx_ver(ver:\"Mac OS X Server 10.4.11\")) && (isosxpkgvuln(fixed:\"com.apple.pkg.update.security.\", diff:\"2007.009\"))) { security_message(0); exit(0);}\n}\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X 10.5.1\")) {\n if (version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:osx_ver(ver:\"Mac OS X 10.5.1\"))) { security_message(0); exit(0);}\n else if ((ssh_osx_ver==osx_ver(ver:\"Mac OS X 10.5.1\")) && (isosxpkgvuln(fixed:\"com.apple.pkg.update.security.\", diff:\"2007.009\"))) { security_message(0); exit(0);}\n}\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X Server 10.5.1\")) {\n if (version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:osx_ver(ver:\"Mac OS X Server 10.5.1\"))) { security_message(0); exit(0);}\n else if ((ssh_osx_ver==osx_ver(ver:\"Mac OS X Server 10.5.1\")) && (isosxpkgvuln(fixed:\"com.apple.pkg.update.security.\", diff:\"2007.009\"))) { security_message(0); exit(0);}\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-02T00:05:20", "references": ["http://support.apple.com/kb/HT2012"], "pluginID": "1361412562310102023", "description": "The remote host is missing Security Update 2007-009.", "edition": 4, "reporter": "Copyright (C) 2010 LSS", "published": "2010-05-12T00:00:00", "title": "Mac OS X Security Update 2007-009", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Mac OS X Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5855", "CVE-2007-6165", "CVE-2007-1662", "CVE-2007-4768", "CVE-2007-4351", "CVE-2007-5857", "CVE-2007-1661", "CVE-2007-6077", "CVE-2007-4709", "CVE-2007-5848", "CVE-2007-4572", "CVE-2007-5379", "CVE-2007-4710", "CVE-2007-1659", "CVE-2006-0024", "CVE-2007-5856", "CVE-2007-4965", "CVE-2007-5770", "CVE-2007-4708", "CVE-2007-5861", "CVE-2007-1660", "CVE-2007-5476", "CVE-2007-5858", "CVE-2007-5850", "CVE-2007-5116", "CVE-2007-5860", "CVE-2007-3798", "CVE-2007-4131", "CVE-2007-4767", "CVE-2007-5859", "CVE-2007-5851", "CVE-2007-3876", "CVE-2007-5398", "CVE-2007-5854", "CVE-2007-5863", "CVE-2007-4766", "CVE-2007-1218", "CVE-2007-5847", "CVE-2007-5849", "CVE-2007-5853", "CVE-2007-5380"], "modified": "2018-06-06T00:00:00", "id": "OPENVAS:1361412562310102023", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310102023", "sourceData": "###################################################################\n# OpenVAS Vulnerability Test\n# $Id: macosx_secupd_2007-009.nasl 10090 2018-06-06 08:06:04Z cfischer $\n#\n# Mac OS X Security Update 2007-009\n#\n# LSS-NVT-2010-012\n#\n# Developed by LSS Security Team <http://security.lss.hr>\n#\n# Copyright (C) 2010 LSS <http://www.lss.hr>\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public\n# License along with this program. If not, see\n# <http://www.gnu.org/licenses/>.\n###################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.102023\");\n script_version(\"$Revision: 10090 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-06-06 10:06:04 +0200 (Wed, 06 Jun 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-05-12 14:48:44 +0200 (Wed, 12 May 2010)\");\n script_cve_id(\"CVE-2007-4708\", \"CVE-2007-4709\", \"CVE-2007-4710\", \"CVE-2007-5847\", \"CVE-2007-5848\",\n \"CVE-2007-4351\", \"CVE-2007-5849\", \"CVE-2007-5850\", \"CVE-2007-5476\", \"CVE-2007-4131\",\n \"CVE-2007-5851\", \"CVE-2007-5853\", \"CVE-2007-5854\", \"CVE-2007-6165\", \"CVE-2007-5855\",\n \"CVE-2007-5116\", \"CVE-2007-4965\", \"CVE-2007-5856\", \"CVE-2007-5857\", \"CVE-2007-5770\",\n \"CVE-2007-5379\", \"CVE-2007-5380\", \"CVE-2007-6077\", \"CVE-2007-5858\", \"CVE-2007-5859\",\n \"CVE-2007-4572\", \"CVE-2007-5398\", \"CVE-2006-0024\", \"CVE-2007-3876\", \"CVE-2007-5863\",\n \"CVE-2007-5860\", \"CVE-2007-5861\", \"CVE-2007-1218\", \"CVE-2007-3798\", \"CVE-2007-1659\",\n \"CVE-2007-1660\", \"CVE-2007-1661\", \"CVE-2007-1662\", \"CVE-2007-4766\", \"CVE-2007-4767\",\n \"CVE-2007-4768\");\n script_name(\"Mac OS X Security Update 2007-009\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2010 LSS\");\n script_family(\"Mac OS X Local Security Checks\");\n script_require_ports(\"Services/ssh\", 22);\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\",\"ssh/login/osx_version\");\n\n script_xref(name:\"URL\", value:\"http://support.apple.com/kb/HT2012\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing Security Update 2007-009.\");\n\n script_tag(name:\"affected\", value:\"One or more of the following components are affected:\n\n Address Book\n\n CFNetwork\n\n ColorSync\n\n Core Foundation\n\n CUPS\n\n Desktop Services\n\n Flash Player Plug-in\n\n GNU Tar\n\n iChat\n\n IO Storage Family\n\n Launch Services\n\n Mail\n\n perl\n\n python\n\n Quick Look\n\n ruby\n\n Safari\n\n Safari RSS\n\n Samba\n\n Shockwave Plug-in\n\n SMB\n\n Software Update\n\n Spin Tracer\n\n Spotlight\n\n tcpdump\n\n XQuery\");\n\n script_tag(name:\"solution\", value:\"Update your Mac OS X operating system.\n\n For more information see:\n http://support.apple.com/kb/HT2012\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-macosx.inc\");\ninclude(\"version_func.inc\");\n\nssh_osx_name = get_kb_item(\"ssh/login/osx_name\");\nif (!ssh_osx_name) exit (0);\n\nssh_osx_ver = get_kb_item(\"ssh/login/osx_version\");\nif (!ssh_osx_ver || ssh_osx_ver !~ \"^10\\.\") exit (0);\n\nssh_osx_rls = ssh_osx_name + ' ' + ssh_osx_ver;\n\npkg_for_ver = make_list(\"Mac OS X 10.4.11\",\"Mac OS X Server 10.4.11\",\"Mac OS X 10.5.1\",\"Mac OS X Server 10.5.1\");\n\nif (rlsnotsupported(rls:ssh_osx_rls, list:pkg_for_ver)) { security_message(0); exit(0);}\n\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X 10.4.11\")) {\n if (version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:osx_ver(ver:\"Mac OS X 10.4.11\"))) { security_message(0); exit(0);}\n else if ((ssh_osx_ver==osx_ver(ver:\"Mac OS X 10.4.11\")) && (isosxpkgvuln(fixed:\"com.apple.pkg.update.security.\", diff:\"2007.009\"))) { security_message(0); exit(0);}\n}\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X Server 10.4.11\")) {\n if (version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:osx_ver(ver:\"Mac OS X Server 10.4.11\"))) { security_message(0); exit(0);}\n else if ((ssh_osx_ver==osx_ver(ver:\"Mac OS X Server 10.4.11\")) && (isosxpkgvuln(fixed:\"com.apple.pkg.update.security.\", diff:\"2007.009\"))) { security_message(0); exit(0);}\n}\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X 10.5.1\")) {\n if (version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:osx_ver(ver:\"Mac OS X 10.5.1\"))) { security_message(0); exit(0);}\n else if ((ssh_osx_ver==osx_ver(ver:\"Mac OS X 10.5.1\")) && (isosxpkgvuln(fixed:\"com.apple.pkg.update.security.\", diff:\"2007.009\"))) { security_message(0); exit(0);}\n}\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X Server 10.5.1\")) {\n if (version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:osx_ver(ver:\"Mac OS X Server 10.5.1\"))) { security_message(0); exit(0);}\n else if ((ssh_osx_ver==osx_ver(ver:\"Mac OS X Server 10.5.1\")) && (isosxpkgvuln(fixed:\"com.apple.pkg.update.security.\", diff:\"2007.009\"))) { security_message(0); exit(0);}\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2018-09-01T23:35:48", "references": ["http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html", "http://docs.info.apple.com/article.html?artnum=307179", "http://www.securityfocus.com/advisories/13649"], "pluginID": "29723", "description": "The remote host is running a version of Mac OS X 10.5 or 10.4 that does not have Security Update 2007-009 applied. \n\nThis update contains several security fixes for a large number of programs.", "edition": 6, "reporter": "Tenable", "published": "2007-12-18T00:00:00", "title": "Mac OS X Multiple Vulnerabilities (Security Update 2007-009)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "MacOS X Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5855", "CVE-2007-6165", "CVE-2007-1662", "CVE-2007-4768", "CVE-2007-4351", "CVE-2007-5857", "CVE-2007-1661", "CVE-2007-6077", "CVE-2007-4709", "CVE-2007-5848", "CVE-2007-4572", "CVE-2007-5379", "CVE-2007-4710", "CVE-2007-1659", "CVE-2006-0024", "CVE-2007-5856", "CVE-2007-4965", "CVE-2007-5770", "CVE-2007-4708", "CVE-2007-5861", "CVE-2007-1660", "CVE-2007-5476", "CVE-2007-5858", "CVE-2007-5850", "CVE-2007-5116", "CVE-2007-5860", "CVE-2007-3798", "CVE-2007-4131", "CVE-2007-4767", "CVE-2007-5859", "CVE-2007-5851", "CVE-2007-3876", "CVE-2007-5398", "CVE-2007-5854", "CVE-2007-5863", "CVE-2007-4766", "CVE-2007-1218", "CVE-2007-5847", "CVE-2007-5849", "CVE-2007-5853", "CVE-2007-5380"], "modified": "2018-07-14T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x"], "id": "MACOSX_SECUPD2007-009.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=29723", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(29723);\n script_version(\"1.27\");\n script_cvs_date(\"Date: 2018/07/14 1:59:35\");\n\n script_cve_id(\"CVE-2006-0024\", \"CVE-2007-1218\", \"CVE-2007-1659\", \"CVE-2007-1660\", \"CVE-2007-1661\",\n \"CVE-2007-1662\", \"CVE-2007-3798\", \"CVE-2007-3876\", \"CVE-2007-4131\", \"CVE-2007-4351\",\n \"CVE-2007-4572\", \"CVE-2007-4708\", \"CVE-2007-4709\", \"CVE-2007-4710\", \"CVE-2007-4766\",\n \"CVE-2007-4767\", \"CVE-2007-4768\", \"CVE-2007-4965\", \"CVE-2007-5116\", \"CVE-2007-5379\",\n \"CVE-2007-5380\", \"CVE-2007-5398\", \"CVE-2007-5476\", \"CVE-2007-5770\", \"CVE-2007-5847\",\n \"CVE-2007-5848\", \"CVE-2007-5849\", \"CVE-2007-5850\", \"CVE-2007-5851\", \"CVE-2007-5853\",\n \"CVE-2007-5854\", \"CVE-2007-5855\", \"CVE-2007-5856\", \"CVE-2007-5857\", \"CVE-2007-5858\",\n \"CVE-2007-5859\", \"CVE-2007-5860\", \"CVE-2007-5861\", \"CVE-2007-5863\", \"CVE-2007-6077\",\n \"CVE-2007-6165\");\n script_bugtraq_id(17106, 22772, 24965, 25417, 25696, 26096, 26268, 26274, 26346,\n 26350, 26421, 26454, 26455, 26510, 26598, 26908, 26910, 26926);\n\n script_name(english:\"Mac OS X Multiple Vulnerabilities (Security Update 2007-009)\");\n script_summary(english:\"Check for the presence of Security Update 2007-009\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a Mac OS X update that fixes various\nsecurity issues.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of Mac OS X 10.5 or 10.4 that does\nnot have Security Update 2007-009 applied. \n\nThis update contains several security fixes for a large number of\nprograms.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://docs.info.apple.com/article.html?artnum=307179\");\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.securityfocus.com/advisories/13649\");\n script_set_attribute(attribute:\"solution\", value:\"Install Security Update 2007-009.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mail.app Image Attachment Command Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_cwe_id(16, 20, 22, 79, 119, 134, 189, 200, 264, 287, 310, 362, 399);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/03/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/10/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/12/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n script_copyright(english:\"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/MacOSX/packages\", \"Host/uname\");\n exit(0);\n}\n\n\nuname = get_kb_item(\"Host/uname\");\nif ( ! uname ) exit(0);\nif ( egrep(pattern:\"Darwin.* (8\\.[0-9]\\.|8\\.1[01]\\.)\", string:uname) )\n{\n packages = get_kb_item(\"Host/MacOSX/packages\");\n if ( ! packages ) exit(0);\n if (!egrep(pattern:\"^SecUpd(Srvr)?(2007-009|200[89]-|20[1-9][0-9]-)\", string:packages))\n security_hole(0);\n}\nelse if ( egrep(pattern:\"Darwin.* (9\\.[01]\\.)\", string:uname) )\n{\n packages = get_kb_item(\"Host/MacOSX/packages/boms\");\n if ( ! packages ) exit(0);\n if ( !egrep(pattern:\"^com\\.apple\\.pkg\\.update\\.security\\.2007\\.009\\.bom\", string:packages) )\n\tsecurity_hole(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
