Lucene search

HistoryMar 31, 2017 - 12:00 a.m.

macOS 10.12.x < 10.12.4 Multiple Vulnerabilities (httpoxy)

2017-03-3100:00:00

www.tenable.com

The remote host is running a version of macOS that is 10.12.x prior to 10.12.4. It is, therefore, affected by multiple vulnerabilities in multiple components, some of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these remote code execution vulnerabilities by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user. The affected components are as follows :

apache
apache_mod_php
AppleGraphicsPowerManagement
AppleRAID
Audio
Bluetooth
Carbon
CoreGraphics
CoreMedia
CoreText
curl
EFI
FinderKit
FontParser
HTTPProtocol
Hypervisor
iBooks
ImageIO
Intel Graphics Driver
IOATAFamily
IOFireWireAVC
IOFireWireFamily
Kernel
Keyboards
libarchive
libc++abi
LibreSSL
MCX Client
Menus
Multi-Touch
OpenSSH
OpenSSL
Printing
python
QuickTime
Security
SecurityFoundation
sudo
System Integrity Protection
tcpdump
tiffutil
WebKit

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(99134);
  script_version("1.9");
  script_cvs_date("Date: 2019/11/13");

  script_cve_id(
    "CVE-2016-0736",
    "CVE-2016-2161",
    "CVE-2016-3619",
    "CVE-2016-4688",
    "CVE-2016-5387",
    "CVE-2016-5636",
    "CVE-2016-7056",
    "CVE-2016-7585",
    "CVE-2016-7922",
    "CVE-2016-7923",
    "CVE-2016-7924",
    "CVE-2016-7925",
    "CVE-2016-7926",
    "CVE-2016-7927",
    "CVE-2016-7928",
    "CVE-2016-7929",
    "CVE-2016-7930",
    "CVE-2016-7931",
    "CVE-2016-7932",
    "CVE-2016-7933",
    "CVE-2016-7934",
    "CVE-2016-7935",
    "CVE-2016-7936",
    "CVE-2016-7937",
    "CVE-2016-7938",
    "CVE-2016-7939",
    "CVE-2016-7940",
    "CVE-2016-7973",
    "CVE-2016-7974",
    "CVE-2016-7975",
    "CVE-2016-7983",
    "CVE-2016-7984",
    "CVE-2016-7985",
    "CVE-2016-7986",
    "CVE-2016-7992",
    "CVE-2016-7993",
    "CVE-2016-8574",
    "CVE-2016-8575",
    "CVE-2016-8740",
    "CVE-2016-8743",
    "CVE-2016-9533",
    "CVE-2016-9535",
    "CVE-2016-9536",
    "CVE-2016-9537",
    "CVE-2016-9538",
    "CVE-2016-9539",
    "CVE-2016-9540",
    "CVE-2016-9586",
    "CVE-2016-9935",
    "CVE-2016-10009",
    "CVE-2016-10010",
    "CVE-2016-10011",
    "CVE-2016-10012",
    "CVE-2016-10158",
    "CVE-2016-10159",
    "CVE-2016-10160",
    "CVE-2016-10161",
    "CVE-2017-2379",
    "CVE-2017-2381",
    "CVE-2017-2388",
    "CVE-2017-2390",
    "CVE-2017-2398",
    "CVE-2017-2401",
    "CVE-2017-2402",
    "CVE-2017-2403",
    "CVE-2017-2406",
    "CVE-2017-2407",
    "CVE-2017-2408",
    "CVE-2017-2409",
    "CVE-2017-2410",
    "CVE-2017-2413",
    "CVE-2017-2416",
    "CVE-2017-2417",
    "CVE-2017-2418",
    "CVE-2017-2420",
    "CVE-2017-2421",
    "CVE-2017-2422",
    "CVE-2017-2423",
    "CVE-2017-2425",
    "CVE-2017-2426",
    "CVE-2017-2427",
    "CVE-2017-2428",
    "CVE-2017-2429",
    "CVE-2017-2430",
    "CVE-2017-2431",
    "CVE-2017-2432",
    "CVE-2017-2435",
    "CVE-2017-2436",
    "CVE-2017-2437",
    "CVE-2017-2438",
    "CVE-2017-2439",
    "CVE-2017-2440",
    "CVE-2017-2441",
    "CVE-2017-2443",
    "CVE-2017-2448",
    "CVE-2017-2449",
    "CVE-2017-2450",
    "CVE-2017-2451",
    "CVE-2017-2456",
    "CVE-2017-2458",
    "CVE-2017-2461",
    "CVE-2017-2462",
    "CVE-2017-2467",
    "CVE-2017-2472",
    "CVE-2017-2473",
    "CVE-2017-2474",
    "CVE-2017-2477",
    "CVE-2017-2478",
    "CVE-2017-2482",
    "CVE-2017-2483",
    "CVE-2017-2485",
    "CVE-2017-2487",
    "CVE-2017-2489",
    "CVE-2017-2490",
    "CVE-2017-5029",
    "CVE-2017-5202",
    "CVE-2017-5203",
    "CVE-2017-5204",
    "CVE-2017-5205",
    "CVE-2017-5341",
    "CVE-2017-5342",
    "CVE-2017-5482",
    "CVE-2017-5483",
    "CVE-2017-5484",
    "CVE-2017-5485",
    "CVE-2017-5486",
    "CVE-2017-6974",
    "CVE-2017-7070"
  );
  script_bugtraq_id(
    85919,
    91247,
    91816,
    94572,
    94650,
    94742,
    94744,
    94745,
    94746,
    94747,
    94753,
    94754,
    94846,
    94968,
    94972,
    94975,
    94977,
    95019,
    95076,
    95077,
    95078,
    95375,
    95764,
    95768,
    95774,
    95783,
    95852,
    96767,
    97132,
    97134,
    97137,
    97140,
    97146,
    97147,
    97300,
    97301,
    97303
  );
  script_xref(name:"APPLE-SA", value:"APPLE-SA-2017-03-27-3");
  script_xref(name:"CERT", value:"797896");
  script_xref(name:"EDB-ID", value:"40961");
  script_xref(name:"EDB-ID", value:"40962");

  script_name(english:"macOS 10.12.x < 10.12.4 Multiple Vulnerabilities (httpoxy)");
  script_summary(english:"Checks the version of macOS.");

  script_set_attribute(attribute:"synopsis", value:
"The remote host is missing a macOS update that fixes multiple security
vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The remote host is running a version of macOS that is 10.12.x prior to
10.12.4. It is, therefore, affected by multiple vulnerabilities in
multiple components, some of which are remote code execution
vulnerabilities. An unauthenticated, remote attacker can exploit these
remote code execution vulnerabilities by convincing a user to visit a
specially crafted website, resulting in the execution of arbitrary
code in the context of the current user. The affected components are
as follows :

  - apache
  - apache_mod_php
  - AppleGraphicsPowerManagement
  - AppleRAID
  - Audio
  - Bluetooth
  - Carbon
  - CoreGraphics
  - CoreMedia
  - CoreText
  - curl
  - EFI
  - FinderKit
  - FontParser
  - HTTPProtocol
  - Hypervisor
  - iBooks
  - ImageIO
  - Intel Graphics Driver
  - IOATAFamily
  - IOFireWireAVC
  - IOFireWireFamily
  - Kernel
  - Keyboards
  - libarchive
  - libc++abi
  - LibreSSL
  - MCX Client
  - Menus
  - Multi-Touch
  - OpenSSH
  - OpenSSL
  - Printing
  - python
  - QuickTime
  - Security
  - SecurityFoundation
  - sudo
  - System Integrity Protection
  - tcpdump
  - tiffutil
  - WebKit");
  script_set_attribute(attribute:"see_also", value:"https://support.apple.com/en-us/HT207615");
  # https://lists.apple.com/archives/security-announce/2017/Mar/msg00004.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ddb4db4a");
  script_set_attribute(attribute:"see_also", value:"https://httpoxy.org");
  script_set_attribute(attribute:"solution", value:
"Upgrade to macOS version 10.12.4 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-5636");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"in_the_news", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/01/21");
  script_set_attribute(attribute:"patch_publication_date", value:"2017/03/27");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/03/31");

  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:macos");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"MacOS X Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl", "os_fingerprint.nasl");
  script_require_ports("Host/MacOSX/Version", "Host/OS");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");

os = get_kb_item("Host/MacOSX/Version");
if (!os)
{
  os = get_kb_item_or_exit("Host/OS");
  if ("Mac OS X" >!< os) audit(AUDIT_OS_NOT, "macOS / Mac OS X");

  c = get_kb_item("Host/OS/Confidence");
  if (c <= 70) exit(1, "Can't determine the host's OS with sufficient confidence.");
}
if (!os) audit(AUDIT_OS_NOT, "macOS / Mac OS X");

matches = eregmatch(pattern:"Mac OS X ([0-9]+(\.[0-9]+)+)", string:os);
if (isnull(matches)) exit(1, "Failed to parse the macOS / Mac OS X version ('" + os + "').");

version = matches[1];
if (version !~ "^10\.12($|[^0-9])") audit(AUDIT_OS_NOT, "Mac OS 10.12.x");

fixed_version = "10.12.4";
if (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)
{
  security_report_v4(
    port:0,
    severity:SECURITY_HOLE,
    xss:TRUE,
    extra:
      '\n  Installed version : ' + version +
      '\n  Fixed version     : ' + fixed_version +
      '\n'
  );
}
else audit(AUDIT_INST_VER_NOT_VULN, "macOS / Mac OS X", version);

VendorProductVersionCPE
applemacoscpe:/o:apple:macos

Vendor	Product	Version	CPE
apple	macos		cpe:/o:apple:macos

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0736

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10009

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10010

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10011

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10012

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10158

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10159

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10160

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10161

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2161

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3619

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4688

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5387

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5636

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7056

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7585

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7922

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7923

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7924

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7925

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7926

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7927

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7928

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7929

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7930

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7931

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7932

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7933

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7934

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7935

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7936

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7937

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7938

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7939

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7940

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7973

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7974

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7975

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7983

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7984

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7985

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7986

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7992

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7993

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8574

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8575

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8740

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8743

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9533

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9535

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9536

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9537

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9538

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9539

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9540

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9586

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9935

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2379

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2381

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2388

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2390

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2398

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2401

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2402

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2403

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2406

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2407

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2408

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2409

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2410

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2413

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2416

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2417

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2418

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2420

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2421

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2422

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2423

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2425

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2426

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2427

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2428

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2429

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2430

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2431

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2432

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2435

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2436

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2437

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2438

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2439

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2440

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2441

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2443

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2448

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2449

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2450

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2451

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2456

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2458

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2461

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2462

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2467

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2472

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2473

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2474

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2477

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2478

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2482

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2483

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2485

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2487

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2489

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2490

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5029

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5202

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5203

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5204

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5205

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5341

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5342

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5482

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5483

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5484

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5485

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5486

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6974

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7070

www.nessus.org/u?ddb4db4a

httpoxy.org

support.apple.com/en-us/HT207615

JSON

Related for MACOS_10_12_4.NASL