Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2007-2018 Tenable Network Security, Inc.MACOSX_SECUPD2007-007.NASL
HistoryAug 02, 2007 - 12:00 a.m.

Mac OS X Multiple Vulnerabilities (Security Update 2007-007)

2007-08-0200:00:00
This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.
www.tenable.com
51
JSON

The remote host is running a version of Mac OS X 10.4 or 10.3 which does not have the security update 2007-007 applied.

This update contains several security fixes for the following programs :

  • bzip2
  • CFNetwork
  • CoreAudio
  • cscope
  • gnuzip
  • iChat
  • Kerberos
  • mDNSResponder
  • PDFKit
  • PHP
  • Quartz Composer
  • Samba
  • SquirrelMail
  • Tomcat
  • WebCore
  • WebKit
#
# (C) Tenable Network Security, Inc.
#

if ( ! defined_func("bn_random") ) exit(0);
if ( NASL_LEVEL < 3000 ) exit(0);


include("compat.inc");

if(description)
{
 script_id(25830);
 script_version ("1.18");
 script_cvs_date("Date: 2018/07/14  1:59:35");

 script_cve_id("CVE-2004-0996", "CVE-2004-2541", "CVE-2005-0758", "CVE-2005-2090", "CVE-2005-3128",
               "CVE-2006-2842", "CVE-2006-3174", "CVE-2006-4019", "CVE-2006-6142", "CVE-2007-0450",
               "CVE-2007-0478", "CVE-2007-1001", "CVE-2007-1262", "CVE-2007-1287", "CVE-2007-1358",
               "CVE-2007-1460", "CVE-2007-1461", "CVE-2007-1484", "CVE-2007-1521", "CVE-2007-1583",
               "CVE-2007-1711", "CVE-2007-1717", "CVE-2007-1860", "CVE-2007-2403", "CVE-2007-2404",
               "CVE-2007-2405", "CVE-2007-2406", "CVE-2007-2407", "CVE-2007-2408", "CVE-2007-2409",
               "CVE-2007-2410", "CVE-2007-2442", "CVE-2007-2443", "CVE-2007-2446", "CVE-2007-2447",
               "CVE-2007-2589", "CVE-2007-2798", "CVE-2007-3742", "CVE-2007-3744", "CVE-2007-3745",
               "CVE-2007-3746", "CVE-2007-3747", "CVE-2007-3748", "CVE-2007-3944");
 script_bugtraq_id(11697, 13582, 23910, 23972, 23973, 24195, 24196, 24197, 24198, 24653, 25159);

 script_name(english:"Mac OS X Multiple Vulnerabilities (Security Update 2007-007)");
 
 script_set_attribute(attribute:"synopsis", value:
"The remote host is missing a Mac OS X update that fixes various
security issues." );
 script_set_attribute(attribute:"description", value:
"The remote host is running a version of Mac OS X 10.4 or 10.3 which
does not have the security update 2007-007 applied. 

This update contains several security fixes for the following programs :

 - bzip2
 - CFNetwork
 - CoreAudio
 - cscope
 - gnuzip
 - iChat
 - Kerberos
 - mDNSResponder
 - PDFKit
 - PHP
 - Quartz Composer
 - Samba
 - SquirrelMail
 - Tomcat
 - WebCore
 - WebKit" );
 script_set_attribute(attribute:"see_also", value:"http://docs.info.apple.com/article.html?artnum=306172" );
 script_set_attribute(attribute:"solution", value:
"Install the security update 2007-007 :

http://www.apple.com/support/downloads/securityupdate200700710410universal.html
http://www.apple.com/support/downloads/securityupdate20070071039.html
http://www.apple.com/support/downloads/securityupdate20070071039server.html" );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
 script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"true");
 script_set_attribute(attribute:"exploit_framework_core", value:"true");
 script_set_attribute(attribute:"metasploit_name", value:'Samba "username map script" Command Execution');
 script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
 script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
 script_set_attribute(attribute:"canvas_package", value:'CANVAS');
 script_cwe_id(16, 20, 22, 59, 79, 119, 352);

 script_set_attribute(attribute:"plugin_publication_date", value: "2007/08/02");
 script_set_attribute(attribute:"patch_publication_date", value: "2007/08/01");
 script_set_attribute(attribute:"vuln_publication_date", value: "2004/11/09");
 script_set_attribute(attribute:"plugin_type", value:"local");
 script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x");
 script_end_attributes();

 script_summary(english:"Check for the presence of the SecUpdate 2007-007");
 script_category(ACT_GATHER_INFO);
 script_copyright(english:"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.");
 script_family(english:"MacOS X Local Security Checks");
 script_dependencies("ssh_get_info.nasl");
 script_require_keys("Host/MacOSX/packages");
 exit(0);
}


packages = get_kb_item("Host/MacOSX/packages");
if ( ! packages ) exit(0);



uname = get_kb_item("Host/uname");
if ( egrep(pattern:"Darwin.* (7\.[0-9]\.|8\.[0-9]\.|8\.10\.)", string:uname) )
{
  if (!egrep(pattern:"^SecUpd(Srvr)?(2007-00[789]|200[89]-|20[1-9][0-9]-)", string:packages)) 
    security_hole(0);
}
VendorProductVersionCPE
applemac_os_xcpe:/o:apple:mac_os_x

References

Related

seebug 1
openvas 42
fedora 8
tomcat 3
nessus 66
redhat 11
freebsd 3
debian 8
centos 10
oraclelinux 8
ubuntu 2
osv 3
suse 3
gentoo 4
securityvulns 6
debiancve 2
prion 3
cve 6
ubuntucve 2
altlinux 1
slackware 1
vmware 2
veracode 1
cert 1
jvn 1
checkpoint_advisories 1
seebug
seebug
Mac OS X 2007-007更新修复多个安全漏洞
2007-08-02 00:00:00
openvas
openvas
Fedora Update for squirrelmail FEDORA-2007-088
2009-02-27 00:00:00
FreeBSD Ports: apache-tomcat
2008-09-04 00:00:00
Mandriva Update for krb5 MDKSA-2007:137 (krb5)
2009-04-09 00:00:00
fedora
fedora
[SECURITY] Fedora Core 5 Update: squirrelmail-1.4.8-3.fc5
2007-01-17 16:30:01
[SECURITY] Fedora Core 6 Update: krb5-1.5-21.1
2007-06-28 13:31:24
[SECURITY] Fedora Core 6 Update: squirrelmail-1.4.10a-1.fc6
2007-05-14 17:19:18
tomcat
tomcat
Fixed in Apache Tomcat 4.1.36
2005-06-30 00:00:00
Fixed in Apache Tomcat 5.5.22, 5.0.SVN
2007-01-23 00:00:00
Fixed in Apache Tomcat JK Connector 1.2.23
2007-01-23 00:00:00
nessus
nessus
Apache Tomcat 4.x < 4.1.36 Multiple Vulnerabilities
2011-11-18 00:00:00
FreeBSD : tomcat -- multiple vulnerabilities (872623af-39ec-11dc-b8cc-000fea449b8a)
2007-07-27 00:00:00
Scientific Linux Security Update : krb5 on SL3.x i386/x86_64
2012-08-01 00:00:00
redhat
redhat
(RHSA-2007:0360) Important: jbossas security update
2007-05-24 00:00:00
(RHSA-2007:0562) Important: krb5 security update
2007-06-26 00:00:00
(RHSA-2007:0384) Critical: krb5 security update
2007-06-26 00:00:00
freebsd
freebsd
tomcat -- multiple vulnerabilities
2007-04-27 00:00:00
samba -- multiple vulnerabilities
2007-05-14 00:00:00
cscope -- buffer overflow vulnerabilities
2004-11-11 00:00:00
debian
debian
[SECURITY] [DSA 1323-1] New krb5 packages fix several vulnerabilities
2007-06-28 20:13:18
[SECURITY] [DSA 1291-2] New samba packages fix multiple vulnerabilities
2007-05-17 12:29:25
[SECURITY] [DSA 1291-2] New samba packages fix multiple vulnerabilities
2007-05-17 12:29:25
centos
centos
krb5 security update
2007-06-26 23:52:15
krb5 security update
2007-06-26 23:36:28
krb5 security update
2007-06-26 20:37:06
oraclelinux
oraclelinux
Critical: krb5 security update
2007-06-27 00:00:00
Important: krb5 security update
2007-06-26 00:00:00
Important: tomcat security update
2007-06-26 00:00:00
ubuntu
ubuntu
krb5 vulnerabilities
2007-06-27 00:00:00
Samba vulnerabilities
2007-05-16 00:00:00
osv
osv
krb5
2007-06-28 00:00:00
samba
2007-05-15 00:00:00
cscope - buffer overflows
2006-05-19 00:00:00
suse
suse
remote code execution in krb5
2007-07-03 17:33:35
remote code execution in samba
2007-05-22 14:13:43
remote code execution in php4,php5
2007-05-23 13:16:49
gentoo
gentoo
MIT Kerberos 5: Arbitrary remote code execution
2007-07-25 00:00:00
Samba: Multiple vulnerabilities
2007-05-15 00:00:00
PHP: Multiple vulnerabilities
2007-05-26 00:00:00
securityvulns
securityvulns
MIT Kerberos multiple security vulnerabilities
2007-06-27 00:00:00
MITKRB5-SA-2007-004: kadmind multiple RPC lib vulnerabilities
2007-06-26 00:00:00
Apache Tomcat directory traversal
2007-03-14 00:00:00
debiancve
debiancve
CVE-2007-1860
2007-05-25 18:30:00
CVE-2004-2541
2004-12-31 05:00:00
prion
prion
Directory traversal
2007-05-25 18:30:00
Code injection
2007-08-03 20:17:00
Integer overflow
2007-08-03 10:17:00
cve
cve
CVE-2007-1860
2007-05-25 18:30:00
CVE-2004-2541
2004-12-31 05:00:00
CVE-2006-6142
2006-12-05 11:28:00
ubuntucve
ubuntucve
CVE-2007-1860
2007-05-25 00:00:00
CVE-2004-2541
2004-12-31 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 5 package samba version 3.0.25-alt1
2007-05-14 00:00:00
slackware
slackware
[slackware-security] samba
2007-05-15 03:03:31
vmware
vmware
Updated Tomcat and Java JRE packages for VirtualCenter 2.5, VirtualCenter 2.0.2, ESX 3.5, ESX 3.0.2, and ESX 3.0.1.
2008-01-07 00:00:00
Updated Tomcat and Java JRE packages for VirtualCenter 2.5, VirtualCenter 2.0.2, ESX 3.5, ESX 3.0.2, and ESX 3.0.1.
2008-01-07 00:00:00
veracode
veracode
Cross-site Scripting (XSS)
2020-04-10 00:16:12
cert
cert
Single crafted HTTP request may result in multiple responses
2005-02-04 00:00:00
jvn
jvn
JVN#16018033 Safari URL spoofing vulnerability
2007-08-02 00:00:00
checkpoint_advisories
checkpoint_advisories
Apple Safari Regular Expression Heap Buffer Overflow (CVE-2007-3944)
2010-02-21 00:00:00
JSON
Related for MACOSX_SECUPD2007-007.NASL
seebug1openvas42fedora8tomcat3nessus66redhat11freebsd3debian8centos10oraclelinux8ubuntu2osv3suse3gentoo4securityvulns6debiancve2prion3cve6ubuntucve2altlinux1slackware1vmware2veracode1cert1jvn1checkpoint_advisories1