Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2007-2018 Tenable Network Security, Inc.MACOSX_SECUPD2007-002.NASL
HistoryFeb 16, 2007 - 12:00 a.m.

Mac OS X Multiple Vulnerabilities (Security Update 2007-002)

2007-02-1600:00:00
This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.
www.tenable.com
7
JSON

The remote host is running a version of Mac OS X 10.4 that does not have Security Update 2007-002 applied.

This update fixes security flaws in the following applications :

  • Finder
  • iChat
  • UserNotification
#
# (C) Tenable Network Security, Inc.
#

if ( ! defined_func("bn_random") ) exit(0);

include("compat.inc");

if(description)
{
 script_id(24354);
 script_version ("1.16");

 script_cve_id("CVE-2007-0021", "CVE-2007-0023", "CVE-2007-0197", "CVE-2007-0613", "CVE-2007-0614", "CVE-2007-0710");
 script_bugtraq_id(21980, 22146, 22188, 22304);

 script_name(english:"Mac OS X Multiple Vulnerabilities (Security Update 2007-002)");
 
 script_set_attribute(attribute:"synopsis", value:
"The remote host is missing a Mac OS X update which fixes several
security issues." );
 script_set_attribute(attribute:"description", value:
"The remote host is running a version of Mac OS X 10.4 that does not
have Security Update 2007-002 applied. 

This update fixes security flaws in the following applications :

- Finder
- iChat
- UserNotification" );
 # http://web.archive.org/web/20080110231039/http://docs.info.apple.com/article.html?artnum=305102
 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?22a97335" );
 script_set_attribute(attribute:"solution", value:
"Install Security Update 2007-002 :

http://www.apple.com/support/downloads/securityupdate2007002universal.html
http://www.apple.com/support/downloads/securityupdate2007002panther.html" );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
 script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"true");
 script_cwe_id(20, 119, 399);

 script_set_attribute(attribute:"plugin_publication_date", value: "2007/02/16");
 script_set_attribute(attribute:"vuln_publication_date", value: "2007/01/09");
 script_set_attribute(attribute:"patch_publication_date", value: "2007/02/15");
 script_cvs_date("Date: 2018/07/14  1:59:35");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x");
script_end_attributes();

 script_summary(english:"Check for the presence of the SecUpdate 2007-002");
 script_category(ACT_GATHER_INFO);
 script_copyright(english:"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.");
 script_family(english:"MacOS X Local Security Checks");
 script_dependencies("ssh_get_info.nasl");
 script_require_keys("Host/MacOSX/packages");
 exit(0);
}

#

packages = get_kb_item("Host/MacOSX/packages");
if ( ! packages ) exit(0);



uname = get_kb_item("Host/uname");
if ( egrep(pattern:"Darwin.* (7\.[0-9]\.|8\.[0-8]\.)", string:uname) )
{
  if (!egrep(pattern:"^SecUpd(Srvr)?(2007-00[2-9]|200[89]-|20[1-9][0-9]-)", string:packages)) 
    security_hole(0);
}
VendorProductVersionCPE
applemac_os_xcpe:/o:apple:mac_os_x

Related

securityvulns 4
cve 6
prion 6
cert 4
packetstorm 1
checkpoint_advisories 3
securityvulns
securityvulns
Multiple Apple iChat Bonjour DoS conditions
2007-02-01 00:00:00
Apple Mac OS X UserNotificationCenter privilege escalation
2007-01-24 00:00:00
Apple iChat format string vulnerability
2007-01-21 00:00:00
cve
cve
CVE-2007-0710
2007-02-16 19:28:00
CVE-2007-0613
2007-01-31 11:28:00
CVE-2007-0197
2007-01-11 11:28:00
prion
prion
Design/Logic Flaw
2007-02-16 19:28:00
Cross site request forgery (csrf)
2007-01-24 01:28:00
Design/Logic Flaw
2007-01-31 11:28:00
cert
cert
Apple Mac OS X Finder DMG volume name buffer overflow
2007-02-16 00:00:00
Apple Mac OS X UserNotificationCenter privilege escalation vulnerability
2007-02-19 00:00:00
Apple iChat AIM URI handler format string vulnerability
2007-02-16 00:00:00
packetstorm
packetstorm
MOAB-22-01-2007.rb.txt
2007-01-24 00:00:00
checkpoint_advisories
checkpoint_advisories
Apple Computer Finder DMG Volume Name Memory Corruption - Ver2 (CVE-2007-0197)
2014-12-28 00:00:00
Apple Computer Finder DMG Volume Name Memory Corruption (CVE-2007-0197)
2009-10-05 00:00:00
Apple Mac OS X iChat AIM URL Format String (CVE-2007-0021)
2009-10-05 00:00:00
JSON
Related for MACOSX_SECUPD2007-002.NASL
securityvulns4cve6prion6cert4packetstorm1checkpoint_advisories3