ID de Prueba:	1.3.6.1.4.1.25623.1.0.812401
Categoría:	Mac OS X Local Security Checks
Título:	Apple Mac OS X Security Updates (HT208331)-02
Resumen:	Apple Mac OS X is prone to multiple vulnerabilities.
Descripción:	Summary: Apple Mac OS X is prone to multiple vulnerabilities. Vulnerability Insight: The Security update includes, - A validation issue was addressed with improved input sanitization. - An out-of-bounds read issue existed in X.509 IPAddressFamily parsing. - A type confusion issue was addressed with improved memory handling. - A memory corruption issue was addressed with improved memory handling. - Multiple issues were addressed by updating to version 2.4.28. - Multiple memory corruption issues were addressed through improved state management. - An out-of-bounds read was addressed with improved bounds checking. - An out-of-bounds read issue existed in the FTP PWD response parsing. - An integer overflow error. - An input validation issue existed in the kernel. Vulnerability Impact: Successful exploitation will allow remote attackers to read restricted memory, execute arbitrary code with system privileges. Affected Software/OS: Apple Mac OS X versions 10.13.x through 10.13.1, 10.12.x through 10.12.6 prior to Security Update 2017-002 Sierra, 10.11.x through 10.11.6 prior to Security Update 2017-005 El Capitan. Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2017-13868 BugTraq ID: 102100 http://www.securityfocus.com/bid/102100 https://bazad.github.io/2018/03/a-fun-xnu-infoleak/ https://github.com/bazad/ctl_ctloutput-leak http://www.securitytracker.com/id/1039952 http://www.securitytracker.com/id/1039953 http://www.securitytracker.com/id/1039966 Common Vulnerability Exposure (CVE) ID: CVE-2017-13869 https://www.exploit-db.com/exploits/43319/ Common Vulnerability Exposure (CVE) ID: CVE-2017-3735 BugTraq ID: 100515 http://www.securityfocus.com/bid/100515 http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html https://security.netapp.com/advisory/ntap-20170927-0001/ https://security.netapp.com/advisory/ntap-20171107-0002/ https://support.apple.com/HT208331 https://www.openssl.org/news/secadv/20170828.txt https://www.openssl.org/news/secadv/20171102.txt https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html https://www.tenable.com/security/tns-2017-14 https://www.tenable.com/security/tns-2017-15 Debian Security Information: DSA-4017 (Google Search) https://www.debian.org/security/2017/dsa-4017 Debian Security Information: DSA-4018 (Google Search) https://www.debian.org/security/2017/dsa-4018 FreeBSD Security Advisory: FreeBSD-SA-17:11 https://security.FreeBSD.org/advisories/FreeBSD-SA-17:11.openssl.asc https://security.gentoo.org/glsa/201712-03 https://github.com/openssl/openssl/commit/068b963bb7afc57f5bdd723de0dd15e7795d5822 https://www.oracle.com//security-alerts/cpujul2021.html https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html https://lists.debian.org/debian-lts-announce/2017/11/msg00011.html RedHat Security Advisories: RHSA-2018:3221 https://access.redhat.com/errata/RHSA-2018:3221 RedHat Security Advisories: RHSA-2018:3505 https://access.redhat.com/errata/RHSA-2018:3505 http://www.securitytracker.com/id/1039726 https://usn.ubuntu.com/3611-2/ Common Vulnerability Exposure (CVE) ID: CVE-2017-13855 https://www.exploit-db.com/exploits/43318/ Common Vulnerability Exposure (CVE) ID: CVE-2017-7154 BugTraq ID: 103134 http://www.securityfocus.com/bid/103134 https://www.exploit-db.com/exploits/43521/ Common Vulnerability Exposure (CVE) ID: CVE-2017-9798 BugTraq ID: 100872 http://www.securityfocus.com/bid/100872 BugTraq ID: 105598 http://www.securityfocus.com/bid/105598 Debian Security Information: DSA-3980 (Google Search) http://www.debian.org/security/2017/dsa-3980 https://www.exploit-db.com/exploits/42745/ https://security.gentoo.org/glsa/201710-32 http://openwall.com/lists/oss-security/2017/09/18/2 https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch https://github.com/apache/httpd/commit/4cc27823899e070268b906ca677ee838d07cf67a https://github.com/hannob/optionsbleed https://security-tracker.debian.org/tracker/CVE-2017-9798 https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/core.c?r1=1805223&r2=1807754&pathrev=1807754&view=patch https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E RedHat Security Advisories: RHSA-2017:2882 https://access.redhat.com/errata/RHSA-2017:2882 RedHat Security Advisories: RHSA-2017:2972 https://access.redhat.com/errata/RHSA-2017:2972 RedHat Security Advisories: RHSA-2017:3018 https://access.redhat.com/errata/RHSA-2017:3018 RedHat Security Advisories: RHSA-2017:3113 https://access.redhat.com/errata/RHSA-2017:3113 RedHat Security Advisories: RHSA-2017:3114 https://access.redhat.com/errata/RHSA-2017:3114 RedHat Security Advisories: RHSA-2017:3193 https://access.redhat.com/errata/RHSA-2017:3193 RedHat Security Advisories: RHSA-2017:3194 https://access.redhat.com/errata/RHSA-2017:3194 RedHat Security Advisories: RHSA-2017:3195 https://access.redhat.com/errata/RHSA-2017:3195 RedHat Security Advisories: RHSA-2017:3239 https://access.redhat.com/errata/RHSA-2017:3239 RedHat Security Advisories: RHSA-2017:3240 https://access.redhat.com/errata/RHSA-2017:3240 RedHat Security Advisories: RHSA-2017:3475 https://access.redhat.com/errata/RHSA-2017:3475 RedHat Security Advisories: RHSA-2017:3476 https://access.redhat.com/errata/RHSA-2017:3476 RedHat Security Advisories: RHSA-2017:3477 https://access.redhat.com/errata/RHSA-2017:3477 http://www.securitytracker.com/id/1039387 Common Vulnerability Exposure (CVE) ID: CVE-2017-13847 BugTraq ID: 102097 http://www.securityfocus.com/bid/102097 https://www.exploit-db.com/exploits/43326/ Common Vulnerability Exposure (CVE) ID: CVE-2017-7173 Common Vulnerability Exposure (CVE) ID: CVE-2017-13904 http://packetstormsecurity.com/files/172828/Apple-packet-mangler-Remote-Code-Execution.html Common Vulnerability Exposure (CVE) ID: CVE-2017-13867 https://www.exploit-db.com/exploits/43328/ Common Vulnerability Exposure (CVE) ID: CVE-2017-13862 Common Vulnerability Exposure (CVE) ID: CVE-2017-7172 Common Vulnerability Exposure (CVE) ID: CVE-2017-1000254 BugTraq ID: 101115 http://www.securityfocus.com/bid/101115 Debian Security Information: DSA-3992 (Google Search) http://www.debian.org/security/2017/dsa-3992 https://security.gentoo.org/glsa/201712-04 https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E RedHat Security Advisories: RHSA-2018:2486 https://access.redhat.com/errata/RHSA-2018:2486 RedHat Security Advisories: RHSA-2018:3558 https://access.redhat.com/errata/RHSA-2018:3558 http://www.securitytracker.com/id/1039509 Common Vulnerability Exposure (CVE) ID: CVE-2017-15422 Debian Security Information: DSA-4150 (Google Search) https://www.debian.org/security/2018/dsa-4150 https://security.gentoo.org/glsa/201801-03 https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html https://crbug.com/774382 RedHat Security Advisories: RHSA-2017:3401 https://access.redhat.com/errata/RHSA-2017:3401 https://usn.ubuntu.com/3610-1/ Common Vulnerability Exposure (CVE) ID: CVE-2017-7159 Common Vulnerability Exposure (CVE) ID: CVE-2017-7162
Copyright	Copyright (C) 2017 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.