English | Deutsch | Español
 
Inicial ▼
Página inicial Acerca Nuestro Contáctenos Privacidad Programas de Asociados Testimonios En la Prensa Listas de Correos Abuso Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
 
Auditorias ▼
Inicial Dedicada Avanzada Estándar Periódica Sin Riesgo Escritorio Básica Sello FAQ Resumen de Precio/Funciones Ordenar Nuevas Pruebas Todas las Pruebas Confidencialidad Búsqueda de Vulnerabilidad Ejecutar Auditoría Programador IP Permissions Auditorías Personalizadas Cola Recordatorio Sellos Informes Estilos de Informes
DNS
Administrado ▼
Acerca de DNS Ordenar/Renovar Preguntas Frecuentes AUP Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password
Monitoreo
de Redes ▼
Enterprise Avanzado Estándarr Prueba Preguntas Frecuentes Resumen de Precio/Funciones Ordenar Muestras
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Iniciar sesión/Registrarse 
 
 Búsqueda de    
Vulnerabilidad   		     Buscar 324607 Descripciones CVE y
145615 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.804061
Categoría:Mac OS X Local Security Checks
Título:Apple Mac OS X Multiple Vulnerabilities - 02 (Jan 2014)
Resumen:Apple Mac OS X is prone to multiple vulnerabilities.
Descripción:Summary:
Apple Mac OS X is prone to multiple vulnerabilities.

Vulnerability Insight:
Multiple flaws are due to:

- Permanent cookies were saved after quitting Safari, even when Private
Browsing was enabled.

- An unbounded stack allocation issue existed in the handling of text glyphs.

- A privilege escalation issue existed in the handling of CUPS configuration
via the CUPS web interface.

- A local user who is not an administrator may disable FileVault using the
command-line.

- A buffer overflow existed in the handling of MP3 files.

- A buffer overflow existed in the handling of FPX files.

- A memory corruption issue existed in the handling of QTIF files.

- A buffer overflow existed in the handling of 'enof' atoms.

- Multiple errors in OpenSSL.

- There were known attacks on the confidentiality of TLS 1.0 when compression
was enabled.

- An uninitialized memory access issue existed in the handling of text tracks.

- A buffer overflow existed in the handling of PICT images.

- If SMB file sharing is enabled, an authenticated user may be able to write
files outside the shared directory.

Vulnerability Impact:
Successful exploitation will allow
attackers to, execute arbitrary code or cause a denial of service or
lead to an unexpected application termination.

Affected Software/OS:
Apple Mac OS X version 10.8 to 10.8.3,
10.7 to 10.7.5 and 10.6.8

Solution:
Upgrade to Apple Mac OS X version 10.8.4
or later or apply appropriate security update for 10.7 and 10.6 versions. Please see the references for more information.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2013-0982
http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
Common Vulnerability Exposure (CVE) ID: CVE-2013-0983
Common Vulnerability Exposure (CVE) ID: CVE-2012-5519
56494
http://www.securityfocus.com/bid/56494
APPLE-SA-2013-06-04-1
RHSA-2013:0580
http://rhn.redhat.com/errata/RHSA-2013-0580.html
SUSE-SU-2015:1041
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00003.html
SUSE-SU-2015:1044
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00006.html
USN-1654-1
http://www.ubuntu.com/usn/USN-1654-1
[oss-security] 20121110 Privilege escalation (lpadmin -> root) in cups
http://www.openwall.com/lists/oss-security/2012/11/10/5
[oss-security] 20121111 Re: Privilege escalation (lpadmin -> root) in cups
http://www.openwall.com/lists/oss-security/2012/11/11/2
http://www.openwall.com/lists/oss-security/2012/11/11/5
cups-systemgroup-priv-esc(80012)
https://exchange.xforce.ibmcloud.com/vulnerabilities/80012
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692791
http://support.apple.com/kb/HT5784
openSUSE-SU-2015:1056
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00010.html
Common Vulnerability Exposure (CVE) ID: CVE-2013-0985
Common Vulnerability Exposure (CVE) ID: CVE-2013-0989
http://lists.apple.com/archives/security-announce/2013/May/msg00001.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16831
Common Vulnerability Exposure (CVE) ID: CVE-2012-4929
BugTraq ID: 55704
http://www.securityfocus.com/bid/55704
Debian Security Information: DSA-2579 (Google Search)
http://www.debian.org/security/2012/dsa-2579
Debian Security Information: DSA-2627 (Google Search)
http://www.debian.org/security/2013/dsa-2627
Debian Security Information: DSA-3253 (Google Search)
http://www.debian.org/security/2015/dsa-3253
http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101366.html
HPdes Security Advisory: HPSBUX02866
http://marc.info/?l=bugtraq&m=136612293908376&w=2
HPdes Security Advisory: SSRT101139
http://jvn.jp/en/jp/JVN65273415/index.html
http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000129.html
http://arstechnica.com/security/2012/09/crime-hijacks-https-sessions/
http://isecpartners.com/blog/2012/9/14/details-on-the-crime-attack.html
http://news.ycombinator.com/item?id=4510829
http://security.stackexchange.com/questions/19911/crime-how-to-beat-the-beast-successor
http://threatpost.com/en_us/blogs/crime-attack-uses-compression-ratio-tls-requests-side-channel-hijack-secure-sessions-091312
http://threatpost.com/en_us/blogs/new-attack-uses-ssltls-information-leak-hijack-https-sessions-090512
http://www.ekoparty.org/2012/thai-duong.php
http://www.iacr.org/cryptodb/data/paper.php?pubkey=3091
http://www.theregister.co.uk/2012/09/14/crime_tls_attack/
https://community.qualys.com/blogs/securitylabs/2012/09/14/crime-information-leakage-attack-against-ssltls
https://gist.github.com/3696912
https://github.com/mpgn/CRIME-poc
https://threatpost.com/en_us/blogs/demo-crime-tls-attack-091212
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18920
RedHat Security Advisories: RHSA-2013:0587
http://rhn.redhat.com/errata/RHSA-2013-0587.html
SuSE Security Announcement: openSUSE-SU-2012:1420 (Google Search)
http://lists.opensuse.org/opensuse-updates/2012-10/msg00096.html
SuSE Security Announcement: openSUSE-SU-2013:0143 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-01/msg00034.html
SuSE Security Announcement: openSUSE-SU-2013:0157 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-01/msg00048.html
http://www.ubuntu.com/usn/USN-1627-1
http://www.ubuntu.com/usn/USN-1628-1
http://www.ubuntu.com/usn/USN-1898-1
Common Vulnerability Exposure (CVE) ID: CVE-2011-1945
44935
http://secunia.com/advisories/44935
DSA-2309
http://www.debian.org/security/2011/dsa-2309
MDVSA-2011:136
http://www.mandriva.com/security/advisories?name=MDVSA-2011:136
MDVSA-2011:137
http://www.mandriva.com/security/advisories?name=MDVSA-2011:137
SUSE-SU-2011:0636
https://hermes.opensuse.org/messages/8764170
VU#536044
http://www.kb.cert.org/vuls/id/536044
http://eprint.iacr.org/2011/232.pdf
http://www.kb.cert.org/vuls/id/MAPG-8FENZ3
openSUSE-SU-2011:0634
https://hermes.opensuse.org/messages/8760466
Common Vulnerability Exposure (CVE) ID: CVE-2011-3207
http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065744.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065712.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html
HPdes Security Advisory: HPSBMU02752
http://marc.info/?l=bugtraq&m=133226187115472&w=2
HPdes Security Advisory: SSRT100802
http://www.redhat.com/support/errata/RHSA-2011-1409.html
http://www.securitytracker.com/id?1026012
http://secunia.com/advisories/45956
http://secunia.com/advisories/57353
Common Vulnerability Exposure (CVE) ID: CVE-2011-3210
1026012
57353
HPSBMU02752
HPSBUX02734
http://marc.info/?l=bugtraq&m=132750648501816&w=2
SSRT100729
SSRT100802
http://cvs.openssl.org/chngview?cn=21337
http://openssl.org/news/secadv_20110906.txt
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564
https://bugzilla.redhat.com/show_bug.cgi?id=736079
Common Vulnerability Exposure (CVE) ID: CVE-2011-4108
48528
http://secunia.com/advisories/48528
57260
http://secunia.com/advisories/57260
DSA-2390
http://www.debian.org/security/2012/dsa-2390
FEDORA-2012-18035
HPSBMU02776
http://marc.info/?l=bugtraq&m=133951357207000&w=2
HPSBMU02786
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041
HPSBOV02793
http://marc.info/?l=bugtraq&m=134039053214295&w=2
MDVSA-2012:006
http://www.mandriva.com/security/advisories?name=MDVSA-2012:006
MDVSA-2012:007
http://www.mandriva.com/security/advisories?name=MDVSA-2012:007
RHSA-2012:1306
http://rhn.redhat.com/errata/RHSA-2012-1306.html
RHSA-2012:1307
http://rhn.redhat.com/errata/RHSA-2012-1307.html
RHSA-2012:1308
http://rhn.redhat.com/errata/RHSA-2012-1308.html
SSRT100852
SSRT100877
SSRT100891
SUSE-SU-2012:0084
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.html
SUSE-SU-2014:0320
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html
VU#737740
http://www.kb.cert.org/vuls/id/737740
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc
http://www.isg.rhul.ac.uk/~kp/dtls.pdf
http://www.openssl.org/news/secadv_20120104.txt
https://security.paloaltonetworks.com/CVE-2011-4108
openSUSE-SU-2012:0083
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.html
Common Vulnerability Exposure (CVE) ID: CVE-2011-4109
openssl-policy-checks-dos(72129)
https://exchange.xforce.ibmcloud.com/vulnerabilities/72129
Common Vulnerability Exposure (CVE) ID: CVE-2011-4576
55069
http://secunia.com/advisories/55069
Common Vulnerability Exposure (CVE) ID: CVE-2011-4577
Common Vulnerability Exposure (CVE) ID: CVE-2011-4619
HPSBUX02782
http://marc.info/?l=bugtraq&m=133728068926468&w=2
SSRT100844
Common Vulnerability Exposure (CVE) ID: CVE-2012-0050
1026548
http://www.securitytracker.com/id?1026548
47631
http://secunia.com/advisories/47631
47677
http://secunia.com/advisories/47677
47755
http://secunia.com/advisories/47755
51563
http://www.securityfocus.com/bid/51563
78320
http://osvdb.org/78320
DSA-2392
http://www.debian.org/security/2012/dsa-2392
HPSBUX02737
http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03169289
MDVSA-2012:011
http://www.mandriva.com/security/advisories?name=MDVSA-2012:011
SSRT100747
http://www.openssl.org/news/secadv_20120118.txt
Common Vulnerability Exposure (CVE) ID: CVE-2012-2110
BugTraq ID: 53158
http://www.securityfocus.com/bid/53158
Debian Security Information: DSA-2454 (Google Search)
http://www.debian.org/security/2012/dsa-2454
http://www.exploit-db.com/exploits/18756
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079149.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080176.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079299.html
http://archives.neohapsis.com/archives/fulldisclosure/2012-04/0209.html
HPdes Security Advisory: HPSBMU02776
HPdes Security Advisory: HPSBMU02900
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862
HPdes Security Advisory: HPSBOV02793
HPdes Security Advisory: HPSBUX02782
HPdes Security Advisory: SSRT100844
HPdes Security Advisory: SSRT100852
HPdes Security Advisory: SSRT100891
HPdes Security Advisory: SSRT101210
http://www.mandriva.com/security/advisories?name=MDVSA-2012:060
http://osvdb.org/81223
RedHat Security Advisories: RHSA-2012:0518
http://rhn.redhat.com/errata/RHSA-2012-0518.html
RedHat Security Advisories: RHSA-2012:0522
http://rhn.redhat.com/errata/RHSA-2012-0522.html
RedHat Security Advisories: RHSA-2012:1306
RedHat Security Advisories: RHSA-2012:1307
RedHat Security Advisories: RHSA-2012:1308
http://www.securitytracker.com/id?1026957
http://secunia.com/advisories/48847
http://secunia.com/advisories/48895
http://secunia.com/advisories/48899
http://secunia.com/advisories/48942
http://secunia.com/advisories/48999
SuSE Security Announcement: SUSE-SU-2012:0623 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00014.html
SuSE Security Announcement: SUSE-SU-2012:0637 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00015.html
SuSE Security Announcement: SUSE-SU-2012:1149 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00007.html
http://www.ubuntu.com/usn/USN-1424-1
Common Vulnerability Exposure (CVE) ID: CVE-2012-2131
BugTraq ID: 53212
http://www.securityfocus.com/bid/53212
http://www.mandriva.com/security/advisories?name=MDVSA-2012:064
http://www.openwall.com/lists/oss-security/2012/04/24/1
http://secunia.com/advisories/48956
http://www.ubuntu.com/usn/USN-1428-1
XForce ISS Database: openssl-asn1-code-execution(75099)
https://exchange.xforce.ibmcloud.com/vulnerabilities/75099
Common Vulnerability Exposure (CVE) ID: CVE-2012-2333
BugTraq ID: 53476
http://www.securityfocus.com/bid/53476
CERT/CC vulnerability note: VU#737740
Debian Security Information: DSA-2475 (Google Search)
http://www.debian.org/security/2012/dsa-2475
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081460.html
HPdes Security Advisory: HPSBOV02852
http://marc.info/?l=bugtraq&m=136432043316835&w=2
HPdes Security Advisory: HPSBUX02814
http://marc.info/?l=bugtraq&m=134919053717161&w=2
HPdes Security Advisory: SSRT100930
HPdes Security Advisory: SSRT101108
http://www.mandriva.com/security/advisories?name=MDVSA-2012:073
http://www.cert.fi/en/reports/2012/vulnerability641549.html
RedHat Security Advisories: RHSA-2012:0699
http://rhn.redhat.com/errata/RHSA-2012-0699.html
http://www.securitytracker.com/id?1027057
http://secunia.com/advisories/49116
http://secunia.com/advisories/49208
http://secunia.com/advisories/49324
http://secunia.com/advisories/50768
http://secunia.com/advisories/51312
SuSE Security Announcement: SUSE-SU-2012:0678 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00019.html
SuSE Security Announcement: SUSE-SU-2012:0679 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00020.html
XForce ISS Database: openssl-tls-record-dos(75525)
https://exchange.xforce.ibmcloud.com/vulnerabilities/75525
Common Vulnerability Exposure (CVE) ID: CVE-2013-0986
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16794
Common Vulnerability Exposure (CVE) ID: CVE-2013-0987
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16759
Common Vulnerability Exposure (CVE) ID: CVE-2013-0988
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16637
Common Vulnerability Exposure (CVE) ID: CVE-2013-0990
Common Vulnerability Exposure (CVE) ID: CVE-2013-0975
Common Vulnerability Exposure (CVE) ID: CVE-2013-1024
http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html
CopyrightCopyright (C) 2014 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.



© 1998-2025 E-Soft Inc. Todos los derechos reservados.