Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.MACOS_10_13_2.NASL
HistoryDec 07, 2017 - 12:00 a.m.

macOS 10.13.x < 10.13.2 Multiple Vulnerabilities (Meltdown)

2017-12-0700:00:00
This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
338
JSON

The remote host is running a version of Mac OS X that is 10.13.x prior to 10.13.2. It is, therefore, affected by multiple vulnerabilities in the following components :

  • apache
  • curl
  • Directory Utility
  • IOAcceleratorFamily
  • IOKit
  • Intel Graphics Driver
  • Kernel
  • Mail
  • Mail Drafts
  • OpenSSL
  • Screen Sharing Server

Note that successful exploitation of the most serious issues can result in arbitrary code execution.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(105080);
  script_version("1.12");
  script_cvs_date("Date: 2019/06/19 15:17:43");

  script_cve_id(
    "CVE-2017-1000254",
    "CVE-2017-13847",
    "CVE-2017-13848",
    "CVE-2017-13855",
    "CVE-2017-13858",
    "CVE-2017-13860",
    "CVE-2017-13862",
    "CVE-2017-13865",
    "CVE-2017-13867",
    "CVE-2017-13868",
    "CVE-2017-13869",
    "CVE-2017-13871",
    "CVE-2017-13872",
    "CVE-2017-13875",
    "CVE-2017-13876",
    "CVE-2017-13878",
    "CVE-2017-13883",
    "CVE-2017-13886",
    "CVE-2017-13887",
    "CVE-2017-13892",
    "CVE-2017-13904",
    "CVE-2017-13905",
    "CVE-2017-13911",
    "CVE-2017-15422",
    "CVE-2017-3735",
    "CVE-2017-5754",
    "CVE-2017-7151",
    "CVE-2017-7154",
    "CVE-2017-7155",
    "CVE-2017-7158",
    "CVE-2017-7159",
    "CVE-2017-7162",
    "CVE-2017-7163",
    "CVE-2017-7171",
    "CVE-2017-7172",
    "CVE-2017-7173",
    "CVE-2017-9798"
  );
  script_bugtraq_id(
    100515,
    100872,
    101115,
    101981,
    102097,
    102098,
    102099,
    102100,
    102378,
    103134,
    103135
  );
  script_xref(name:"IAVA", value:"2018-A-0019");

  script_name(english:"macOS 10.13.x < 10.13.2 Multiple Vulnerabilities (Meltdown)");
  script_summary(english:"Checks the version of Mac OS X / macOS.");

  script_set_attribute(attribute:"synopsis", value:
"The remote host is missing a macOS update that fixes multiple security
vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The remote host is running a version of Mac OS X that is 10.13.x
prior to 10.13.2. It is, therefore, affected by multiple
vulnerabilities in the following components :

  - apache
  - curl
  - Directory Utility
  - IOAcceleratorFamily
  - IOKit
  - Intel Graphics Driver
  - Kernel
  - Mail
  - Mail Drafts
  - OpenSSL
  - Screen Sharing Server

Note that successful exploitation of the most serious issues can
result in arbitrary code execution.");
  script_set_attribute(attribute:"see_also", value:"https://support.apple.com/en-us/HT208331");
  script_set_attribute(attribute:"see_also", value:"https://support.apple.com/en-us/HT208394");
  script_set_attribute(attribute:"solution", value:
"Upgrade to macOS version 10.13.2 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-7172");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Mac OS X Root Privilege Escalation');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/12/06");
  script_set_attribute(attribute:"patch_publication_date", value:"2017/12/06");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/12/07");

  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:macos");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"MacOS X Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl", "os_fingerprint.nasl");
  script_require_ports("Host/MacOSX/Version", "Host/OS");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");

os = get_kb_item("Host/MacOSX/Version");
if (!os)
{
  os = get_kb_item_or_exit("Host/OS");
  if ("Mac OS X" >!< os) audit(AUDIT_OS_NOT, "macOS / Mac OS X");

  c = get_kb_item("Host/OS/Confidence");
  if (c <= 70) exit(1, "Can't determine the host's OS with sufficient confidence.");
}
if (!os) audit(AUDIT_OS_NOT, "macOS / Mac OS X");

matches = pregmatch(pattern:"Mac OS X ([0-9]+(\.[0-9]+)+)", string:os);
if (empty_or_null(matches)) exit(1, "Failed to parse the macOS / Mac OS X version ('" + os + "').");

version = matches[1];
fixed_version = "10.13.2";

if (version !~"^10\.13($|[^0-9])")
  audit(AUDIT_OS_NOT, "macOS 10.13.x");

if (ver_compare(ver:version, fix:'10.13.2', strict:FALSE) == -1)
{
  security_report_v4(
    port:0,
    severity:SECURITY_HOLE,
    extra:
      '\n  Installed version : ' + version +
      '\n  Fixed version     : ' + fixed_version +
      '\n'
  );
}
else audit(AUDIT_INST_VER_NOT_VULN, "macOS / Mac OS X", version);
VendorProductVersionCPE
applemac_os_xcpe:/o:apple:mac_os_x
applemacoscpe:/o:apple:macos

References

Related

apple 10
openvas 15
nessus 28
n0where 1
kitploit 1
prion 35
seebug 7
cnvd 2
exploitpack 1
packetstorm 3
cert 1
cve 35
zdt 10
zdi 5
debian 2
ibm 6
fedora 3
archlinux 1
debiancve 3
ubuntucve 2
amazon 1
redhatcve 2
osv 5
veracode 2
mageia 1
alpinelinux 1
ubuntu 2
freebsd 1
cloudfoundry 1
altlinux 3
slackware 1
exploitdb 1
checkpoint_advisories 1
f5 1
redhat 2
hackerone 1
httpd 1
centos 1
apple
apple
About the security content of macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan
2017-12-06 00:00:00
About the security content of macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan - Apple Support
2020-07-27 08:21:38
About the security content of watchOS 4.2 - Apple Support
2018-10-18 06:10:21
openvas
openvas
Apple MacOSX Security Updates(HT208331, HT208394)-01
2017-12-07 00:00:00
Apple MacOSX Security Updates(HT208331)-04
2017-12-07 00:00:00
Apple MacOSX Security Updates(HT208331)-02
2017-12-07 00:00:00
nessus
nessus
macOS and Mac OS X Multiple Vulnerabilities (Security Update 2017-002 and 2017-005)
2017-12-07 00:00:00
Apple TV < 11.2 Multiple Vulnerabilities
2018-01-05 00:00:00
MacOS 10.13 root Authentication Bypass (Security Update 2017-001)
2017-11-28 00:00:00
n0where
n0where
An Open-Source Pre and Post Callback-Based Framework for macOS Kernel Monitoring: Kemon
2018-08-21 18:47:21
kitploit
kitploit
Kemon - An Open-Source Pre And Post Callback-Based Framework For macOS Kernel Monitoring
2018-09-30 21:25:00
prion
prion
Code injection
2017-12-25 21:29:00
Code injection
2017-12-25 21:29:00
Hardcoded credentials
2019-01-11 18:29:00
seebug
seebug
MacOS kernel code execution due to lack of bounds checking in AppleIntelCapriController::GetLinkConfig(CVE-2017-13875)
2017-12-15 00:00:00
MacOS so_pcb type confusion in necp_get_socket_attributes(CVE-2017-13855)
2017-12-15 00:00:00
macOS High Sierra - Root Privilege Escalation (CVE-2017-13872)
2017-12-01 00:00:00
cnvd
cnvd
Apple macOS High Sierra Elevation of Privilege Vulnerability
2021-12-27 00:00:00
Apple macOS High Sierra Information Disclosure Vulnerability (CNVD-2022-15495)
2021-12-27 00:00:00
exploitpack
exploitpack
Apple macOS High Sierra 10.13 - ctl_ctloutput-leak Information Leak
2017-12-07 00:00:00
packetstorm
packetstorm
macOS necp_get_socket_attributes so_pcb Type Confusion
2017-12-12 00:00:00
macOS getrusage Stack Leak
2017-12-12 00:00:00
macOS process_policy Stack Leak
2018-01-12 00:00:00
cert
cert
Apple MacOS High Sierra disabled account authentication bypass
2017-11-29 00:00:00
cve
cve
CVE-2017-13878
2017-12-25 21:29:00
CVE-2017-13865
2017-12-25 21:29:00
CVE-2017-13858
2017-12-25 21:29:00
zdt
zdt
Apple macOS 10.13.1 High Sierra - Blank Root Local Privilege Escalation Vulnerability
2017-12-09 00:00:00
macOS 10.13 (17A365) - Kernel Memory Disclosure due to Lack of Bounds Checking in AppleIntelCapriCon
2018-01-19 00:00:00
macOS necp_get_socket_attributes so_pcb Type Confusion Exploit
2017-12-12 00:00:00
zdi
zdi
(Pwn2Own) Apple Safari UIProcess Out-Of-Bounds Access Privilege Escalation Vulnerability
2018-02-07 00:00:00
(Pwn2Own) Apple iOS backboardd Double Free Privilege Escalation Vulnerability
2018-02-07 00:00:00
Apple iOS backboardd Double Free Privilege Escalation Vulnerability
2018-02-07 00:00:00
debian
debian
[SECURITY] [DLA 1121-1] curl security update
2017-10-05 09:39:01
[SECURITY] [DSA 4150-1] icu security update
2018-03-23 18:46:51
ibm
ibm
Security Bulletin: Vulnerability in cURL affects IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter Systems (CVE-2017-1000254)
2023-04-14 14:32:25
Security Bulletin: Vulnerability in libcurl affects IBM Chassis Management Module (CVE-2017-1000254)
2019-01-31 02:40:01
Security Bulletin: Vulnerability in cURL affects IBM BladeCenter Advanced Management Module (AMM)
2023-04-14 14:32:25
fedora
fedora
[SECURITY] Fedora 27 Update: curl-7.55.1-6.fc27
2017-11-11 03:23:12
[SECURITY] Fedora 27 Update: curl-7.55.1-6.fc27
2017-11-11 13:41:16
[SECURITY] Fedora 26 Update: curl-7.53.1-11.fc26
2017-10-16 17:57:00
archlinux
archlinux
[ASA-201710-2] curl: denial of service
2017-10-05 00:00:00
debiancve
debiancve
CVE-2017-1000254
2017-10-06 13:29:00
CVE-2017-15422
2018-08-28 19:29:00
CVE-2017-9798
2017-09-18 15:29:00
ubuntucve
ubuntucve
CVE-2017-1000254
2017-10-04 00:00:00
CVE-2017-15422
2017-12-07 00:00:00
amazon
amazon
Medium: curl
2017-11-02 20:18:00
redhatcve
redhatcve
CVE-2017-1000254
2019-10-10 10:51:19
CVE-2017-15422
2017-12-07 10:23:39
osv
osv
CVE-2017-1000254
2017-10-06 13:29:00
CVE-2017-15422
2018-08-28 19:29:11
icu - security update
2018-03-23 00:00:00
veracode
veracode
Out-Of-Bounds Read
2019-05-16 03:21:39
Use After Free
2019-01-15 09:20:26
mageia
mageia
Updated icu packages fix security vulnerability
2017-12-31 18:14:43
alpinelinux
alpinelinux
CVE-2017-1000254
2017-10-06 13:29:00
ubuntu
ubuntu
ICU vulnerability
2018-03-28 00:00:00
Apache HTTP Server vulnerability
2017-09-19 00:00:00
freebsd
freebsd
cURL -- out of bounds read
2017-10-04 00:00:00
cloudfoundry
cloudfoundry
USN-3610-1: ICU vulnerability | Cloud Foundry
2018-05-02 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 8 package curl version 7.56.0-alt1
2017-10-04 00:00:00
Security fix for the ALT Linux 8 package apache2 version 1:2.4.28-alt1
2017-10-10 00:00:00
Security fix for the ALT Linux 10 package apache2 version 1:2.4.28-alt1
2017-10-10 00:00:00
slackware
slackware
[slackware-security] curl
2017-10-06 06:33:52
exploitdb
exploitdb
Apple macOS High Sierra 10.13 - &#039;ctl_ctloutput-leak&#039; Information Leak
2017-12-07 00:00:00
checkpoint_advisories
checkpoint_advisories
Apache HTTP Optionsbleed Memory Leak (CVE-2017-9798)
2017-09-18 00:00:00
f5
f5
K70084351 : Apache HTTPD vulnerability CVE-2017-9798
2017-09-19 00:00:00
redhat
redhat
(RHSA-2017:3018) Moderate: httpd24 security, bug fix, and enhancement update
2017-10-24 08:16:35
(RHSA-2017:2882) Moderate: httpd security update
2017-10-11 15:17:48
hackerone
hackerone
Internet Bug Bounty: Optionsbleed / CVE-2017-9798
2017-09-19 18:04:00
httpd
httpd
Apache Httpd < 2.4.28 : Use-after-free when using <Limit > with an unrecognized method in .htaccess ("OptionsBleed")
2017-07-12 00:00:00
centos
centos
httpd, mod_ldap, mod_proxy_html, mod_session, mod_ssl security update
2017-10-11 20:46:20
JSON
Related for MACOS_10_13_2.NASL
apple10openvas15nessus28n0where1kitploit1prion35seebug7cnvd2exploitpack1packetstorm3cert1cve35zdt10zdi5debian2ibm6fedora3archlinux1debiancve3ubuntucve2amazon1redhatcve2osv5veracode2mageia1alpinelinux1ubuntu2freebsd1cloudfoundry1altlinux3slackware1exploitdb1checkpoint_advisories1f51redhat2hackerone1httpd1centos1