Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.MACOSX_10_5_8.NASL
HistoryAug 05, 2009 - 12:00 a.m.

Mac OS X 10.5.x < 10.5.8 Multiple Vulnerabilities

2009-08-0500:00:00
This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
www.tenable.com
23
JSON

The remote host is running a version of Mac OS X 10.5.x that is prior to 10.5.8.

Mac OS X 10.5.8 contains security fixes for the following products :

  • bzip2
  • CFNetwork
  • ColorSync
  • CoreTypes
  • Dock
  • Image RAW
  • ImageIO
  • Kernel
  • launchd
  • Login Window
  • MobileMe
  • Networking
  • XQuery
#
# (C) Tenable Network Security, Inc.
#


if (!defined_func("bn_random")) exit(0);
if (NASL_LEVEL < 3004) exit(0);

include("compat.inc");

if (description)
{
  script_id(40502);
  script_version("1.23");

  script_cve_id("CVE-2008-0674", "CVE-2008-1372", "CVE-2009-0040", "CVE-2009-0151", "CVE-2009-1235",
                "CVE-2009-1720", "CVE-2009-1721", "CVE-2009-1722", "CVE-2009-1723", "CVE-2009-1726",
                "CVE-2009-1727", "CVE-2009-1728", "CVE-2009-2188", "CVE-2009-2190", "CVE-2009-2191",
                "CVE-2009-2192", "CVE-2009-2193", "CVE-2009-2194");
  script_bugtraq_id(27786, 28286, 33827, 34203, 35838, 36025);

  script_name(english:"Mac OS X 10.5.x < 10.5.8 Multiple Vulnerabilities");
  script_summary(english:"Check the version of Mac OS X");

  script_set_attribute( attribute:"synopsis",  value:
"The remote host is missing a Mac OS X update that fixes various
security issues."  );
  script_set_attribute(
    attribute:"description", 
    value:
"The remote host is running a version of Mac OS X 10.5.x that is prior
to 10.5.8. 

Mac OS X 10.5.8 contains security fixes for the following products :

  - bzip2
  - CFNetwork
  - ColorSync
  - CoreTypes
  - Dock
  - Image RAW
  - ImageIO
  - Kernel
  - launchd
  - Login Window
  - MobileMe
  - Networking
  - XQuery"  );
  script_set_attribute(
    attribute:"see_also", 
    value:"http://support.apple.com/kb/HT3757"
  );
  script_set_attribute(
    attribute:"see_also", 
    value:"http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Upgrade to Mac OS X 10.5.8 or later."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_cwe_id(16, 94, 119, 134, 189, 255, 264, 399);
  script_set_attribute(
    attribute:"vuln_publication_date", 
    value:"2009/08/05"
  );
  script_set_attribute(
    attribute:"patch_publication_date", 
    value:"2009/08/05"
  );
  script_set_attribute(
    attribute:"plugin_publication_date", 
    value:"2009/08/05"
  );
 script_cvs_date("Date: 2018/07/16 12:48:31");
  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x");
  script_end_attributes();
 
  script_category(ACT_GATHER_INFO);
  script_family(english:"MacOS X Local Security Checks");
 
  script_copyright(english:"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.");
 
  script_dependencies("ssh_get_info.nasl", "os_fingerprint.nasl");

 exit(0);
}


os = get_kb_item("Host/MacOSX/Version");
if (!os) os = get_kb_item("Host/OS");
if (!os) exit(1, "The 'Host/MacOSX/Version' and 'Host/OS' KB items are missing.");

if (ereg(pattern:"Mac OS X 10\.5\.[0-7]([^0-9]|$)", string:os)) security_hole(0);
else exit(0, "The host is not affected.");
VendorProductVersionCPE
applemac_os_xcpe:/o:apple:mac_os_x

References

Related

securityvulns 6
seebug 2
nessus 45
openvas 77
ubuntu 3
osv 2
debian 2
gentoo 3
fedora 6
prion 11
cve 11
cvelist 13
freebsd 3
altlinux 1
oraclelinux 1
centos 2
ubuntucve 2
debiancve 2
f5 2
redhat 2
cert 1
veracode 1
slackware 1
securityvulns
securityvulns
Apple Mac OS X multiple security vulnerabilities
2009-08-07 00:00:00
About the security content of Security Update 2009-003 / Mac OS X v10.5.8
2009-08-07 00:00:00
[SECURITY] [DSA 1842-1] New openexr packages fix several vulnerabilities
2009-07-28 00:00:00
seebug
seebug
Apple Mac OS X 2009-003修补多个安全漏洞
2009-08-06 00:00:00
PCRE字符类缓冲区溢出漏洞
2008-03-19 00:00:00
nessus
nessus
Mac OS X 10.5 < 10.5.8 Multiple Vulnerabilities
2009-08-06 00:00:00
Mac OS X Multiple Vulnerabilities (Security Update 2009-003)
2009-08-05 00:00:00
Mandriva Linux Security Advisory : OpenEXR (MDVSA-2009:191-1)
2009-12-09 00:00:00
openvas
openvas
Mac OS X 10.5.8 Update / Mac OS X Security Update 2009-003
2010-05-12 00:00:00
Mac OS X 10.5.8 Update / Mac OS X Security Update 2009-003
2010-05-12 00:00:00
Mandrake Security Advisory MDVSA-2009:191 (OpenEXR)
2009-08-17 00:00:00
ubuntu
ubuntu
OpenEXR vulnerabilities
2009-09-14 00:00:00
bzip2 vulnerability
2008-03-24 00:00:00
PCRE vulnerability
2008-02-21 00:00:00
osv
osv
openexr - several vulnerabilities
2009-07-28 00:00:00
pcre3 - arbitrary code execution
2008-02-19 00:00:00
debian
debian
[SECURITY] [DSA 1842-1] New openexr packages fix several vulnerabilities
2009-07-28 12:16:44
[SECURITY] [DSA 1499-1] New pcre3 packages fix arbitrary code execution
2008-02-19 22:10:49
gentoo
gentoo
OpenEXR: Multiple Vulnerabilities
2013-12-09 00:00:00
Analog: Denial of service
2009-03-29 00:00:00
bzip2: Denial of service
2008-04-02 00:00:00
fedora
fedora
[SECURITY] Fedora 10 Update: OpenEXR-1.6.1-8.fc10
2009-07-31 18:02:09
[SECURITY] Fedora 11 Update: OpenEXR-1.6.1-8.fc11
2009-07-31 18:01:21
[SECURITY] Fedora 7 Update: bzip2-1.0.4-11.fc7
2008-04-09 05:23:47
prion
prion
Design/Logic Flaw
2009-08-06 16:30:00
Code injection
2009-08-06 16:30:00
Design/Logic Flaw
2009-08-06 16:30:00
cve
cve
CVE-2009-2192
2009-08-06 16:30:00
CVE-2009-2193
2009-08-06 16:30:00
CVE-2009-2190
2009-08-06 16:30:00
cvelist
cvelist
CVE-2009-2192
2009-08-06 16:00:00
CVE-2009-2190
2009-08-06 16:00:00
CVE-2009-2193
2009-08-06 16:00:00
freebsd
freebsd
pcre -- buffer overflow vulnerability
2008-01-28 00:00:00
bzip2 -- crash with certain malformed archive files
2008-03-18 00:00:00
pngcrush -- libpng Uninitialised Pointer Arrays Vulnerability
2009-02-19 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 5 package bzip2 version 1:1.0.5-alt1
2008-03-18 00:00:00
oraclelinux
oraclelinux
bzip2 security update
2008-09-16 00:00:00
centos
centos
bzip2 security update
2008-09-17 00:31:08
bzip2 security update
2008-09-16 15:23:39
ubuntucve
ubuntucve
CVE-2008-1372
2008-03-18 00:00:00
CVE-2009-0040
2009-02-22 00:00:00
debiancve
debiancve
CVE-2008-1372
2008-03-18 21:44:00
CVE-2009-1722
2009-07-31 19:00:00
f5
f5
K9592 : bzip2 vulnerability CVE-2008-1372
2013-03-29 00:00:00
K9988 : libpng vulnerability CVE-2009-0040
2013-03-27 00:00:00
redhat
redhat
(RHSA-2008:0893) Moderate: bzip2 security update
2008-09-16 00:00:00
(RHSA-2009:0340) Moderate: libpng security update
2009-03-04 00:00:00
cert
cert
libpng fails to properly initialize element pointers
2009-03-02 00:00:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:30:13
slackware
slackware
libpng
2009-02-20 17:06:41
JSON
Related for MACOSX_10_5_8.NASL
securityvulns6seebug2nessus45openvas77ubuntu3osv2debian2gentoo3fedora6prion11cve11cvelist13freebsd3altlinux1oraclelinux1centos2ubuntucve2debiancve2f52redhat2cert1veracode1slackware1