Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2004-2018 Tenable Network Security, Inc.MACOSX_SECUPD20040907.NASL
HistorySep 08, 2004 - 12:00 a.m.

Mac OS X Multiple Vulnerabilities (Security Update 2004-09-07)

2004-09-0800:00:00
This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.
www.tenable.com
16
JSON

The remote host is missing Security Update 2004-09-07. This security update fixes the following components :

  • CoreFoundation
  • IPSec
  • Kerberos
  • libpcap
  • lukemftpd
  • NetworkConfig
  • OpenLDAP
  • OpenSSH
  • PPPDialer
  • rsync
  • Safari
  • tcpdump

These applications contain multiple vulnerabilities that may allow a remote attacker to execute arbitrary code.

#
# (C) Tenable Network Security, Inc.
#

if ( ! defined_func("bn_random") ) exit(0);
if (NASL_LEVEL < 3000) exit(0);

include("compat.inc");

if(description)
{
 script_id(14676);
 script_version ("1.25");

  script_cve_id("CVE-2004-0175", "CVE-2004-0183", "CVE-2004-0184", "CVE-2004-0361", "CVE-2004-0426", 
                "CVE-2004-0488", "CVE-2004-0493", "CVE-2004-0521", "CVE-2004-0523", "CVE-2004-0607",
                "CVE-2004-0720", "CVE-2004-0794", "CVE-2004-0821", "CVE-2004-0822", "CVE-2004-0823",
                "CVE-2004-0824", "CVE-2004-0825");
  script_bugtraq_id(9815, 9986, 10003, 10004, 10247, 10397, 11135, 11136, 11137, 11138, 11139, 11140);

 script_name(english:"Mac OS X Multiple Vulnerabilities (Security Update 2004-09-07)");
 script_summary(english:"Check for Security Update 2004-09-07");
 
 script_set_attribute( attribute:"synopsis", value:
"The remote host is missing a Mac OS X update that fixes a security
issue." );
 script_set_attribute( attribute:"description",  value:
"The remote host is missing Security Update 2004-09-07.  This security
update fixes the following components :

  - CoreFoundation
  - IPSec
  - Kerberos
  - libpcap
  - lukemftpd
  - NetworkConfig
  - OpenLDAP
  - OpenSSH
  - PPPDialer
  - rsync
  - Safari
  - tcpdump

These applications contain multiple vulnerabilities that may allow
a remote attacker to execute arbitrary code." );
 # http://web.archive.org/web/20080915104713/http://support.apple.com/kb/HT1646?
 script_set_attribute(
   attribute:"see_also",
   value:"http://www.nessus.org/u?210abeb5"
 );
 script_set_attribute(
   attribute:"solution", 
   value:"Install Security Update 2004-09-07."
 );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
 script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"true");
 script_cwe_id(22);
 script_set_attribute(attribute:"plugin_publication_date", value: "2004/09/08");
 script_set_attribute(attribute:"vuln_publication_date", value: "2004/03/08");
 script_set_attribute(attribute:"patch_publication_date", value: "2004/09/08");
 script_cvs_date("Date: 2018/07/14  1:59:35");
 script_set_attribute(attribute:"plugin_type", value:"local");
 script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x");
 script_end_attributes();

 script_category(ACT_GATHER_INFO);
 script_family(english:"MacOS X Local Security Checks");

 script_copyright(english:"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.");

 script_dependencies("ssh_get_info.nasl");
 script_require_keys("Host/MacOSX/packages");
 exit(0);
}


packages = get_kb_item("Host/MacOSX/packages");
if ( ! packages ) exit(0);

uname = get_kb_item("Host/uname");
# MacOS X 10.2.8, 10.3.4 and 10.3.5 only
if ( egrep(pattern:"Darwin.* (6\.8\.|7\.[45]\.)", string:uname) )
{
  if ( ! egrep(pattern:"^SecUpd(Srvr)?2004-09-07", string:packages) ) security_hole(0);
}
VendorProductVersionCPE
applemac_os_xcpe:/o:apple:mac_os_x

References

Related

osv 5
openvas 48
securityvulns 6
slackware 3
nessus 53
redhat 11
debian 7
cert 5
freebsd 3
cve 17
debiancve 8
gentoo 7
ubuntucve 6
checkpoint_advisories 4
suse 1
httpd 2
centos 8
f5 3
exploitpack 1
seebug 1
osv
osv
tcpdump - denial of service
2004-04-06 00:00:00
krb5 - buffer overflows
2004-06-16 00:00:00
rsync - directory traversal
2004-06-02 00:00:00
openvas
openvas
FreeBSD Ports: tcpdump
2008-09-04 00:00:00
FreeBSD Ports: tcpdump
2008-09-04 00:00:00
Slackware Advisory SSA:2004-108-01 tcpdump denial of service
2012-09-11 00:00:00
securityvulns
securityvulns
R7-0017: TCPDUMP ISAKMP payload handling denial-of-service vulnerabilities
2004-03-31 00:00:00
SUSE Security Announcement: Live CD 9.1 &#40;SuSE-SA:2004:011&#41;
2004-05-07 00:00:00
TSSA-2004-012 - apache
2004-06-30 00:00:00
slackware
slackware
tcpdump denial of service
2004-04-17 12:02:24
rsync update
2004-05-03 13:06:08
mod_ssl
2004-06-02 12:24:39
nessus
nessus
RHEL 2.1 / 3 : tcpdump (RHSA-2004:219)
2004-07-06 00:00:00
Slackware 8.1 / 9.0 / 9.1 / current : tcpdump denial of service (SSA:2004-108-01)
2005-07-13 00:00:00
Debian DSA-478-1 : tcpdump - denial of service
2004-09-29 00:00:00
redhat
redhat
(RHSA-2004:219) tcpdump security update
2004-05-26 00:00:00
(RHSA-2004:342) httpd security update
2004-07-06 00:00:00
(RHSA-2004:236) krb5 security update
2004-06-09 00:00:00
debian
debian
[SECURITY] [DSA 478-1] New tcpdump packages fix denial of service
2004-04-06 22:35:19
[SECURITY] [DSA 520-1] New krb5 packages fix buffer overflows
2004-06-17 02:30:48
[SECURITY] [DSA 499-1] New rsync packages fix directory traversal bug
2004-05-02 02:04:36
cert
cert
tcpdump contains integer underflow vulnerability in ISAKMP "Identification Payload" handling
2004-08-27 00:00:00
Apple QuickTime Streaming Server vulnerable to DoS
2004-09-13 00:00:00
tcpdump contains buffer overflow vulnerability in ISAKMP "Delete Payload" handling
2004-08-27 00:00:00
freebsd
freebsd
tcpdump ISAKMP payload handling remote denial-of-service
2004-03-12 00:00:00
tnftpd -- remotely exploitable vulnerability
2004-08-17 00:00:00
rsync path traversal issue
2004-04-26 00:00:00
cve
cve
CVE-2004-0184
2004-05-04 04:00:00
CVE-2004-0523
2004-08-18 04:00:00
CVE-2004-0493
2004-08-06 04:00:00
debiancve
debiancve
CVE-2004-0523
2004-08-18 04:00:00
CVE-2004-0183
2004-05-04 04:00:00
CVE-2004-0493
2004-08-06 04:00:00
gentoo
gentoo
mit-krb5: Multiple buffer overflows in krb5_aname_to_localname
2004-06-29 00:00:00
Apache 2: Remote denial of service attack
2004-07-04 00:00:00
rsync: Directory traversal in rsync daemon
2004-07-12 00:00:00
ubuntucve
ubuntucve
CVE-2004-0523
2004-08-18 00:00:00
CVE-2004-0493
2004-08-06 00:00:00
CVE-2004-0184
2004-05-04 00:00:00
checkpoint_advisories
checkpoint_advisories
TCPDUMP ISAKMP Payload Handling DoS (CVE-2004-0183)
2010-02-23 00:00:00
Apache 2.0.x Input Header Folding Denial of Service (CVE-2004-0493)
2009-12-13 00:00:00
TCPDUMP ISAKMP Payload Handling DoS (CVE-2004-0183)
2015-01-26 00:00:00
suse
suse
remote root access in Live CD 9.1
2004-05-06 20:51:52
httpd
httpd
Apache Httpd < 2.0.50 : Header parsing memory leak
2004-06-13 00:00:00
Apache Httpd < 2.0.50 : FakeBasicAuth overflow
2004-07-01 00:00:00
centos
centos
rsh security update
2005-05-18 17:58:16
openssh security update
2005-06-05 22:53:04
openssh security update
2005-05-18 18:00:09
f5
f5
K15452143 : IPsec-Tools (racoon) vulnerability CVE-2004-0607
2018-03-12 00:00:00
K3631 : Stack-based buffer overflow in Apache - CAN-2004-0488
2013-03-29 00:00:00
SOL3631 - Stack-based buffer overflow in Apache - CAN-2004-0488
2009-10-27 00:00:00
exploitpack
exploitpack
tcpdump - ISAKMP Identification Payload Integer Overflow
2004-04-05 00:00:00
seebug
seebug
tcpdump ISAKMP Identification payload Integer Overflow Exploit
2004-04-05 00:00:00
JSON
Related for MACOSX_SECUPD20040907.NASL
osv5openvas48securityvulns6slackware3nessus53redhat11debian7cert5freebsd3cve17debiancve8gentoo7ubuntucve6checkpoint_advisories4suse1httpd2centos8f53exploitpack1seebug1