Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2015 Greenbone AGOPENVAS:1361412562310805601
HistoryApr 24, 2015 - 12:00 a.m.

Apple Mac OS X Multiple Vulnerabilities-01 (Apr 2015)

2015-04-2400:00:00
Copyright (C) 2015 Greenbone AG
plugins.openvas.org
13

7.3 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

7.3 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.363 Low

EPSS

Percentile

97.1%

JSON

Apple Mac OS X is prone to multiple vulnerabilities.

# SPDX-FileCopyrightText: 2015 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.805601");
  script_version("2024-02-20T05:05:48+0000");
  script_xref(name:"CISA", value:"Known Exploited Vulnerability (KEV) catalog");
  script_xref(name:"URL", value:"https://www.cisa.gov/known-exploited-vulnerabilities-catalog");
  script_cve_id("CVE-2015-1130", "CVE-2015-1131", "CVE-2015-1132", "CVE-2015-1133",
                "CVE-2015-1134", "CVE-2015-1135", "CVE-2015-1136", "CVE-2015-1088",
                "CVE-2015-1089", "CVE-2015-1091", "CVE-2015-1093", "CVE-2015-1137",
                "CVE-2015-1138", "CVE-2015-1139", "CVE-2015-1140", "CVE-2015-1141",
                "CVE-2015-1142", "CVE-2015-1143", "CVE-2015-1144", "CVE-2015-1145",
                "CVE-2015-1146", "CVE-2015-1147", "CVE-2015-1148", "CVE-2015-1095",
                "CVE-2015-1098", "CVE-2015-1099", "CVE-2015-1100", "CVE-2015-1101",
                "CVE-2015-1102", "CVE-2015-1103", "CVE-2015-1104", "CVE-2015-1105",
                "CVE-2015-1117", "CVE-2015-1118");
  script_tag(name:"cvss_base", value:"10.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_tag(name:"last_modification", value:"2024-02-20 05:05:48 +0000 (Tue, 20 Feb 2024)");
  script_tag(name:"severity_vector", value:"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2019-09-27 18:42:00 +0000 (Fri, 27 Sep 2019)");
  script_tag(name:"creation_date", value:"2015-04-24 15:41:40 +0530 (Fri, 24 Apr 2015)");
  script_name("Apple Mac OS X Multiple Vulnerabilities-01 (Apr 2015)");

  script_tag(name:"summary", value:"Apple Mac OS X is prone to multiple vulnerabilities.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");

  script_tag(name:"insight", value:"Multiple flaws exist. Please see the
  references for more details.");

  script_tag(name:"impact", value:"Successful exploitation will allow local
  attacker to execute arbitrary code with system privilege, man-in-the-middle
  attack, remote attacker to bypass network filters, to cause a denial of
  service, a context-dependent attacker to corrupt memory and cause a denial of
  service, bypass signature validation or potentially execute arbitrary code, a
  local application to gain elevated privileges by using a compromised service
  and some unspecified impacts.");

  script_tag(name:"affected", value:"Apple Mac OS X versions 10.8 through
  10.8.5, 10.9 through 10.9.5, and 10.10.x through 10.10.2");

  script_tag(name:"solution", value:"Upgrade to Apple Mac OS X version 10.10.3
  or later or apply security update 2015-004 for 10.8 and 10.9 versions. Please see the references for more information.");

  script_tag(name:"solution_type", value:"VendorFix");

  script_tag(name:"qod_type", value:"package");

  script_xref(name:"URL", value:"https://support.apple.com/kb/HT204659");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/73982");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/73984");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/72328");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/73981");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2015 Greenbone AG");
  script_family("Mac OS X Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/osx_name", "ssh/login/osx_version", re:"ssh/login/osx_version=^10\.([89]|10)");

  exit(0);
}

include("version_func.inc");

osName = get_kb_item("ssh/login/osx_name");
if(!osName)
  exit(0);

osVer = get_kb_item("ssh/login/osx_version");
if(!osVer || osVer !~ "^10\.([89]|10)" || "Mac OS X" >!< osName){
  exit(0);
}

if((osVer == "10.8.5") || (osVer == "10.9.5"))
{
  buildVer = get_kb_item("ssh/login/osx_build");
  if(!buildVer){
    exit(0);
  }

  if(osVer == "10.8.5" && version_is_less(version:buildVer, test_version:"12F2518"))
  {
    fix = "Apply Security Update 2015-004";
    osVer = osVer + " Build " + buildVer;
  }

  else if(osVer == "10.9.5" && version_is_less(version:buildVer, test_version:"13F1077"))
  {
    fix = "Apply Security Update 2015-004";
    osVer = osVer + " Build " + buildVer;
  }
}

if(osVer =~ "^10\.8")
{
  if(version_is_less(version:osVer, test_version:"10.8.5")){
    fix = "Upgrade to latest OS release 10.8.5 and apply patch from vendor";
  }
}
else if(osVer =~ "^10\.9")
{
  if(version_is_less(version:osVer, test_version:"10.9.5")){
    fix = "Upgrade to latest OS release 10.9.5 and apply patch from vendor";
  }
}

else if(osVer =~ "^10\.10")
{
  if(version_is_less(version:osVer, test_version:"10.10.3")){
    fix = "10.10.3";
  }
}

if(fix)
{
  report = report_fixed_ver(installed_version:osVer, fixed_version:fix);
  security_message(data:report);
  exit(0);
}

exit(99);

Related

kaspersky 1
prion 34
cve 34
securityvulns 8
nessus 7
threatpost 3
zdi 3
exploitpack 2
seebug 1
saint 4
metasploit 1
packetstorm 2
zdt 2
canvas 1
cisa_kev 1
thn 1
attackerkb 1
exploitdb 3
cisa 1
kaspersky
kaspersky
KLA10540 Multiple vulnerability in Apple OS X
2015-04-10 00:00:00
prion
prion
Design/Logic Flaw
2015-04-10 14:59:00
Design/Logic Flaw
2015-04-10 14:59:00
Design/Logic Flaw
2015-04-10 14:59:00
cve
cve
CVE-2015-1134
2015-04-10 14:59:00
CVE-2015-1135
2015-04-10 14:59:00
CVE-2015-1133
2015-04-10 14:59:00
securityvulns
securityvulns
APPLE-SA-2015-05-19-1 Watch OS 1.0.1
2015-05-25 00:00:00
Apple Watch multiple security vulnerabilities
2015-05-25 00:00:00
Apple Mac OS X multiple security vulnerabilities
2015-04-13 00:00:00
nessus
nessus
Mac OS X 10.10.x < 10.10.3 Multiple Vulnerabilities (FREAK)
2015-04-10 00:00:00
Mac OS X Multiple Vulnerabilities (Security Update 2015-004) (FREAK)
2015-04-10 00:00:00
Mac OS X < 10.10.3 Multiple Vulnerabilities
2015-04-05 00:00:00
threatpost
threatpost
Apple Yosemite 10.10.3 OS Security Patches
2015-04-09 11:03:48
Darwin Nuke Vulnerability Details in OS X, iOS Disclosed
2015-04-13 10:03:42
Apple Fixes Proxy Manipulation Vulnerability in iOS 8.3
2015-04-09 11:10:47
zdi
zdi
Apple OS X XNU HFS_GETPATH Buffer Overflow Privilege Escalation Vulnerability
2015-04-08 00:00:00
Apple OS X IOKit IOHIDSecurePromptClient Heap Buffer Overflow Privilege Escalation Vulnerability
2015-04-08 00:00:00
Apple OS X IOHIDSecurePromptClient Untrusted Pointer Dereference Arbitrary Code Execution Vulnerability
2015-04-29 00:00:00
exploitpack
exploitpack
Apple Mac OSX - Local Denial of Service
2015-04-21 00:00:00
Apple Mac OSX 10.7.510.8.210.9.510.10.2 - Rootpipe Local Privilege Escalation
2015-04-09 00:00:00
seebug
seebug
Mac OS X < 10.7.5, 10.8.2, 10.9.5 10.10.2 - rootpipe 本地提权漏洞
2015-09-10 00:00:00
saint
saint
OS X rootpipe privilege elevation
2015-04-14 00:00:00
OS X rootpipe privilege elevation
2015-04-14 00:00:00
OS X rootpipe privilege elevation
2015-04-14 00:00:00
metasploit
metasploit
Apple OS X Rootpipe Privilege Escalation
2015-04-10 16:22:00
packetstorm
packetstorm
Mac OS X Rootpipe Privilege Escalation
2015-04-10 00:00:00
Mac OS X rootpipe Local Privilege Escalation
2015-04-09 00:00:00
zdt
zdt
Mac OS X rootpipe Local Privilege Escalation Exploit
2015-04-09 00:00:00
Mac OS X Rootpipe Privilege Escalation Exploit
2015-04-12 00:00:00
canvas
canvas
Immunity Canvas: ROOTPIPE
2015-04-10 14:59:00
cisa_kev
cisa_kev
Apple OS X Authentication Bypass Vulnerability
2022-02-10 00:00:00
thn
thn
Apple Failed to Patch Rootpipe Mac OS X Yosemite Vulnerability
2015-04-20 23:31:00
attackerkb
attackerkb
CVE-2015-1130
2015-04-10 00:00:00
exploitdb
exploitdb
Apple Mac OSX - Local Denial of Service
2015-04-21 00:00:00
Apple Mac OSX - &#039;Rootpipe&#039; Local Privilege Escalation (Metasploit)
2015-04-13 00:00:00
Apple Mac OSX &lt; 10.7.5/10.8.2/10.9.5/10.10.2 - &#039;Rootpipe&#039; Local Privilege Escalation
2015-04-09 00:00:00
cisa
cisa
CISA Adds 15 Known Exploited Vulnerabilities to Catalog
2022-02-10 00:00:00

7.3 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

7.3 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.363 Low

EPSS

Percentile

97.1%

JSON
Related for OPENVAS:1361412562310805601
kaspersky1prion34cve34securityvulns8nessus7threatpost3zdi3exploitpack2seebug1saint4metasploit1packetstorm2zdt2canvas1cisa_kev1thn1attackerkb1exploitdb3cisa1