ID CVE-2014-8834 Type cve Reporter cve@mitre.org Modified 2017-09-08T01:29:00
Description
UserAccountUpdater in Apple OS X 10.10 before 10.10.2 stores a PDF document's password in a printing preference file, which allows local users to obtain sensitive information by reading a file.
{"openvas": [{"lastseen": "2019-05-29T18:36:56", "bulletinFamily": "scanner", "description": "This host is running Apple Mac OS X and\n is prone to multiple vulnerabilities.", "modified": "2019-05-03T00:00:00", "published": "2015-03-05T00:00:00", "id": "OPENVAS:1361412562310805483", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805483", "title": "Apple Mac OS X Multiple Vulnerabilities -01 Mar15", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apple Mac OS X Multiple Vulnerabilities -01 Mar15\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805483\");\n script_version(\"2019-05-03T08:55:39+0000\");\n script_cve_id(\"CVE-2014-8838\", \"CVE-2014-8837\", \"CVE-2014-8835\", \"CVE-2014-8834\",\n \"CVE-2014-8833\", \"CVE-2014-8832\", \"CVE-2014-8831\", \"CVE-2014-8830\",\n \"CVE-2014-8829\", \"CVE-2014-8828\", \"CVE-2014-8827\", \"CVE-2014-8826\",\n \"CVE-2014-8825\", \"CVE-2014-8824\", \"CVE-2014-8823\", \"CVE-2014-8822\",\n \"CVE-2014-8821\", \"CVE-2014-8820\", \"CVE-2014-8819\", \"CVE-2014-8817\",\n \"CVE-2014-8816\", \"CVE-2014-4499\", \"CVE-2014-4498\", \"CVE-2014-4497\");\n script_bugtraq_id(72328);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-05-03 08:55:39 +0000 (Fri, 03 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2015-03-05 17:54:00 +0530 (Thu, 05 Mar 2015)\");\n script_name(\"Apple Mac OS X Multiple Vulnerabilities -01 Mar15\");\n\n script_tag(name:\"summary\", value:\"This host is running Apple Mac OS X and\n is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"For more details about the\n vulnerabilities, refer the reference section.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n attackers to bypass sandbox restrictions, execution of arbitrary code,\n information disclosure, privilege escalation and conduct denial of service.\");\n\n script_tag(name:\"affected\", value:\"Apple Mac OS X version 10.10.x through\n 10.10.1, 10.8.x through 10.8.5 and 10.9.x through 10.9.5\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apple Mac OS X version 10.10.2\n or later or apply security update 2015-001 for 10.8.x and 10.9.x versions. Please see the references for more information.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-us/HT204244\");\n script_xref(name:\"URL\", value:\"http://www.securitytracker.com/id/1031650\");\n script_xref(name:\"URL\", value:\"http://www.securitytracker.com/id/1031521\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\", \"ssh/login/osx_version\", re:\"ssh/login/osx_version=^10\\.([89]|10)\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nosName = get_kb_item(\"ssh/login/osx_name\");\nif(!osName)\n exit(0);\n\nosVer = get_kb_item(\"ssh/login/osx_version\");\nif(!osVer || osVer !~ \"^10\\.([89]|10)\" || \"Mac OS X\" >!< osName){\n exit(0);\n}\n\nif((osVer == \"10.9.5\") || (osVer == \"10.8.5\"))\n{\n buildVer = get_kb_item(\"ssh/login/osx_build\");\n if(!buildVer){\n exit(0);\n }\n\n if(osVer == \"10.9.5\" && version_is_less(version:buildVer, test_version:\"13F34\"))\n {\n fix = \"Apply Security Update 2015-001\";\n osVer = osVer + \" Build \" + buildVer;\n }\n\n else if(osVer == \"10.8.5\" && version_is_less(version:buildVer, test_version:\"12F1107\"))\n {\n fix = \"Apply Security Update 2015-001\";\n osVer = osVer + \" Build \" + buildVer;\n }\n}\n\nif(osVer =~ \"^10\\.9\")\n{\n if(version_is_less(version:osVer, test_version:\"10.9.5\")){\n fix = \"Upgrade to latest OS release 10.9.5 and apply patch from vendor\";\n }\n}\nelse if(osVer =~ \"^10\\.8\")\n{\n if(version_is_less(version:osVer, test_version:\"10.8.5\")){\n fix = \"Upgrade to latest OS release 10.8.5 and apply patch from vendor\";\n }\n}\n\nelse if(osVer =~ \"^10\\.10\")\n{\n if(version_is_less(version:osVer, test_version:\"10.10.2\")){\n fix = \"10.10.2\";\n }\n}\n\nif(fix)\n{\n report = report_fixed_ver(installed_version:osVer, fixed_version:fix);\n security_message(data:report);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:57", "bulletinFamily": "software", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nAPPLE-SA-2015-01-27-4 OS X 10.10.2 and Security Update 2015-001\r\n\r\nOS X 10.10.2 and Security Update 2015-001 are now available and\r\naddress the following:\r\n\r\nAFP Server\r\nAvailable for: OS X Mavericks v10.9.5\r\nImpact: A remote attacker may be able to determine all the network\r\naddresses of the system\r\nDescription: The AFP file server supported a command which returned\r\nall the network addresses of the system. This issue was addressed by\r\nremoving the addresses from the result.\r\nCVE-ID\r\nCVE-2014-4426 : Craig Young of Tripwire VERT\r\n\r\nbash\r\nAvailable for: OS X Yosemite v10.10 and v10.10.1\r\nImpact: Multiple vulnerabilities in bash, including one that may\r\nallow local attackers to execute arbitrary code\r\nDescription: Multiple vulnerabilities existed in bash. These issues\r\nwere addressed by updating bash to patch level 57.\r\nCVE-ID\r\nCVE-2014-6277\r\nCVE-2014-7186\r\nCVE-2014-7187\r\n\r\nBluetooth\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: An integer signedness error existed in\r\nIOBluetoothFamily which allowed manipulation of kernel memory. This\r\nissue was addressed through improved bounds checking. This issue does\r\nnot affect OS X Yosemite systems.\r\nCVE-ID\r\nCVE-2014-4497\r\n\r\nBluetooth\r\nAvailable for: OS X Yosemite v10.10 and v10.10.1\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: An error existed in the Bluetooth driver that allowed a\r\nmalicious application to control the size of a write to kernel\r\nmemory. The issue was addressed through additional input validation.\r\nCVE-ID\r\nCVE-2014-8836 : Ian Beer of Google Project Zero\r\n\r\nBluetooth\r\nAvailable for: OS X Yosemite v10.10 and v10.10.1\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: Multiple security issues existed in the Bluetooth\r\ndriver, allowing a malicious application to execute arbitrary code\r\nwith system privilege. The issues were addressed through additional\r\ninput validation.\r\nCVE-ID\r\nCVE-2014-8837 : Roberto Paleari and Aristide Fattori of Emaze\r\nNetworks\r\n\r\nCFNetwork Cache\r\nAvailable for: OS X Yosemite v10.10 and v10.10.1\r\nImpact: Website cache may not be fully cleared after leaving private\r\nbrowsing\r\nDescription: A privacy issue existed where browsing data could\r\nremain in the cache after leaving private browsing. This issue was\r\naddressed through a change in caching behavior.\r\nCVE-ID\r\nCVE-2014-4460\r\n\r\nCoreGraphics\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 and v10.10.1\r\nImpact: Opening a maliciously crafted PDF file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: An integer overflow existed in the handling of PDF\r\nfiles. This issue was addressed through improved bounds checking.\r\nCVE-ID\r\nCVE-2014-4481 : Felipe Andres Manzano of the Binamuse VRT, via the\r\niSIGHT Partners GVP Program\r\n\r\nCPU Software\r\nAvailable for: OS X Yosemite v10.10 and v10.10.1,\r\nfor: MacBook Pro Retina, MacBook Air (Mid 2013 and later),\r\niMac (Late 2013 and later), Mac Pro (Late 2013)\r\nImpact: A malicious Thunderbolt device may be able to affect\r\nfirmware flashing\r\nDescription: Thunderbolt devices could modify the host firmware if\r\nconnected during an EFI update. This issue was addressed by not\r\nloading option ROMs during updates.\r\nCVE-ID\r\nCVE-2014-4498 : Trammell Hudson of Two Sigma Investments\r\n\r\nCommerceKit Framework\r\nAvailable for: OS X Yosemite v10.10 and v10.10.1\r\nImpact: An attacker with access to a system may be able to recover\r\nApple ID credentials\r\nDescription: An issue existed in the handling of App Store logs. The\r\nApp Store process could log Apple ID credentials in the log when\r\nadditional logging was enabled. This issue was addressed by\r\ndisallowing logging of credentials.\r\nCVE-ID\r\nCVE-2014-4499 : Sten Petersen\r\n\r\nCoreGraphics\r\nAvailable for: OS X Yosemite v10.10 and v10.10.1\r\nImpact: Some third-party applications with non-secure text entry and\r\nmouse events may log those events\r\nDescription: Due to the combination of an uninitialized variable and\r\nan application's custom allocator, non-secure text entry and mouse\r\nevents may have been logged. This issue was addressed by ensuring\r\nthat logging is off by default. This issue did not affect systems\r\nprior to OS X Yosemite.\r\nCVE-ID\r\nCVE-2014-1595 : Steven Michaud of Mozilla working with Kent Howard\r\n\r\nCoreGraphics\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5\r\nImpact: Opening a maliciously crafted PDF file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the handling of\r\nPDF files. The issue was addressed through improved bounds checking.\r\nThis issue does not affect OS X Yosemite systems.\r\nCVE-ID\r\nCVE-2014-8816 : Mike Myers, of Digital Operatives LLC\r\n\r\nCoreSymbolication\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 and v10.10.1\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: Multiple type confusion issues existed in\r\ncoresymbolicationd's handling of XPC messages. These issues were\r\naddressed through improved type checking.\r\nCVE-ID\r\nCVE-2014-8817 : Ian Beer of Google Project Zero\r\n\r\nFontParser\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 and v10.10.1\r\nImpact: Processing a maliciously crafted .dfont file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the handling of\r\n.dfont files. This issue was addressed through improved bounds\r\nchecking.\r\nCVE-ID\r\nCVE-2014-4484 : Gaurav Baruah working with HP's Zero Day Initiative\r\n\r\nFontParser\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 and v10.10.1\r\nImpact: Opening a maliciously crafted PDF file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in the handling of font\r\nfiles. This issue was addressed through improved bounds checking.\r\nCVE-ID\r\nCVE-2014-4483 : Apple\r\n\r\nFoundation\r\nAvailable for: OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 and v10.10.1\r\nImpact: Viewing a maliciously crafted XML file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in the XML parser. This issue\r\nwas addressed through improved bounds checking.\r\nCVE-ID\r\nCVE-2014-4485 : Apple\r\n\r\nIntel Graphics Driver\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 and v10.10.1\r\nImpact: Multiple vulnerabilities in Intel graphics driver\r\nDescription: Multiple vulnerabilities existed in the Intel graphics\r\ndriver, the most serious of which may have led to arbitrary code\r\nexecution with system privileges. This update addresses the issues\r\nthrough additional bounds checks.\r\nCVE-ID\r\nCVE-2014-8819 : Ian Beer of Google Project Zero\r\nCVE-2014-8820 : Ian Beer of Google Project Zero\r\nCVE-2014-8821 : Ian Beer of Google Project Zero\r\n\r\nIOAcceleratorFamily\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 and v10.10.1\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A null pointer dereference existed in\r\nIOAcceleratorFamily's handling of certain IOService userclient types.\r\nThis issue was addressed through improved validation of\r\nIOAcceleratorFamily contexts.\r\nCVE-ID\r\nCVE-2014-4486 : Ian Beer of Google Project Zero\r\n\r\nIOHIDFamily\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 and v10.10.1\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A buffer overflow existed in IOHIDFamily. This issue\r\nwas addressed with improved bounds checking.\r\nCVE-ID\r\nCVE-2014-4487 : TaiG Jailbreak Team\r\n\r\nIOHIDFamily\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 and v10.10.1\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A validation issue existed in IOHIDFamily's handling of\r\nresource queue metadata. This issue was addressed through improved\r\nvalidation of metadata.\r\nCVE-ID\r\nCVE-2014-4488 : Apple\r\n\r\nIOHIDFamily\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 and v10.10.1\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A null pointer dereference existed in IOHIDFamily's\r\nhandling of event queues. This issue was addressed through improved\r\nvalidation of IOHIDFamily event queue initialization.\r\nCVE-ID\r\nCVE-2014-4489 : @beist\r\n\r\nIOHIDFamily\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 and v10.10.1\r\nImpact: Executing a malicious application may result in arbitrary\r\ncode execution within the kernel\r\nDescription: A bounds checking issue existed in a user client vended\r\nby the IOHIDFamily driver which allowed a malicious application to\r\noverwrite arbitrary portions of the kernel address space. The issue\r\nis addressed by removing the vulnerable user client method.\r\nCVE-ID\r\nCVE-2014-8822 : Vitaliy Toropov working with HP's Zero Day Initiative\r\n\r\nIOKit\r\nAvailable for: OS X Yosemite v10.10 and v10.10.1\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: An integer overflow existed in the handling of IOKit\r\nfunctions. This issue was addressed through improved validation of\r\nIOKit API arguments.\r\nCVE-ID\r\nCVE-2014-4389 : Ian Beer of Google Project Zero\r\n\r\nIOUSBFamily\r\nAvailable for: OS X Yosemite v10.10 and v10.10.1\r\nImpact: A privileged application may be able to read arbitrary data\r\nfrom kernel memory\r\nDescription: A memory access issue existed in the handling of IOUSB\r\ncontroller user client functions. This issue was addressed through\r\nimproved argument validation.\r\nCVE-ID\r\nCVE-2014-8823 : Ian Beer of Google Project Zero\r\n\r\nKernel\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 and v10.10.1\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: Specifying a custom cache mode allowed writing to\r\nkernel read-only shared memory segments. This issue was addressed by\r\nnot granting write permissions as a side-effect of some custom cache\r\nmodes.\r\nCVE-ID\r\nCVE-2014-4495 : Ian Beer of Google Project Zero\r\n\r\nKernel\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 and v10.10.1\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A validation issue existed in the handling of certain\r\nmetadata fields of IODataQueue objects. This issue was addressed\r\nthrough improved validation of metadata.\r\nCVE-ID\r\nCVE-2014-8824 : @PanguTeam\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 and v10.10.1\r\nImpact: A local attacker can spoof directory service responses to\r\nthe kernel, elevate privileges, or gain kernel execution\r\nDescription: Issues existed in identitysvc validation of the\r\ndirectory service resolving process, flag handling, and error\r\nhandling. This issue was addressed through improved validation.\r\nCVE-ID\r\nCVE-2014-8825 : Alex Radocea of CrowdStrike\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 and v10.10.1\r\nImpact: A local user may be able to determine kernel memory layout\r\nDescription: Multiple uninitialized memory issues existed in the\r\nnetwork statistics interface, which led to the disclosure of kernel\r\nmemory content. This issue was addressed through additional memory\r\ninitialization.\r\nCVE-ID\r\nCVE-2014-4371 : Fermin J. Serna of the Google Security Team\r\nCVE-2014-4419 : Fermin J. Serna of the Google Security Team\r\nCVE-2014-4420 : Fermin J. Serna of the Google Security Team\r\nCVE-2014-4421 : Fermin J. Serna of the Google Security Team\r\n\r\nKernel\r\nAvailable for: OS X Mavericks v10.9.5\r\nImpact: A person with a privileged network position may cause a\r\ndenial of service\r\nDescription: A race condition issue existed in the handling of IPv6\r\npackets. This issue was addressed through improved lock state\r\nchecking.\r\nCVE-ID\r\nCVE-2011-2391\r\n\r\nKernel\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 and v10.10.1\r\nImpact: Maliciously crafted or compromised applications may be able\r\nto determine addresses in the kernel\r\nDescription: An information disclosure issue existed in the handling\r\nof APIs related to kernel extensions. Responses containing an\r\nOSBundleMachOHeaders key may have included kernel addresses, which\r\nmay aid in bypassing address space layout randomization protection.\r\nThis issue was addressed by unsliding the addresses before returning\r\nthem.\r\nCVE-ID\r\nCVE-2014-4491 : @PanguTeam, Stefan Esser\r\n\r\nKernel\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 and v10.10.1\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A validation issue existed in the handling of certain\r\nmetadata fields of IOSharedDataQueue objects. This issue was\r\naddressed through relocation of the metadata.\r\nCVE-ID\r\nCVE-2014-4461 : @PanguTeam\r\n\r\nLaunchServices\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 and v10.10.1\r\nImpact: A malicious JAR file may bypass Gatekeeper checks\r\nDescription: An issue existed in the handling of application\r\nlaunches which allowed certain malicious JAR files to bypass\r\nGatekeeper checks. This issue was addressed through improved handling\r\nof file type metadata.\r\nCVE-ID\r\nCVE-2014-8826 : Hernan Ochoa of Amplia Security\r\n\r\nlibnetcore\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 and v10.10.1\r\nImpact: A malicious, sandboxed app can compromise the networkd\r\ndaemon\r\nDescription: Multiple type confusion issues existed in networkd's\r\nhandling of interprocess communication. By sending networkd a\r\nmaliciously formatted message, it may have been possible to execute\r\narbitrary code as the networkd process. The issue is addressed\r\nthrough additional type checking.\r\nCVE-ID\r\nCVE-2014-4492 : Ian Beer of Google Project Zero\r\n\r\nLoginWindow\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 and v10.10.1\r\nImpact: A Mac may not lock immediately upon wake\r\nDescription: An issue existed in the rendering of the lock screen.\r\nThis issue was address through improved screen rendering while\r\nlocked.\r\nCVE-ID\r\nCVE-2014-8827 : Xavier Bertels of Mono, and multiple OS X seed\r\ntesters\r\n\r\nlukemftp\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 and v10.10.1\r\nImpact: Using the command line ftp tool to fetch files from a\r\nmalicious http server may lead to arbitrary code execution\r\nDescription: A command injection issue existed in the handling of\r\nHTTP redirects. This issue was addressed through improved validation\r\nof special characters.\r\nCVE-ID\r\nCVE-2014-8517\r\n\r\nOpenSSL\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 and v10.10.1\r\nImpact: Multiple vulnerabilities in OpenSSL 0.9.8za, including one\r\nthat may allow an attacker to downgrade connections to use weaker\r\ncipher-suites in applications using the library\r\nDescription: Multiple vulnerabilities existed in OpenSSL 0.9.8za.\r\nThese issues were addressed by updating OpenSSL to version 0.9.8zc.\r\nCVE-ID\r\nCVE-2014-3566\r\nCVE-2014-3567\r\nCVE-2014-3568\r\n\r\nSandbox\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5\r\nImpact: A sandboxed process may be able to circumvent sandbox\r\nrestrictions\r\nDescription: A design issue existed in the caching of sandbox\r\nprofiles which allowed sandboxed applications to gain write access to\r\nthe cache. This issue was addressed by restricting write access to\r\npaths containing a "com.apple.sandbox" segment. This issue does\r\nnot affect OS X Yosemite v10.10 or later.\r\nCVE-ID\r\nCVE-2014-8828 : Apple\r\n\r\nSceneKit\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5\r\nImpact: A malicious application could execute arbitrary code leading\r\nto compromise of user information\r\nDescription: Multiple out of bounds write issues existed in\r\nSceneKit. These issues were addressed through improved bounds\r\nchecking.\r\nCVE-ID\r\nCVE-2014-8829 : Jose Duart of the Google Security Team\r\n\r\nSceneKit\r\nAvailable for: OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 and v10.10.1\r\nImpact: Viewing a maliciously crafted Collada file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A heap buffer overflow existed in SceneKit's handling\r\nof Collada files. Viewing a maliciously crafted Collada file may have\r\nled to an unexpected application termination or arbitrary code\r\nexecution. This issue was addressed through improved validation of\r\naccessor elements.\r\nCVE-ID\r\nCVE-2014-8830 : Jose Duart of Google Security Team\r\n\r\nSecurity\r\nAvailable for: OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 and v10.10.1\r\nImpact: A downloaded application signed with a revoked Developer ID\r\ncertificate may pass Gatekeeper checks\r\nDescription: An issue existed with how cached application\r\ncertificate information was evaluated. This issue was addressed with\r\ncache logic improvements.\r\nCVE-ID\r\nCVE-2014-8838 : Apple\r\n\r\nsecurity_taskgate\r\nAvailable for: OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 and v10.10.1\r\nImpact: An app may access keychain items belonging to other apps\r\nDescription: An access control issue existed in the Keychain.\r\nApplications signed with self-signed or Developer ID certificates\r\ncould access keychain items whose access control lists were based on\r\nkeychain groups. This issue was addressed by validating the signing\r\nidentity when granting access to keychain groups.\r\nCVE-ID\r\nCVE-2014-8831 : Apple\r\n\r\nSpotlight\r\nAvailable for: OS X Yosemite v10.10 and v10.10.1\r\nImpact: The sender of an email could determine the IP address of the\r\nrecipient\r\nDescription: Spotlight did not check the status of Mail's "Load\r\nremote content in messages" setting. This issue was addressed by\r\nimproving configuration checking.\r\nCVE-ID\r\nCVE-2014-8839 : John Whitehead of The New York Times, Frode Moe of\r\nLastFriday.no\r\n\r\nSpotlight\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 and v10.10.1\r\nImpact: Spotlight may save unexpected information to an external\r\nhard drive\r\nDescription: An issue existed in Spotlight where memory contents may\r\nhave been written to external hard drives when indexing. This issue\r\nwas addressed with better memory management.\r\nCVE-ID\r\nCVE-2014-8832 : F-Secure\r\n\r\nSpotlightIndex\r\nAvailable for: OS X Yosemite v10.10 and v10.10.1\r\nImpact: Spotlight may display results for files not belonging to the\r\nuser\r\nDescription: A deserialization issue existed in Spotlight's handling\r\nof permission caches. A user performing a Spotlight query may have\r\nbeen shown search results referencing files for which they don't have\r\nsufficient privileges to read. This issue was addressed with improved\r\nbounds checking.\r\nCVE-ID\r\nCVE-2014-8833 : David J Peacock, Independent Technology Consultant\r\n\r\nsysmond\r\nAvailable for: OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 and v10.10.1\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with root privileges\r\nDescription: A type confusion vulnerability existed in sysmond that\r\nallowed a local application to escalate privileges. The issue was\r\naddressed with improved type checking.\r\nCVE-ID\r\nCVE-2014-8835 : Ian Beer of Google Project Zero\r\n\r\nUserAccountUpdater\r\nAvailable for: OS X Yosemite v10.10 and v10.10.1\r\nImpact: Printing-related preference files may contain sensitive\r\ninformation about PDF documents\r\nDescription: OS X Yosemite v10.10 addressed an issue in the handling\r\nof password-protected PDF files created from the Print dialog where\r\npasswords may have been included in printing preference files. This\r\nupdate removes such extraneous information that may have been present\r\nin printing preference files.\r\nCVE-ID\r\nCVE-2014-8834 : Apple\r\n\r\nNote: OS X Yosemite 10.10.2 includes the security content of Safari\r\n8.0.3. For further details see https://support.apple.com/kb/HT204243\r\n\r\n\r\nOS X Yosemite 10.10.2 and Security Update 2015-001 may be obtained\r\nfrom the Mac App Store or Apple's Software Downloads web site:\r\nhttp://www.apple.com/support/downloads/\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: http://support.apple.com/kb/HT1222\r\n\r\nThis message is signed with Apple's Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG/MacGPG2 v2.0.22 (Darwin)\r\n\r\niQIcBAEBAgAGBQJUx8ufAAoJEBcWfLTuOo7tWecQAIFvaOlK0Ar2vbUaH0TIpO9F\r\nN9SbkWmdNHDNUvc3LJOaeVfAFlXPbgHYqXGIC0kZiRL5Kyhy/K2hH29iNoIDqfET\r\nD1jPWOaAFhzvohViYl12ne/A7bBs5v+3G6gqmGCDCqGyn5VFdUMmS0/ZJSCUkPQG\r\nLqTvj5D4ulYl8I5uA9Ur9jD2j/TkSCOWiSTO5diMlt1WcKb1fn5pl9b0YNweI8UX\r\nFcZPrIlVNeaSywuitdxZEcWOhsJYbS6Xw13crS/HNJGEO+5N7keCnCJiN9HW4Pt6\r\n8iNAgkSWX6S8nP6mq3tiKJmvh6Qj88tvSLgotc79+C8djvkwkxr3611sSLRUStI/\r\nqmwDeJS+rvNgFiLbcJjDDH1EC3qBqMb5mIsMtnXKDDMS8mNeJHaQFngK2YacFLuW\r\ngzAMZIcEhLpWq46rYHBsPsB1iG1shyxxz1zL+JKNAi1aTtfFrP3aItQBUG5T345V\r\n0oJol8oxzen9KLNYJMvE9CTJlrRr204DoQkmhY2dUP2W1EQoEGw2qzy/zBIq0yFA\r\n0FNVcSXE+T4yCyHRGakK/sccw6lyCP0xS/lgaPlkyHsFT3oalu9yyqNtDCJl/Cns\r\nsAa5dw0tlb8/zWQ3fsJna2yrw5xSboA5KWegtrjtjodrz8O1MjRrTPgx8AnLjKzq\r\nnggZl3Sa+QhfaHSUqSJI\r\n=uAqk\r\n-----END PGP SIGNATURE-----\r\n\r\n", "modified": "2015-02-02T00:00:00", "published": "2015-02-02T00:00:00", "id": "SECURITYVULNS:DOC:31679", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31679", "title": "APPLE-SA-2015-01-27-4 OS X 10.10.2 and Security Update 2015-001", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:59", "bulletinFamily": "software", "description": "Protection bypass, memory corruptions, buffer overflows, code execution, crossite access, information disclosure.", "modified": "2015-02-02T00:00:00", "published": "2015-02-02T00:00:00", "id": "SECURITYVULNS:VULN:14245", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14245", "title": "Apple Mac OS X multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2019-02-21T01:23:25", "bulletinFamily": "scanner", "description": "The remote host is running a version of Mac OS X 10.10.x that is prior to version 10.10.2. This update contains several security-related fixes for the following components :\n\n - bash\n - Bluetooth\n - CFNetwork Cache\n - CommerceKit Framework\n - CoreGraphics\n - CoreSymbolication\n - CPU Software\n - FontParser\n - Foundation\n - Intel Graphics Driver\n - IOAcceleratorFamily\n - IOHIDFamily\n - IOKit\n - IOUSBFamily\n - Kernel\n - LaunchServices\n - libnetcore\n - LoginWindow\n - lukemftp\n - OpenSSL\n - Safari\n - SceneKit\n - Security\n - security_taskgate\n - Spotlight\n - SpotlightIndex\n - sysmond\n - UserAccountUpdater\n\nNote that successful exploitation of the most serious issues can result in arbitrary code execution.", "modified": "2018-07-14T00:00:00", "id": "MACOSX_10_10_2.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=81087", "published": "2015-01-29T00:00:00", "title": "Mac OS X 10.10.x < 10.10.2 Multiple Vulnerabilities (POODLE)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81087);\n script_version(\"1.17\");\n script_cvs_date(\"Date: 2018/07/14 1:59:36\");\n\n script_cve_id(\n \"CVE-2014-1595\",\n \"CVE-2014-3192\",\n \"CVE-2014-3566\",\n \"CVE-2014-3567\",\n \"CVE-2014-3568\",\n \"CVE-2014-4371\",\n \"CVE-2014-4389\",\n \"CVE-2014-4419\",\n \"CVE-2014-4420\",\n \"CVE-2014-4421\",\n \"CVE-2014-4460\",\n \"CVE-2014-4461\",\n \"CVE-2014-4476\",\n \"CVE-2014-4477\",\n \"CVE-2014-4479\",\n \"CVE-2014-4481\",\n \"CVE-2014-4483\",\n \"CVE-2014-4484\",\n \"CVE-2014-4485\",\n \"CVE-2014-4486\",\n \"CVE-2014-4487\",\n \"CVE-2014-4488\",\n \"CVE-2014-4489\",\n \"CVE-2014-4491\",\n \"CVE-2014-4492\",\n \"CVE-2014-4495\",\n \"CVE-2014-4498\",\n \"CVE-2014-4499\",\n \"CVE-2014-6277\",\n \"CVE-2014-7186\",\n \"CVE-2014-7187\",\n \"CVE-2014-8517\",\n \"CVE-2014-8817\",\n \"CVE-2014-8819\",\n \"CVE-2014-8820\",\n \"CVE-2014-8821\",\n \"CVE-2014-8822\",\n \"CVE-2014-8823\",\n \"CVE-2014-8824\",\n \"CVE-2014-8825\",\n \"CVE-2014-8826\",\n \"CVE-2014-8827\",\n \"CVE-2014-8830\",\n \"CVE-2014-8831\",\n \"CVE-2014-8832\",\n \"CVE-2014-8833\",\n \"CVE-2014-8834\",\n \"CVE-2014-8835\",\n \"CVE-2014-8836\",\n \"CVE-2014-8837\",\n \"CVE-2014-8838\",\n \"CVE-2014-8839\"\n );\n script_bugtraq_id(\n 69919,\n 69924,\n 69927,\n 69928,\n 69950,\n 70152,\n 70154,\n 70165,\n 70273,\n 70574,\n 70585,\n 70586,\n 70792,\n 71135,\n 71136,\n 71394,\n 72327,\n 72328,\n 72329,\n 72330,\n 72331,\n 72341\n );\n script_xref(name:\"CERT\", value:\"577193\");\n script_xref(name:\"IAVA\", value:\"2014-A-0142\");\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2015-01-27-4\");\n\n script_name(english:\"Mac OS X 10.10.x < 10.10.2 Multiple Vulnerabilities (POODLE)\");\n script_summary(english:\"Checks the version of Mac OS X.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a Mac OS X update that fixes multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of Mac OS X 10.10.x that is prior\nto version 10.10.2. This update contains several security-related\nfixes for the following components :\n\n - bash\n - Bluetooth\n - CFNetwork Cache\n - CommerceKit Framework\n - CoreGraphics\n - CoreSymbolication\n - CPU Software\n - FontParser\n - Foundation\n - Intel Graphics Driver\n - IOAcceleratorFamily\n - IOHIDFamily\n - IOKit\n - IOUSBFamily\n - Kernel\n - LaunchServices\n - libnetcore\n - LoginWindow\n - lukemftp\n - OpenSSL\n - Safari\n - SceneKit\n - Security\n - security_taskgate\n - Spotlight\n - SpotlightIndex\n - sysmond\n - UserAccountUpdater\n\nNote that successful exploitation of the most serious issues can\nresult in arbitrary code execution.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.apple.com/en-us/HT204244\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.securityfocus.com/archive/1/534559\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.imperialviolet.org/2014/10/14/poodle.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/~bodo/ssl-poodle.pdf\");\n script_set_attribute(attribute:\"see_also\", value:\"https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Mac OS X 10.10.2 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'tnftp \"savefile\" Arbitrary Command Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/09/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"os_fingerprint.nasl\");\n script_require_ports(\"Host/MacOSX/Version\", \"Host/OS\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os)\n{\n os = get_kb_item_or_exit(\"Host/OS\");\n if (\"Mac OS X\" >!< os) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\n c = get_kb_item(\"Host/OS/Confidence\");\n if (c <= 70) exit(1, \"Can't determine the host's OS with sufficient confidence.\");\n}\nif (!os) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\nmatch = eregmatch(pattern:\"Mac OS X ([0-9]+(\\.[0-9]+)+)\", string:os);\nif (isnull(match)) exit(1, \"Failed to parse the Mac OS X version ('\" + os + \"').\");\n\nversion = match[1];\nif (!ereg(pattern:\"^10\\.10([^0-9]|$)\", string:version)) audit(AUDIT_OS_NOT, \"Mac OS X 10.10\", \"Mac OS X \"+version);\n\nfixed_version = \"10.10.2\";\nif (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)\n{\n if (report_verbosity > 0)\n {\n report = '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version +\n '\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected as it is running Mac OS X \"+version+\".\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
