Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2005-2018 Tenable Network Security, Inc.MACOSX_SECUPD2005-003.NASL
HistoryMar 21, 2005 - 12:00 a.m.

Mac OS X Multiple Vulnerabilities (Security Update 2005-003)

2005-03-2100:00:00
This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
www.tenable.com
13
JSON

The remote host is missing Security Update 2005-003. This security update contains security fixes for the following applications :

  • AFP Server
  • Bluetooth Setup Assistant
  • Core Foundation
  • Cyrus IMAP
  • Cyrus SASL
  • Folder Permissions
  • Mailman
  • Safari

These programs have multiple vulnerabilities which may allow a remote attacker to execute arbitrary code.

#
# (C) Tenable Network Security, Inc.
#

if ( ! defined_func("bn_random") ) exit(0);

include("compat.inc");

if(description)
{
 script_id(17587);
 script_version ("1.23");

 if (NASL_LEVEL >= 3000)
 {
  script_cve_id("CVE-2002-1347", "CVE-2004-0884", "CVE-2004-1011", "CVE-2004-1012", "CVE-2004-1013",
                "CVE-2004-1015", "CVE-2004-1067", "CVE-2005-0202", "CVE-2005-0235", "CVE-2005-0340", 
                "CVE-2005-0712", "CVE-2005-0713", "CVE-2005-0715", "CVE-2005-0716");
 }
 script_bugtraq_id(6347, 12478, 12863, 13224, 13220, 13226, 13237);

 script_name(english:"Mac OS X Multiple Vulnerabilities (Security Update 2005-003)");
 script_summary(english:"Check for Security Update 2005-003");
 
 script_set_attribute( attribute:"synopsis", value:
"The remote host is missing a Mac OS X update that fixes a security
issue." );
 script_set_attribute( attribute:"description",  value:
"The remote host is missing Security Update 2005-003. This security
update contains security fixes for the following applications :

  - AFP Server
  - Bluetooth Setup Assistant
  - Core Foundation
  - Cyrus IMAP
  - Cyrus SASL
  - Folder Permissions
  - Mailman
  - Safari

These programs have multiple vulnerabilities which may allow a remote
attacker to execute arbitrary code." );
 script_set_attribute(
   attribute:"see_also",
   value:"http://support.apple.com/kb/TA22971"
 );
 script_set_attribute(
   attribute:"solution", 
   value:"Install Security Update 2005-003."
 );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
 script_set_attribute(attribute:"plugin_publication_date", value: "2005/03/21");
 script_set_attribute(attribute:"vuln_publication_date", value: "2005/02/08");
 script_cvs_date("Date: 2018/07/14  1:59:35");
 script_set_attribute(attribute:"patch_publication_date", value: "2005/03/28");
 script_set_attribute(attribute:"plugin_type", value:"local");
 script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x");
 script_end_attributes();

 script_category(ACT_GATHER_INFO);
 script_family(english:"MacOS X Local Security Checks");

 script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.");

 script_dependencies("ssh_get_info.nasl");
 script_require_keys("Host/MacOSX/packages");
 exit(0);
}


packages = get_kb_item("Host/MacOSX/packages");
if ( ! packages ) exit(0);

uname = get_kb_item("Host/uname");
# MacOS X 10.2.8, 10.3.7 only
if ( egrep(pattern:"Darwin.* (6\.8\.|7\.[78]\.)", string:uname) )
{
  if (!egrep(pattern:"^SecUpd(Srvr)?2005-003", string:packages) ) security_hole(0);
	else non_vuln = 1;
}
else if ( egrep(pattern:"Darwin.* (6\.9|[0-9][0-9]\.|7\.(9\.|[0-9][0-9]\.))", string:uname) ) non_vuln = 1;

if ( non_vuln )
{
 foreach cve (make_list("CVE-2005-0340", "CVE-2005-0715", "CVE-2005-0716", "CVE-2005-0713", "CVE-2004-1011", "CVE-2004-1012", "CVE-2004-1013", "CVE-2004-1015", "CVE-2004-1067", "CVE-2002-1347", "CVE-2004-0884", "CVE-2005-0712", "CVE-2005-0202", "CVE-2005-0235" ))
	{
	set_kb_item(name:cve, value:TRUE);
	}
}
VendorProductVersionCPE
applemac_os_xcpe:/o:apple:mac_os_x

Related

nessus 34
exploitpack 1
seebug 1
openvas 48
gentoo 3
exploitdb 1
altlinux 2
suse 4
securityvulns 4
ubuntucve 7
debiancve 8
cve 16
debian 16
ubuntu 4
osv 4
redhat 3
freebsd 5
veracode 1
hackerone 2
nessus
nessus
Cyrus IMAP Server < 2.2.10 Multiple Remote Overflows
2004-11-23 00:00:00
GLSA-200411-34 : Cyrus IMAP Server: Multiple remote vulnerabilities
2004-11-25 00:00:00
Fedora Core 3 : cyrus-imapd-2.2.10-1.fc3 (2004-487)
2004-12-02 00:00:00
exploitpack
exploitpack
Apple Mac OSX 10.3.x - Multiple Vulnerabilities
2005-03-21 00:00:00
seebug
seebug
Apple Mac OS X 10.3.x Multiple Vulnerabilities
2014-07-01 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200411-34 (cyrus-imapd)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200411-34 (cyrus-imapd)
2008-09-24 00:00:00
FreeBSD Ports: cyrus-imapd
2008-09-04 00:00:00
gentoo
gentoo
Cyrus IMAP Server: Multiple remote vulnerabilities
2004-11-25 00:00:00
Mailman: Directory traversal vulnerability
2005-02-10 00:00:00
Cyrus-SASL: Buffer overflow and SASL_PATH vulnerabilities
2004-10-07 00:00:00
exploitdb
exploitdb
Apple Mac OSX 10.3.x - Multiple Vulnerabilities
2005-03-21 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 8 package cyrus-imapd version 2.2.9-alt1
2004-11-23 00:00:00
Security fix for the ALT Linux 8 package cyrus-imapd version 2.2.10-alt1
2004-11-24 00:00:00
suse
suse
remote command execution in cyrus-imapd
2004-12-03 13:37:30
remote command execution in cyrus-imapd
2002-12-20 18:02:33
phishing problems in opera
2005-06-15 12:18:58
securityvulns
securityvulns
Advisory 15/2004: Cyrus IMAP Server multiple remote vulnerabilities
2004-11-24 00:00:00
iDEFENSE Security Advisory 03.21.05: Mac OS X CF_CHARSET_PATH Buffer Overflow Vulnerability
2005-03-22 00:00:00
[ GLSA 200410-05 ] Cyrus-SASL: Buffer overflow and SASL_PATH vulnerabilities
2004-10-08 00:00:00
ubuntucve
ubuntucve
CVE-2004-1015
2005-01-10 00:00:00
CVE-2004-1011
2005-01-10 00:00:00
CVE-2004-1067
2005-01-10 00:00:00
debiancve
debiancve
CVE-2004-1015
2005-01-10 05:00:00
CVE-2004-1011
2005-01-10 05:00:00
CVE-2002-1347
2002-12-18 05:00:00
cve
cve
CVE-2004-1015
2005-01-10 05:00:00
CVE-2004-1011
2005-01-10 05:00:00
CVE-2002-1347
2002-12-18 05:00:00
debian
debian
[SECURITY] [DSA 597-1] New cyrus-imapd packages fix arbitrary code execution
2004-11-25 09:34:48
[SECURITY] [DSA 597-1] New cyrus-imapd packages fix arbitrary code execution
2004-11-25 09:34:48
[SECURITY] [DSA 563-2] New cyrus-sasl packages really fix arbitrary code execution
2004-10-12 16:54:23
ubuntu
ubuntu
cyrus21-imapd vulnerabilities
2004-11-24 00:00:00
cyrus21-imapd vulnerability
2004-12-02 00:00:00
Fixed mailman packages for USN-78-1
2005-02-17 00:00:00
osv
osv
cyrus-imapd - buffer overflow
2004-11-25 00:00:00
cyrus-sasl-mit - unsanitised input
2004-10-16 00:00:00
cyrus-sasl - unsanitised input
2004-10-14 00:00:00
redhat
redhat
(RHSA-2005:136) mailman security update
2005-02-10 00:00:00
(RHSA-2005:137) mailman security update
2005-02-15 00:00:00
(RHSA-2004:546) cyrus-sasl security update
2004-10-07 00:00:00
freebsd
freebsd
mailman -- directory traversal vulnerability
2005-01-02 00:00:00
cyrus-sasl -- dynamic library loading and set-user-ID applications
2004-09-22 00:00:00
Cyrus IMAPd -- FETCH command out of bounds memory corruption
2004-11-06 00:00:00
veracode
veracode
Information Disclosure
2020-04-10 00:08:56
hackerone
hackerone
Uber: Configuration and/or source code files on uchat-staging.uberinternal.com can be viewed without OneLogin SSO Authentication
2017-12-17 22:29:41
Uber: It's possible to view configuration and/or source code on uchat.awscorp.uberinternal.com without
2017-12-17 00:36:48
JSON
Related for MACOSX_SECUPD2005-003.NASL
nessus34exploitpack1seebug1openvas48gentoo3exploitdb1altlinux2suse4securityvulns4ubuntucve7debiancve8cve16debian16ubuntu4osv4redhat3freebsd5veracode1hackerone2