Lucene search

K
nessusTenable6857.PRM
HistoryJun 05, 2013 - 12:00 a.m.

Mac OS X 10.8 < 10.8.4 Multiple Vulnerabilities (Security Update 2013-002)

2013-06-0500:00:00
Tenable
www.tenable.com
11

9.3 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.013 Low

EPSS

Percentile

86.0%

The remote host is running a version of Mac OS X 10.8 that is older than 10.8.4. The newer version contains numerous security-related fixes :

  • A local security-bypass vulnerability exists that affects the Disk Management component. The issue can be exploited by an unauthorized attacker to disable FileVault using the command-line. (CVE-2013-0985)

  • A security-bypass vulnerability in SMB file sharing can occur whereby an authenticated attacker can write files outside the shared directory. (CVE-2013-0990)

  • A remote buffer-overflow vulnerability exists when handling certain PICT images. (CVE-2013-0975)

  • A security-bypass vulnerability exists whereby an attacker with access to a user’s session may be able to log into previously accessed sites. An attacker can exploit this issue even if Private Browsing was used. (CVE-2013-0982)

  • A remote-code execution issue affects the text glyphs because of an unbounded stack allocation when handling maliciously crafted URLs. (CVE-2013-0983)

  • A remote-code execution vulnerability exists due to improper handling of text tracks. (CVE-2013-1024)

  • A buffer-overflow vulnerability exists in the Directory Service daemon that can be exploited via a specially crafted network message. (CVE-2013-0984)

Binary data 6857.prm
VendorProductVersionCPE
applemac_os_xcpe:/o:apple:mac_os_x

References

9.3 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.013 Low

EPSS

Percentile

86.0%