Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.MACOSX_10_11_1.NASL
HistoryOct 29, 2015 - 12:00 a.m.

Mac OS X < 10.11.1 Multiple Vulnerabilities

2015-10-2900:00:00
This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
www.tenable.com
26
JSON

The remote host is running a version of Mac OS X that is 10.9.5 or later but prior to 10.11.1 It is, therefore, affected by multiple vulnerabilities in the following components :

  • Accelerate Framework (CVE-2015-5940)

  • apache_mod_php (CVE-2015-0235, CVE-2015-0273, CVE-2015-6834, CVE-2015-6835, CVE-2015-6836, CVE-2015-6837, CVE-2015-6838)

  • ATS (CVE-2015-6985)

  • Audio (CVE-2015-5933, CVE-2015-5934, CVE-2015-7003)

  • Bom (CVE-2015-7006)

  • CFNetwork (CVE-2015-7023)

  • configd (CVE-2015-7015)

  • CoreGraphics (CVE-2015-5925, CVE-2015-5926)

  • CoreText (CVE-2015-5944, CVE-2015-6975, CVE-2015-6992, CVE-2015-7017)

  • Directory Utility (CVE-2015-6980)

  • Disk Images (CVE-2015-6995)

  • EFI (CVE-2015-7035)

  • File Bookmark (CVE-2015-6987)

  • FontParser (CVE-2015-5927, CVE-2015-5942, CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, CVE-2015-7010, CVE-2015-7018)

  • Grand Central Dispatch (CVE-2015-6989)

  • Graphics Drivers (CVE-2015-7019, CVE-2015-7020, CVE-2015-7021)

  • ImageIO (CVE-2015-5935, CVE-2015-5936, CVE-2015-5937, CVE-2015-5938, CVE-2015-5939)

  • IOAcceleratorFamily (CVE-2015-6996)

  • IOHIDFamily (CVE-2015-6974)

  • Kernel (CVE-2015-5932, CVE-2015-6988, CVE-2015-6994)

  • libarchive (CVE-2015-6984)

  • MCX Application Restrictions (CVE-2015-7016)

  • Net-SNMP (CVE-2014-3565, CVE-2012-6151)

  • OpenGL (CVE-2015-5924)

  • OpenSSH (CVE-2015-6563)

  • Sandbox (CVE-2015-5945)

  • Script Editor (CVE-2015-7007)

  • Security (CVE-2015-6983, CVE-2015-7024)

  • SecurityAgent (CVE-2015-5943)

Note that successful exploitation of the most serious issues can result in arbitrary code execution.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(86654);
  script_version("1.9");
  script_cvs_date("Date: 2018/07/14  1:59:36");

  script_cve_id(
    "CVE-2012-6151",
    "CVE-2014-3565",
    "CVE-2015-0235",
    "CVE-2015-0273",
    "CVE-2015-5924",
    "CVE-2015-5925",
    "CVE-2015-5926",
    "CVE-2015-5927",
    "CVE-2015-5932",
    "CVE-2015-5933",
    "CVE-2015-5934",
    "CVE-2015-5935",
    "CVE-2015-5936",
    "CVE-2015-5937",
    "CVE-2015-5938",
    "CVE-2015-5939",
    "CVE-2015-5940",
    "CVE-2015-5942",
    "CVE-2015-5943",
    "CVE-2015-5944",
    "CVE-2015-5945",
    "CVE-2015-6563",
    "CVE-2015-6834",
    "CVE-2015-6835",
    "CVE-2015-6836",
    "CVE-2015-6837",
    "CVE-2015-6838",
    "CVE-2015-6974",
    "CVE-2015-6975",
    "CVE-2015-6976",
    "CVE-2015-6977",
    "CVE-2015-6978",
    "CVE-2015-6980",
    "CVE-2015-6983",
    "CVE-2015-6984",
    "CVE-2015-6985",
    "CVE-2015-6987",
    "CVE-2015-6988",
    "CVE-2015-6989",
    "CVE-2015-6990",
    "CVE-2015-6991",
    "CVE-2015-6992",
    "CVE-2015-6993",
    "CVE-2015-6994",
    "CVE-2015-6995",
    "CVE-2015-6996",
    "CVE-2015-7003",
    "CVE-2015-7006",
    "CVE-2015-7007",
    "CVE-2015-7008",
    "CVE-2015-7009",
    "CVE-2015-7010",
    "CVE-2015-7015",
    "CVE-2015-7016",
    "CVE-2015-7017",
    "CVE-2015-7018",
    "CVE-2015-7019",
    "CVE-2015-7020",
    "CVE-2015-7021",
    "CVE-2015-7023",
    "CVE-2015-7024",
    "CVE-2015-7035"
  );
  script_bugtraq_id(
    64048,
    69477,
    72325,
    72701,
    74971,
    76317,
    76644,
    76649,
    76733,
    76734,
    76738,
    77263,
    77265,
    77266,
    77270
  );
  script_xref(name:"APPLE-SA", value:"APPLE-SA-2015-10-21-4");

  script_name(english:"Mac OS X < 10.11.1 Multiple Vulnerabilities");
  script_summary(english:"Checks the version of Mac OS X.");

  script_set_attribute(attribute:"synopsis", value:
"The remote host is missing a Mac OS X update that fixes multiple
security vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The remote host is running a version of Mac OS X that is 10.9.5 or
later but prior to 10.11.1 It is, therefore, affected by multiple
vulnerabilities in the following components :

  - Accelerate Framework (CVE-2015-5940)

  - apache_mod_php (CVE-2015-0235, CVE-2015-0273,
    CVE-2015-6834, CVE-2015-6835, CVE-2015-6836,
    CVE-2015-6837, CVE-2015-6838)

  - ATS (CVE-2015-6985)

  - Audio (CVE-2015-5933, CVE-2015-5934, CVE-2015-7003)

  - Bom (CVE-2015-7006)

  - CFNetwork (CVE-2015-7023)

  - configd (CVE-2015-7015)

  - CoreGraphics (CVE-2015-5925, CVE-2015-5926)

  - CoreText (CVE-2015-5944, CVE-2015-6975, CVE-2015-6992,
    CVE-2015-7017)

  - Directory Utility (CVE-2015-6980)

  - Disk Images (CVE-2015-6995)

  - EFI (CVE-2015-7035)

  - File Bookmark (CVE-2015-6987)

  - FontParser (CVE-2015-5927, CVE-2015-5942, CVE-2015-6976,
    CVE-2015-6977, CVE-2015-6978, CVE-2015-6990,
    CVE-2015-6991, CVE-2015-6993, CVE-2015-7008,
    CVE-2015-7009, CVE-2015-7010, CVE-2015-7018)

  - Grand Central Dispatch (CVE-2015-6989)

  - Graphics Drivers (CVE-2015-7019, CVE-2015-7020,
    CVE-2015-7021)

  - ImageIO (CVE-2015-5935, CVE-2015-5936, CVE-2015-5937,
    CVE-2015-5938, CVE-2015-5939)

  - IOAcceleratorFamily (CVE-2015-6996)

  - IOHIDFamily (CVE-2015-6974)

  - Kernel (CVE-2015-5932, CVE-2015-6988, CVE-2015-6994)

  - libarchive (CVE-2015-6984)

  - MCX Application Restrictions (CVE-2015-7016)

  - Net-SNMP (CVE-2014-3565, CVE-2012-6151)

  - OpenGL (CVE-2015-5924)

  - OpenSSH (CVE-2015-6563)

  - Sandbox (CVE-2015-5945)

  - Script Editor (CVE-2015-7007)

  - Security (CVE-2015-6983, CVE-2015-7024)

  - SecurityAgent (CVE-2015-5943)

Note that successful exploitation of the most serious issues can
result in arbitrary code execution.");
  script_set_attribute(attribute:"see_also", value:"https://support.apple.com/en-us/HT205375");
  # https://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c7e01da3");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Mac OS X 10.11.1 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Safari User-Assisted Applescript Exec Attack');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2012/09/05");
  script_set_attribute(attribute:"patch_publication_date", value:"2015/10/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/10/29");

  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"MacOS X Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.");

  script_dependencies("ssh_get_info.nasl", "os_fingerprint.nasl");
  script_require_ports("Host/MacOSX/Version", "Host/OS");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");

os = get_kb_item("Host/MacOSX/Version");
if (!os)
{
  os = get_kb_item_or_exit("Host/OS");
  if ("Mac OS X" >!< os) audit(AUDIT_OS_NOT, "Mac OS X");

  c = get_kb_item("Host/OS/Confidence");
  if (c <= 70) exit(1, "Cannot determine the host's OS with sufficient confidence.");
}
if (!os) audit(AUDIT_OS_NOT, "Mac OS X");

match = eregmatch(pattern:"Mac OS X ([0-9]+(\.[0-9]+)+)", string:os);
if (isnull(match)) exit(1, "Failed to parse the Mac OS X version ('" + os + "').");

version = match[1];

if (
  version !~ "^10\.11([^0-9]|$)"
) audit(AUDIT_OS_NOT, "Mac OS X 10.11 or later", "Mac OS X "+version);

fixed_version = "10.11.1";
if (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)
{
  if (report_verbosity > 0)
    {
      report = '\n  Installed version : ' + version +
               '\n  Fixed version     : ' + fixed_version +
               '\n';
      security_hole(port:0, extra:report);
    }
    else security_hole(0);
    exit(0);
}
else exit(0, "The host is not affected since it is running Mac OS X "+version+".");
VendorProductVersionCPE
applemac_os_xcpe:/o:apple:mac_os_x

References

Related

securityvulns 8
nessus 34
openvas 25
prion 45
cve 42
osv 2
fedora 5
mageia 1
debian 3
amazon 5
f5 2
slackware 1
freebsd 2
ibm 2
suse 4
ubuntucve 2
ubuntu 1
veracode 11
redhat 1
cert 1
threatpost 1
zdt 1
securityvulns
securityvulns
APPLE-SA-2015-10-21-4 OS X El Capitan 10.11.1 and Security Update 2015-007
2015-10-25 00:00:00
APPLE-SA-2015-10-21-2 watchOS 2.0.1
2015-10-25 00:00:00
APPLE-SA-2015-10-21-1 iOS 9.1
2015-10-25 00:00:00
nessus
nessus
Mac OS X 10.9.5 or later < 10.11.1 Multiple Vulnerabilities
2016-05-27 00:00:00
Mac OS X Multiple Vulnerabilities (Security Updates 2015-004 / 2015-007)
2015-11-10 00:00:00
Apple iOS < 9.1 Multiple Vulnerabilities
2016-05-26 00:00:00
openvas
openvas
Apple Mac OS X Multiple Vulnerabilities-01 (HT205375)
2018-05-15 00:00:00
Apple Mac OS X Multiple Vulnerabilities-01 (Oct 2015)
2015-10-29 00:00:00
Debian: Security Advisory (DSA-3358-1)
2015-09-12 00:00:00
prion
prion
Memory corruption
2015-10-23 21:59:00
Memory corruption
2015-10-23 21:59:00
Memory corruption
2015-10-23 21:59:00
cve
cve
CVE-2015-6990
2015-10-23 21:59:00
CVE-2015-7009
2015-10-23 21:59:00
CVE-2015-6977
2015-10-23 21:59:00
osv
osv
php5 - security update
2015-09-13 00:00:00
php5 - security update
2015-11-08 00:00:00
fedora
fedora
[SECURITY] Fedora 21 Update: php-5.6.13-1.fc21
2015-09-14 22:23:26
[SECURITY] Fedora 22 Update: php-5.6.13-1.fc22
2015-09-14 23:22:46
[SECURITY] Fedora 23 Update: php-5.6.13-1.fc23
2015-09-18 19:33:49
mageia
mageia
Updated php packages fix security vulnerabilities
2015-09-14 00:58:30
debian
debian
[SECURITY] [DSA 3358-1] php5 security update
2015-09-13 14:58:00
[SECURITY] [DSA 3358-1] php5 security update
2015-09-13 14:58:00
[SECURITY] [DLA 341-1] php5 security update
2015-11-08 18:51:20
amazon
amazon
Low: php54
2016-03-16 16:30:00
Medium: php55
2015-10-20 14:52:00
Medium: php56
2015-10-20 14:50:00
f5
f5
K17377 : PHP vulnerabilities CVE-2015-6834, CVE-2015-6835, CVE-2015-6836, CVE-2015-6837, and CVE-2015-6838
2015-10-08 00:00:00
SOL17377 - PHP vulnerabilities CVE-2015-6834, CVE-2015-6835, CVE-2015-6836, CVE-2015-6837, and CVE-2015-6838
2015-10-08 00:00:00
slackware
slackware
[slackware-security] php
2015-10-01 21:35:28
freebsd
freebsd
php -- multiple vulnerabilities
2015-09-03 00:00:00
php5 -- multiple vulnerabilities
2015-02-18 00:00:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities in php5 affect IBM Flex System Manager (FSM) (CVE-2015-6836, CVE-2015-6837, CVE-2015-6838)
2018-06-18 01:31:31
Security Bulletin: IBM Tealeaf Customer Experience PCA Web UI PHP security issues
2018-06-16 19:50:01
suse
suse
Security update for php5 (important)
2015-10-08 16:10:07
Security update for php5 (important)
2015-09-25 11:09:46
Security update for php5 (important)
2015-09-25 15:09:56
ubuntucve
ubuntucve
CVE-2015-6837
2015-09-09 00:00:00
CVE-2015-6838
2015-09-09 00:00:00
ubuntu
ubuntu
PHP vulnerabilities
2015-09-30 00:00:00
veracode
veracode
Use After Free
2019-05-02 05:27:42
Denial Of Service (DoS)
2019-05-02 05:27:42
Use-After-Free
2019-05-02 05:27:42
redhat
redhat
(RHSA-2016:0457) Moderate: rh-php56-php security update
2016-03-15 00:00:00
cert
cert
Cookies set via HTTP requests may be used to bypass HTTPS and reveal private information
2015-09-24 00:00:00
threatpost
threatpost
Apple Issues Incomplete Patches for Gatekeeper Bypass
2016-01-15 08:00:26
zdt
zdt
Apple Mac OSX - OSMetaClassBase::safeMetaCast in IOAccelContext2::connectClient Exploitable NULL Der
2016-01-28 00:00:00
JSON
Related for MACOSX_10_11_1.NASL
securityvulns8nessus34openvas25prion45cve42osv2fedora5mageia1debian3amazon5f52slackware1freebsd2ibm2suse4ubuntucve2ubuntu1veracode11redhat1cert1threatpost1zdt1