Copyright (C) 2011 Greenbone AGOPENVAS:1361412562310802144Mac OS X v10.6.4 Multiple Vulnerabilities (2010-007)
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.7 High
AI Score
Confidence
High
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.974 High
EPSS
Percentile
99.9%
This host is missing an important security update according to
Mac OS X 10.6.5 Update/Mac OS X Security Update 2010-007
# SPDX-FileCopyrightText: 2011 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.802144");
script_version("2024-03-04T05:10:24+0000");
script_tag(name:"last_modification", value:"2024-03-04 05:10:24 +0000 (Mon, 04 Mar 2024)");
script_tag(name:"creation_date", value:"2011-09-07 08:36:57 +0200 (Wed, 07 Sep 2011)");
script_xref(name:"CISA", value:"Known Exploited Vulnerability (KEV) catalog");
script_xref(name:"URL", value:"https://www.cisa.gov/known-exploited-vulnerabilities-catalog");
script_cve_id("CVE-2010-1828", "CVE-2010-1829", "CVE-2010-1830", "CVE-2009-0796",
"CVE-2010-0408", "CVE-2010-0434", "CVE-2010-1842", "CVE-2010-1831",
"CVE-2010-1832", "CVE-2010-1833", "CVE-2010-4010", "CVE-2010-1752",
"CVE-2010-1834", "CVE-2010-1836", "CVE-2010-1837", "CVE-2010-2941",
"CVE-2010-1838", "CVE-2010-1840", "CVE-2010-0105", "CVE-2010-1841",
"CVE-2008-4546", "CVE-2009-3793", "CVE-2010-0209", "CVE-2010-1297",
"CVE-2010-2160", "CVE-2010-2161", "CVE-2010-2162", "CVE-2010-2163",
"CVE-2010-2164", "CVE-2010-2165", "CVE-2010-2166", "CVE-2010-2167",
"CVE-2010-2169", "CVE-2010-2170", "CVE-2010-2171", "CVE-2010-2172",
"CVE-2010-2173", "CVE-2010-2174", "CVE-2010-2175", "CVE-2010-2176",
"CVE-2010-2177", "CVE-2010-2178", "CVE-2010-2179", "CVE-2010-2180",
"CVE-2010-2181", "CVE-2010-2182", "CVE-2010-2183", "CVE-2010-2184",
"CVE-2010-2185", "CVE-2010-2186", "CVE-2010-2187", "CVE-2010-2189",
"CVE-2010-2188", "CVE-2010-2213", "CVE-2010-2214", "CVE-2010-2215",
"CVE-2010-2216", "CVE-2010-2884", "CVE-2010-3636", "CVE-2010-3638",
"CVE-2010-3639", "CVE-2010-3640", "CVE-2010-3641", "CVE-2010-3642",
"CVE-2010-3643", "CVE-2010-3644", "CVE-2010-3645", "CVE-2010-3646",
"CVE-2010-3647", "CVE-2010-3648", "CVE-2010-3649", "CVE-2010-3650",
"CVE-2010-3652", "CVE-2010-3654", "CVE-2010-3976", "CVE-2010-0001",
"CVE-2009-2624", "CVE-2010-1844", "CVE-2010-1845", "CVE-2010-1811",
"CVE-2010-1846", "CVE-2010-1847", "CVE-2010-1848", "CVE-2010-1849",
"CVE-2010-1850", "CVE-2009-2473", "CVE-2009-2474", "CVE-2010-1843",
"CVE-2010-0211", "CVE-2010-0212", "CVE-2010-1378", "CVE-2010-3783",
"CVE-2010-0397", "CVE-2010-2531", "CVE-2010-2484", "CVE-2010-3784",
"CVE-2009-4134", "CVE-2010-1449", "CVE-2010-1450", "CVE-2010-3785",
"CVE-2010-3786", "CVE-2010-3787", "CVE-2010-3788", "CVE-2010-3789",
"CVE-2010-3790", "CVE-2010-3791", "CVE-2010-3792", "CVE-2010-3793",
"CVE-2010-3794", "CVE-2010-3795", "CVE-2010-3796", "CVE-2010-1803",
"CVE-2010-3797", "CVE-2010-0205", "CVE-2010-3798", "CVE-2009-0946",
"CVE-2010-2497", "CVE-2010-2498", "CVE-2010-2499", "CVE-2010-2500",
"CVE-2010-2519", "CVE-2010-2520", "CVE-2010-2805", "CVE-2010-2806",
"CVE-2010-2807", "CVE-2010-2808", "CVE-2010-3053", "CVE-2010-3054",
"CVE-2011-1417", "CVE-2010-1205", "CVE-2010-2249", "CVE-2011-1290",
"CVE-2011-1344");
script_tag(name:"cvss_base", value:"10.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2020-08-14 15:50:00 +0000 (Fri, 14 Aug 2020)");
script_name("Mac OS X v10.6.4 Multiple Vulnerabilities (2010-007)");
script_xref(name:"URL", value:"http://support.apple.com/kb/HT4435");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/31537");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/34550");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/36079");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/36080");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/37886");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/37888");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/38478");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/38708");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/40100");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/40106");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/40109");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/40586");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/40779");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/40780");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/40781");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/40782");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/40783");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/40784");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/40785");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/40786");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/40787");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/40788");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/40789");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/40790");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/40791");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/40792");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/40793");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/40794");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/40795");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/40796");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/40797");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/40798");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/40799");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/40800");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/40801");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/40802");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/40803");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/40805");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/40806");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/40807");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/40808");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/40809");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/41049");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/41174");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/41663");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/41770");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/41991");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/42285");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/42361");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/42362");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/42363");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/42364");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/42621");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/42624");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/43076");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/43205");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/44504");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/44530");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/44671");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/44675");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/44677");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/44678");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/44679");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/44680");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/44681");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/44682");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/44683");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/44684");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/44685");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/44686");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/44687");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/44691");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/44692");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/44693");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/44729");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/44784");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/44789");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/44790");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/44792");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/44794");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/44799");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/44802");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/44803");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/44805");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/44806");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/44808");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/44811");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/44812");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/44813");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/44814");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/44819");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/44822");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/44828");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/44829");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/44831");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/44832");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/44833");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/44834");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/44835");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/44840");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/46822");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/46832");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/46849");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/49303");
script_xref(name:"URL", value:"http://www.securitytracker.com/id?1024723");
script_xref(name:"URL", value:"http://lists.apple.com/archives/security-announce//2011//Jul/msg00003.html");
script_xref(name:"URL", value:"http://lists.apple.com/archives/security-announce//2011//Mar/msg00000.html");
script_xref(name:"URL", value:"http://lists.apple.com/archives/security-announce//2011//Apr/msg00004.html");
script_copyright("Copyright (C) 2011 Greenbone AG");
script_category(ACT_GATHER_INFO);
script_family("Mac OS X Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/osx_name", "ssh/login/osx_version", re:"ssh/login/osx_version=^10\.[0-5]\.");
script_tag(name:"impact", value:"Successful exploitation could allow attackers to execute arbitrary code in
the context of the browser, obtain potentially sensitive information or cause
a denial-of-service condition.");
script_tag(name:"affected", value:"AFP Server
Apache mod_perl
Apache
AppKit
ATS
CFNetwork
CoreGraphics
CoreText
CUPS
Flash Player plug-in
gzip
Image Capture
ImageIO
Image RAW
MySQL
neon
OpenLDAP
OpenSSL
Password Server
PHP
python
Apple iWork
Apple Safari
Apple iTunes
QuickLook
QuickTime
Wiki Server
xar
X11
Time Machine
WebKit Open Source");
script_tag(name:"insight", value:"Please see the references for more information on the vulnerabilities.");
script_tag(name:"solution", value:"Run Mac Updates and update the Security Update 2010-007");
script_tag(name:"summary", value:"This host is missing an important security update according to
Mac OS X 10.6.5 Update/Mac OS X Security Update 2010-007");
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("pkg-lib-macosx.inc");
include("version_func.inc");
osName = get_kb_item( "ssh/login/osx_name" );
if( ! osName ) exit( 0 );
osVer = get_kb_item( "ssh/login/osx_version" );
if( ! osVer ) exit( 0 );
if( "Mac OS X" >< osName && "Server" >!< osName ) {
if( version_is_less_equal( version:osVer, test_version:"10.5.8" ) ||
version_in_range( version:osVer, test_version:"10.6.0", test_version2:"10.6.4" ) ) {
if( isosxpkgvuln( fixed:"com.apple.pkg.update.security.", diff:"2010.007" ) ) {
report = report_fixed_ver( installed_version:osName + " " + osVer, fixed_version:"Install the missing security update 2010.007" );
security_message( port:0, data:report );
exit( 0 );
}
}
}
if( "Mac OS X Server" >< osName ) {
if( version_is_less_equal( version:osVer, test_version:"10.5.8" ) ||
version_in_range( version:osVer, test_version:"10.6", test_version2:"10.6.4" ) ) {
if( isosxpkgvuln( fixed:"com.apple.pkg.update.security.", diff:"2010.007" ) ) {
report = report_fixed_ver( installed_version:osName + " " + osVer, fixed_version:"Install the missing security update 2010.007" );
security_message( port:0, data:report );
exit( 0 );
}
}
}
exit( 99 );
References
lists.apple.com/archives/security-announce//2011//Apr/msg00004.html
lists.apple.com/archives/security-announce//2011//Jul/msg00003.html
lists.apple.com/archives/security-announce//2011//Mar/msg00000.html
support.apple.com/kb/HT4435
www.securityfocus.com/bid/31537
www.securityfocus.com/bid/34550
www.securityfocus.com/bid/36079
www.securityfocus.com/bid/36080
www.securityfocus.com/bid/37886
www.securityfocus.com/bid/37888
www.securityfocus.com/bid/38478
www.securityfocus.com/bid/38708
www.securityfocus.com/bid/40100
www.securityfocus.com/bid/40106
www.securityfocus.com/bid/40109
www.securityfocus.com/bid/40586
www.securityfocus.com/bid/40779
www.securityfocus.com/bid/40780
www.securityfocus.com/bid/40781
www.securityfocus.com/bid/40782
www.securityfocus.com/bid/40783
www.securityfocus.com/bid/40784
www.securityfocus.com/bid/40785
www.securityfocus.com/bid/40786
www.securityfocus.com/bid/40787
www.securityfocus.com/bid/40788
www.securityfocus.com/bid/40789
www.securityfocus.com/bid/40790
www.securityfocus.com/bid/40791
www.securityfocus.com/bid/40792
www.securityfocus.com/bid/40793
www.securityfocus.com/bid/40794
www.securityfocus.com/bid/40795
www.securityfocus.com/bid/40796
www.securityfocus.com/bid/40797
www.securityfocus.com/bid/40798
www.securityfocus.com/bid/40799
www.securityfocus.com/bid/40800
www.securityfocus.com/bid/40801
www.securityfocus.com/bid/40802
www.securityfocus.com/bid/40803
www.securityfocus.com/bid/40805
www.securityfocus.com/bid/40806
www.securityfocus.com/bid/40807
www.securityfocus.com/bid/40808
www.securityfocus.com/bid/40809
www.securityfocus.com/bid/41049
www.securityfocus.com/bid/41174
www.securityfocus.com/bid/41663
www.securityfocus.com/bid/41770
www.securityfocus.com/bid/41991
www.securityfocus.com/bid/42285
www.securityfocus.com/bid/42361
www.securityfocus.com/bid/42362
www.securityfocus.com/bid/42363
www.securityfocus.com/bid/42364
www.securityfocus.com/bid/42621
www.securityfocus.com/bid/42624
www.securityfocus.com/bid/43076
www.securityfocus.com/bid/43205
www.securityfocus.com/bid/44504
www.securityfocus.com/bid/44530
www.securityfocus.com/bid/44671
www.securityfocus.com/bid/44675
www.securityfocus.com/bid/44677
www.securityfocus.com/bid/44678
www.securityfocus.com/bid/44679
www.securityfocus.com/bid/44680
www.securityfocus.com/bid/44681
www.securityfocus.com/bid/44682
www.securityfocus.com/bid/44683
www.securityfocus.com/bid/44684
www.securityfocus.com/bid/44685
www.securityfocus.com/bid/44686
www.securityfocus.com/bid/44687
www.securityfocus.com/bid/44691
www.securityfocus.com/bid/44692
www.securityfocus.com/bid/44693
www.securityfocus.com/bid/44729
www.securityfocus.com/bid/44784
www.securityfocus.com/bid/44789
www.securityfocus.com/bid/44790
www.securityfocus.com/bid/44792
www.securityfocus.com/bid/44794
www.securityfocus.com/bid/44799
www.securityfocus.com/bid/44802
www.securityfocus.com/bid/44803
www.securityfocus.com/bid/44805
www.securityfocus.com/bid/44806
www.securityfocus.com/bid/44808
www.securityfocus.com/bid/44811
www.securityfocus.com/bid/44812
www.securityfocus.com/bid/44813
www.securityfocus.com/bid/44814
www.securityfocus.com/bid/44819
www.securityfocus.com/bid/44822
www.securityfocus.com/bid/44828
www.securityfocus.com/bid/44829
www.securityfocus.com/bid/44831
www.securityfocus.com/bid/44832
www.securityfocus.com/bid/44833
www.securityfocus.com/bid/44834
www.securityfocus.com/bid/44835
www.securityfocus.com/bid/44840
www.securityfocus.com/bid/46822
www.securityfocus.com/bid/46832
www.securityfocus.com/bid/46849
www.securityfocus.com/bid/49303
www.securitytracker.com/id?1024723
www.cisa.gov/known-exploited-vulnerabilities-catalog
Known Exploited Vulnerability (KEV) catalog
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.7 High
AI Score
Confidence
High
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.974 High
EPSS
Percentile
99.9%