Mac OS X < 10.4.11 Multiple Vulnerabilities (Security Update 2007-008)

critical Nessus Plugin ID 28212

Synopsis

The remote host is missing a Mac OS X update which fixes a security issue.

Description

The remote host is running a version of Mac OS X 10.4 which is older than version 10.4.11 or a version of Mac OS X 10.3 which does not have Security Update 2007-008 applied.

This update contains several security fixes for the following programs :

- Flash Player Plugin
- AppleRAID
- BIND
- bzip2
- CFFTP
- CFNetwork
- CoreFoundation
- CoreText
- Kerberos
- Kernel
- remote_cmds
- Networking
- NFS
- NSURL
- Safari
- SecurityAgent
- WebCore
- WebKit

Solution

Mac OS X 10.4 : Upgrade to Mac OS X 10.4.11 :

http://www.apple.com/support/downloads/macosx10411updateppc.html http://www.apple.com/support/downloads/macosx10411updateintel.html

Mac OS X 10.3 : Apply Security Update 2007-008 :

http://www.apple.com/support/downloads/securityupdate20070081039client.html http://www.apple.com/support/downloads/securityupdate20070081039server.html

See Also

https://www.tenable.com/security/research/tra-2007-07

http://docs.info.apple.com/article.html?artnum=307041

Plugin Details

Severity: Critical

ID: 28212

File Name: macosx_10_4_11.nasl

Version: 1.23

Type: combined

Agent: macosx

Published: 11/14/2007

Updated: 7/14/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:apple:mac_os_x

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/4/2007

Vulnerability Publication Date: 3/31/2005

Reference Information

CVE: CVE-2005-0953, CVE-2005-1260, CVE-2006-6127, CVE-2007-0464, CVE-2007-0646, CVE-2007-2926, CVE-2007-3456, CVE-2007-3749, CVE-2007-3756, CVE-2007-3758, CVE-2007-3760, CVE-2007-3999, CVE-2007-4267, CVE-2007-4268, CVE-2007-4269, CVE-2007-4671, CVE-2007-4678, CVE-2007-4679, CVE-2007-4680, CVE-2007-4681, CVE-2007-4682, CVE-2007-4683, CVE-2007-4684, CVE-2007-4685, CVE-2007-4686, CVE-2007-4687, CVE-2007-4688, CVE-2007-4689, CVE-2007-4690, CVE-2007-4691, CVE-2007-4692, CVE-2007-4693, CVE-2007-4694, CVE-2007-4695, CVE-2007-4696, CVE-2007-4697, CVE-2007-4698, CVE-2007-4699, CVE-2007-4700, CVE-2007-4701, CVE-2007-4743

BID: 26444

CWE: 119, 134, 16, 189, 20, 200, 22, 264, 287, 362, 399, 79

TRA: TRA-2007-07