Lucene search

HistoryFeb 06, 2012 - 12:00 a.m.

Mac OS X Multiple Vulnerabilities (2012-001)

2012-02-0600:00:00

plugins.openvas.org

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

7.7 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.794 High

EPSS

Percentile

98.2%

JSON

This host is missing an important security update according to
Mac OS X Update/Mac OS X Security Update 2012-001.

# SPDX-FileCopyrightText: 2012 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.802392");
  script_version("2024-02-09T05:06:25+0000");
  script_cve_id("CVE-2011-3444", "CVE-2011-3348", "CVE-2011-3389", "CVE-2011-3246",
                "CVE-2011-3447", "CVE-2011-0200", "CVE-2011-3252", "CVE-2011-3448",
                "CVE-2011-3449", "CVE-2011-3450", "CVE-2011-2192", "CVE-2011-2895",
                "CVE-2011-3452", "CVE-2011-3441", "CVE-2011-3453", "CVE-2011-3422",
                "CVE-2011-3457", "CVE-2011-1148", "CVE-2011-1657", "CVE-2011-1938",
                "CVE-2011-2202", "CVE-2011-2483", "CVE-2011-3182", "CVE-2011-3189",
                "CVE-2011-3267", "CVE-2011-3268", "CVE-2011-3256", "CVE-2011-3328",
                "CVE-2011-3458", "CVE-2011-3248", "CVE-2011-3459", "CVE-2011-3250",
                "CVE-2011-3460", "CVE-2011-3249", "CVE-2010-1637", "CVE-2010-2813",
                "CVE-2010-4554", "CVE-2010-4555", "CVE-2011-2023", "CVE-2011-1752",
                "CVE-2011-1783", "CVE-2011-1921", "CVE-2011-3462", "CVE-2011-2204",
                "CVE-2011-3463", "CVE-2011-2937", "CVE-2011-0241", "CVE-2011-1167");
  script_tag(name:"last_modification", value:"2024-02-09 05:06:25 +0000 (Fri, 09 Feb 2024)");
  script_tag(name:"creation_date", value:"2012-02-06 17:42:28 +0530 (Mon, 06 Feb 2012)");
  script_tag(name:"cvss_base", value:"10.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2024-02-08 19:56:01 +0000 (Thu, 08 Feb 2024)");
  script_name("Mac OS X Multiple Vulnerabilities (2012-001)");
  script_xref(name:"URL", value:"http://support.apple.com/kb/HT5130");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/37118");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/40291");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/42399");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/46843");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/46951");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/47820");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/47950");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/48007");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/48091");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/48259");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/48416");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/48434");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/48456");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/48566");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/48648");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/48833");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/49124");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/49229");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/49241");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/49249");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/49252");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/49303");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/49376");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/49429");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/49616");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/49744");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/49778");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/50065");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/50091");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/50092");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/50099");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/50112");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/50115");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/50155");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/50400");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/50401");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/50404");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/50641");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/51807");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/51808");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/51809");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/51810");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/51811");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/51812");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/51813");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/51814");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/51815");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/51816");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/51817");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/51818");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/51819");
  script_xref(name:"URL", value:"http://secunia.com/advisories/47843/");
  script_xref(name:"URL", value:"http://securitytracker.com/id/1026627");
  script_xref(name:"URL", value:"http://lists.apple.com/archives/security-announce/2012/Feb/msg00001.html");

  script_copyright("Copyright (C) 2012 Greenbone AG");
  script_category(ACT_GATHER_INFO);
  script_family("Mac OS X Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/osx_name", "ssh/login/osx_version", re:"ssh/login/osx_version=^10\.[67]\.");
  script_tag(name:"impact", value:"Successful exploitation could allow attackers to execute arbitrary code in
  the context of the browser, inject scripts, bypass certain security
  restrictions or cause a denial-of-service condition.");
  script_tag(name:"affected", value:"Address Book, Apache, CFNetwork, ColorSync, CoreAudio, CoreText, CoreUI
  curl, Data Security, dovecot, filecmds, ImageIO, Internet Sharing, Libinfo,
  libresolv, libsecurity, OpenGL, PHP, QuickTime, SquirrelMail, X11, Webmail,
  Tomcat, WebDAV Sharing.");
  script_tag(name:"insight", value:"Please see the references for more information on the vulnerabilities.");
  script_tag(name:"solution", value:"Upgrade to Mac OS X 10.7.3 or
  Run Mac Updates and update the Security Update 2012-001");
  script_tag(name:"summary", value:"This host is missing an important security update according to
  Mac OS X Update/Mac OS X Security Update 2012-001.");
  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");
  script_xref(name:"URL", value:"http://support.apple.com/kb/HT1222");

  exit(0);
}

include("version_func.inc");
include("pkg-lib-macosx.inc");

osName = get_kb_item("ssh/login/osx_name");
if(!osName)
  exit(0);

osVer = get_kb_item("ssh/login/osx_version");
if(!osVer)
  exit(0);

if("Mac OS X" >< osName)
{
  if(version_is_equal(version:osVer, test_version:"10.6.8"))
  {
    if(isosxpkgvuln(fixed:"com.apple.pkg.update.security.", diff:"2012.001"))
    {
      report = report_fixed_ver(installed_version:osVer, vulnerable_range:"Equal to 10.6.8");
      security_message(port:0, data:report);
      exit(0);
    }
  }

  if(version_in_range(version:osVer, test_version:"10.7", test_version2:"10.7.2"))
  {
    report = report_fixed_ver(installed_version:osVer, vulnerable_range:"10.7 - 10.7.2");
    security_message(port:0, data:report);
    exit(0);
  }
}

References

lists.apple.com/archives/security-announce/2012/Feb/msg00001.html

secunia.com/advisories/47843/

securitytracker.com/id/1026627

support.apple.com/kb/HT1222

support.apple.com/kb/HT5130

www.securityfocus.com/bid/37118

www.securityfocus.com/bid/40291

www.securityfocus.com/bid/42399

www.securityfocus.com/bid/46843

www.securityfocus.com/bid/46951

www.securityfocus.com/bid/47820

www.securityfocus.com/bid/47950

www.securityfocus.com/bid/48007

www.securityfocus.com/bid/48091

www.securityfocus.com/bid/48259

www.securityfocus.com/bid/48416

www.securityfocus.com/bid/48434

www.securityfocus.com/bid/48456

www.securityfocus.com/bid/48566

www.securityfocus.com/bid/48648

www.securityfocus.com/bid/48833

www.securityfocus.com/bid/49124

www.securityfocus.com/bid/49229

www.securityfocus.com/bid/49241

www.securityfocus.com/bid/49249

www.securityfocus.com/bid/49252

www.securityfocus.com/bid/49303

www.securityfocus.com/bid/49376

www.securityfocus.com/bid/49429

www.securityfocus.com/bid/49616

www.securityfocus.com/bid/49744

www.securityfocus.com/bid/49778

www.securityfocus.com/bid/50065

www.securityfocus.com/bid/50091

www.securityfocus.com/bid/50092

www.securityfocus.com/bid/50099

www.securityfocus.com/bid/50112

www.securityfocus.com/bid/50115

www.securityfocus.com/bid/50155

www.securityfocus.com/bid/50400

www.securityfocus.com/bid/50401

www.securityfocus.com/bid/50404

www.securityfocus.com/bid/50641

www.securityfocus.com/bid/51807

www.securityfocus.com/bid/51808

www.securityfocus.com/bid/51809

www.securityfocus.com/bid/51810

www.securityfocus.com/bid/51811

www.securityfocus.com/bid/51812

www.securityfocus.com/bid/51813

www.securityfocus.com/bid/51814

www.securityfocus.com/bid/51815

www.securityfocus.com/bid/51816

www.securityfocus.com/bid/51817

www.securityfocus.com/bid/51818

www.securityfocus.com/bid/51819

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

7.7 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.794 High

EPSS

Percentile

98.2%

JSON

Related for OPENVAS:1361412562310802392