English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.804061
Category:Mac OS X Local Security Checks
Title:Apple Mac OS X Multiple Vulnerabilities - 02 (Jan 2014)
Summary:Apple Mac OS X is prone to multiple vulnerabilities.
Description:Summary:
Apple Mac OS X is prone to multiple vulnerabilities.

Vulnerability Insight:
Multiple flaws are due to:

- Permanent cookies were saved after quitting Safari, even when Private
Browsing was enabled.

- An unbounded stack allocation issue existed in the handling of text glyphs.

- A privilege escalation issue existed in the handling of CUPS configuration
via the CUPS web interface.

- A local user who is not an administrator may disable FileVault using the
command-line.

- A buffer overflow existed in the handling of MP3 files.

- A buffer overflow existed in the handling of FPX files.

- A memory corruption issue existed in the handling of QTIF files.

- A buffer overflow existed in the handling of 'enof' atoms.

- Multiple errors in OpenSSL.

- There were known attacks on the confidentiality of TLS 1.0 when compression
was enabled.

- An uninitialized memory access issue existed in the handling of text tracks.

- A buffer overflow existed in the handling of PICT images.

- If SMB file sharing is enabled, an authenticated user may be able to write
files outside the shared directory.

Vulnerability Impact:
Successful exploitation will allow
attackers to, execute arbitrary code or cause a denial of service or
lead to an unexpected application termination.

Affected Software/OS:
Apple Mac OS X version 10.8 to 10.8.3,
10.7 to 10.7.5 and 10.6.8

Solution:
Upgrade to Apple Mac OS X version 10.8.4
or later or apply appropriate security update for 10.7 and 10.6 versions. Please see the references for more information.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2013-0982
http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
Common Vulnerability Exposure (CVE) ID: CVE-2013-0983
Common Vulnerability Exposure (CVE) ID: CVE-2012-5519
56494
http://www.securityfocus.com/bid/56494
APPLE-SA-2013-06-04-1
RHSA-2013:0580
http://rhn.redhat.com/errata/RHSA-2013-0580.html
SUSE-SU-2015:1041
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00003.html
SUSE-SU-2015:1044
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00006.html
USN-1654-1
http://www.ubuntu.com/usn/USN-1654-1
[oss-security] 20121110 Privilege escalation (lpadmin -> root) in cups
http://www.openwall.com/lists/oss-security/2012/11/10/5
[oss-security] 20121111 Re: Privilege escalation (lpadmin -> root) in cups
http://www.openwall.com/lists/oss-security/2012/11/11/2
http://www.openwall.com/lists/oss-security/2012/11/11/5
cups-systemgroup-priv-esc(80012)
https://exchange.xforce.ibmcloud.com/vulnerabilities/80012
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692791
http://support.apple.com/kb/HT5784
openSUSE-SU-2015:1056
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00010.html
Common Vulnerability Exposure (CVE) ID: CVE-2013-0985
Common Vulnerability Exposure (CVE) ID: CVE-2013-0989
http://lists.apple.com/archives/security-announce/2013/May/msg00001.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16831
Common Vulnerability Exposure (CVE) ID: CVE-2012-4929
BugTraq ID: 55704
http://www.securityfocus.com/bid/55704
Debian Security Information: DSA-2579 (Google Search)
http://www.debian.org/security/2012/dsa-2579
Debian Security Information: DSA-2627 (Google Search)
http://www.debian.org/security/2013/dsa-2627
Debian Security Information: DSA-3253 (Google Search)
http://www.debian.org/security/2015/dsa-3253
http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101366.html
HPdes Security Advisory: HPSBUX02866
http://marc.info/?l=bugtraq&m=136612293908376&w=2
HPdes Security Advisory: SSRT101139
http://jvn.jp/en/jp/JVN65273415/index.html
http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000129.html
http://arstechnica.com/security/2012/09/crime-hijacks-https-sessions/
http://isecpartners.com/blog/2012/9/14/details-on-the-crime-attack.html
http://news.ycombinator.com/item?id=4510829
http://security.stackexchange.com/questions/19911/crime-how-to-beat-the-beast-successor
http://threatpost.com/en_us/blogs/crime-attack-uses-compression-ratio-tls-requests-side-channel-hijack-secure-sessions-091312
http://threatpost.com/en_us/blogs/new-attack-uses-ssltls-information-leak-hijack-https-sessions-090512
http://www.ekoparty.org/2012/thai-duong.php
http://www.iacr.org/cryptodb/data/paper.php?pubkey=3091
http://www.theregister.co.uk/2012/09/14/crime_tls_attack/
https://community.qualys.com/blogs/securitylabs/2012/09/14/crime-information-leakage-attack-against-ssltls
https://gist.github.com/3696912
https://github.com/mpgn/CRIME-poc
https://threatpost.com/en_us/blogs/demo-crime-tls-attack-091212
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18920
RedHat Security Advisories: RHSA-2013:0587
http://rhn.redhat.com/errata/RHSA-2013-0587.html
SuSE Security Announcement: openSUSE-SU-2012:1420 (Google Search)
http://lists.opensuse.org/opensuse-updates/2012-10/msg00096.html
SuSE Security Announcement: openSUSE-SU-2013:0143 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-01/msg00034.html
SuSE Security Announcement: openSUSE-SU-2013:0157 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-01/msg00048.html
http://www.ubuntu.com/usn/USN-1627-1
http://www.ubuntu.com/usn/USN-1628-1
http://www.ubuntu.com/usn/USN-1898-1
Common Vulnerability Exposure (CVE) ID: CVE-2011-1945
44935
http://secunia.com/advisories/44935
DSA-2309
http://www.debian.org/security/2011/dsa-2309
MDVSA-2011:136
http://www.mandriva.com/security/advisories?name=MDVSA-2011:136
MDVSA-2011:137
http://www.mandriva.com/security/advisories?name=MDVSA-2011:137
SUSE-SU-2011:0636
https://hermes.opensuse.org/messages/8764170
VU#536044
http://www.kb.cert.org/vuls/id/536044
http://eprint.iacr.org/2011/232.pdf
http://www.kb.cert.org/vuls/id/MAPG-8FENZ3
openSUSE-SU-2011:0634
https://hermes.opensuse.org/messages/8760466
Common Vulnerability Exposure (CVE) ID: CVE-2011-3207
http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065744.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065712.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html
HPdes Security Advisory: HPSBMU02752
http://marc.info/?l=bugtraq&m=133226187115472&w=2
HPdes Security Advisory: SSRT100802
http://www.redhat.com/support/errata/RHSA-2011-1409.html
http://www.securitytracker.com/id?1026012
http://secunia.com/advisories/45956
http://secunia.com/advisories/57353
Common Vulnerability Exposure (CVE) ID: CVE-2011-3210
1026012
57353
HPSBMU02752
HPSBUX02734
http://marc.info/?l=bugtraq&m=132750648501816&w=2
SSRT100729
SSRT100802
http://cvs.openssl.org/chngview?cn=21337
http://openssl.org/news/secadv_20110906.txt
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564
https://bugzilla.redhat.com/show_bug.cgi?id=736079
Common Vulnerability Exposure (CVE) ID: CVE-2011-4108
48528
http://secunia.com/advisories/48528
57260
http://secunia.com/advisories/57260
DSA-2390
http://www.debian.org/security/2012/dsa-2390
FEDORA-2012-18035
HPSBMU02776
http://marc.info/?l=bugtraq&m=133951357207000&w=2
HPSBMU02786
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041
HPSBOV02793
http://marc.info/?l=bugtraq&m=134039053214295&w=2
MDVSA-2012:006
http://www.mandriva.com/security/advisories?name=MDVSA-2012:006
MDVSA-2012:007
http://www.mandriva.com/security/advisories?name=MDVSA-2012:007
RHSA-2012:1306
http://rhn.redhat.com/errata/RHSA-2012-1306.html
RHSA-2012:1307
http://rhn.redhat.com/errata/RHSA-2012-1307.html
RHSA-2012:1308
http://rhn.redhat.com/errata/RHSA-2012-1308.html
SSRT100852
SSRT100877
SSRT100891
SUSE-SU-2012:0084
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.html
SUSE-SU-2014:0320
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html
VU#737740
http://www.kb.cert.org/vuls/id/737740
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc
http://www.isg.rhul.ac.uk/~kp/dtls.pdf
http://www.openssl.org/news/secadv_20120104.txt
https://security.paloaltonetworks.com/CVE-2011-4108
openSUSE-SU-2012:0083
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.html
Common Vulnerability Exposure (CVE) ID: CVE-2011-4109
openssl-policy-checks-dos(72129)
https://exchange.xforce.ibmcloud.com/vulnerabilities/72129
Common Vulnerability Exposure (CVE) ID: CVE-2011-4576
55069
http://secunia.com/advisories/55069
Common Vulnerability Exposure (CVE) ID: CVE-2011-4577
Common Vulnerability Exposure (CVE) ID: CVE-2011-4619
HPSBUX02782
http://marc.info/?l=bugtraq&m=133728068926468&w=2
SSRT100844
Common Vulnerability Exposure (CVE) ID: CVE-2012-0050
1026548
http://www.securitytracker.com/id?1026548
47631
http://secunia.com/advisories/47631
47677
http://secunia.com/advisories/47677
47755
http://secunia.com/advisories/47755
51563
http://www.securityfocus.com/bid/51563
78320
http://osvdb.org/78320
DSA-2392
http://www.debian.org/security/2012/dsa-2392
HPSBUX02737
http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03169289
MDVSA-2012:011
http://www.mandriva.com/security/advisories?name=MDVSA-2012:011
SSRT100747
http://www.openssl.org/news/secadv_20120118.txt
Common Vulnerability Exposure (CVE) ID: CVE-2012-2110
BugTraq ID: 53158
http://www.securityfocus.com/bid/53158
Debian Security Information: DSA-2454 (Google Search)
http://www.debian.org/security/2012/dsa-2454
http://www.exploit-db.com/exploits/18756
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079149.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080176.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079299.html
http://archives.neohapsis.com/archives/fulldisclosure/2012-04/0209.html
HPdes Security Advisory: HPSBMU02776
HPdes Security Advisory: HPSBMU02900
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862
HPdes Security Advisory: HPSBOV02793
HPdes Security Advisory: HPSBUX02782
HPdes Security Advisory: SSRT100844
HPdes Security Advisory: SSRT100852
HPdes Security Advisory: SSRT100891
HPdes Security Advisory: SSRT101210
http://www.mandriva.com/security/advisories?name=MDVSA-2012:060
http://osvdb.org/81223
RedHat Security Advisories: RHSA-2012:0518
http://rhn.redhat.com/errata/RHSA-2012-0518.html
RedHat Security Advisories: RHSA-2012:0522
http://rhn.redhat.com/errata/RHSA-2012-0522.html
RedHat Security Advisories: RHSA-2012:1306
RedHat Security Advisories: RHSA-2012:1307
RedHat Security Advisories: RHSA-2012:1308
http://www.securitytracker.com/id?1026957
http://secunia.com/advisories/48847
http://secunia.com/advisories/48895
http://secunia.com/advisories/48899
http://secunia.com/advisories/48942
http://secunia.com/advisories/48999
SuSE Security Announcement: SUSE-SU-2012:0623 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00014.html
SuSE Security Announcement: SUSE-SU-2012:0637 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00015.html
SuSE Security Announcement: SUSE-SU-2012:1149 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00007.html
http://www.ubuntu.com/usn/USN-1424-1
Common Vulnerability Exposure (CVE) ID: CVE-2012-2131
BugTraq ID: 53212
http://www.securityfocus.com/bid/53212
http://www.mandriva.com/security/advisories?name=MDVSA-2012:064
http://www.openwall.com/lists/oss-security/2012/04/24/1
http://secunia.com/advisories/48956
http://www.ubuntu.com/usn/USN-1428-1
XForce ISS Database: openssl-asn1-code-execution(75099)
https://exchange.xforce.ibmcloud.com/vulnerabilities/75099
Common Vulnerability Exposure (CVE) ID: CVE-2012-2333
BugTraq ID: 53476
http://www.securityfocus.com/bid/53476
CERT/CC vulnerability note: VU#737740
Debian Security Information: DSA-2475 (Google Search)
http://www.debian.org/security/2012/dsa-2475
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081460.html
HPdes Security Advisory: HPSBOV02852
http://marc.info/?l=bugtraq&m=136432043316835&w=2
HPdes Security Advisory: HPSBUX02814
http://marc.info/?l=bugtraq&m=134919053717161&w=2
HPdes Security Advisory: SSRT100930
HPdes Security Advisory: SSRT101108
http://www.mandriva.com/security/advisories?name=MDVSA-2012:073
http://www.cert.fi/en/reports/2012/vulnerability641549.html
RedHat Security Advisories: RHSA-2012:0699
http://rhn.redhat.com/errata/RHSA-2012-0699.html
http://www.securitytracker.com/id?1027057
http://secunia.com/advisories/49116
http://secunia.com/advisories/49208
http://secunia.com/advisories/49324
http://secunia.com/advisories/50768
http://secunia.com/advisories/51312
SuSE Security Announcement: SUSE-SU-2012:0678 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00019.html
SuSE Security Announcement: SUSE-SU-2012:0679 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00020.html
XForce ISS Database: openssl-tls-record-dos(75525)
https://exchange.xforce.ibmcloud.com/vulnerabilities/75525
Common Vulnerability Exposure (CVE) ID: CVE-2013-0986
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16794
Common Vulnerability Exposure (CVE) ID: CVE-2013-0987
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16759
Common Vulnerability Exposure (CVE) ID: CVE-2013-0988
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16637
Common Vulnerability Exposure (CVE) ID: CVE-2013-0990
Common Vulnerability Exposure (CVE) ID: CVE-2013-0975
Common Vulnerability Exposure (CVE) ID: CVE-2013-1024
http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html
CopyrightCopyright (C) 2014 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.