Mac OS X Local Security Checks : Apple Mac OS X Multiple Vulnerabilities-02 (Apr 2017)

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.810930
Category:	Mac OS X Local Security Checks
Title:	Apple Mac OS X Multiple Vulnerabilities-02 (Apr 2017)
Summary:	Apple Mac OS X is prone to multiple vulnerabilities.
Description:	Summary: Apple Mac OS X is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws exist due to: - An input validation error exists in Help Viewer's handling of help: URLs. - A buffer overflow exists in the handling of images. - A double free issue exists in the renewal or validation of existing tickets in the KDC process. - A logic issue in the handling of KDC requests may cause an assertion to be triggered. - A logic issue exists in the handling of vfork where the Mach exception handler is not reset in a certain case. - A format string issue exists in the handling of afp:, cifs:, and smb: URLs. - A man-in-the-middle attack in Open Directory. - A character encoding issue exists in Printer Setup's handling of nearby printers. - An integer overflow issue exists in the calculation of page sizes in the cgtexttops CUPS filter. Vulnerability Impact: Successful exploitation will allow attacker to conduct cross-site scripting attack, access sensitive information, cause an unexpected application termination or arbitrary code execution, upload files to arbitrary locations on the filesystem of a user and cause privilege escalation. Affected Software/OS: Apple Mac OS X and Mac OS X Server version 10.6 through 10.6.3 Solution: Upgrade to Apple Mac OS X version 10.6.4 or later. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-1373 http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html BugTraq ID: 40871 http://www.securityfocus.com/bid/40871 http://securitytracker.com/id?1024103 http://secunia.com/advisories/40220 http://www.vupen.com/english/advisories/2010/1481 Common Vulnerability Exposure (CVE) ID: CVE-2010-1816 https://support.apple.com/en-us/HT4188 Common Vulnerability Exposure (CVE) ID: CVE-2010-1320 BugTraq ID: 39599 http://www.securityfocus.com/bid/39599 Bugtraq: 20100420 MITKRB5-SA-2010-004 [CVE-2010-1320] double free in KDC (Google Search) http://www.securityfocus.com/archive/1/510843/100/0/threaded http://securitytracker.com/id?1023904 http://secunia.com/advisories/39656 http://secunia.com/advisories/39784 SuSE Security Announcement: SUSE-SR:2010:010 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html http://www.ubuntu.com/usn/USN-940-1 http://www.vupen.com/english/advisories/2010/1001 http://www.vupen.com/english/advisories/2010/1192 Common Vulnerability Exposure (CVE) ID: CVE-2010-0283 BugTraq ID: 38260 http://www.securityfocus.com/bid/38260 Bugtraq: 20100216 MITKRB5-SA-2010-001 [CVE-2010-0283] krb5-1.7 KDC denial of service (Google Search) http://www.securityfocus.com/archive/1/509553/100/0/threaded http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035222.html http://securitytracker.com/id?1023593 http://secunia.com/advisories/38598 http://secunia.com/advisories/39023 http://www.ubuntu.com/usn/USN-916-1 Common Vulnerability Exposure (CVE) ID: CVE-2010-1821 Common Vulnerability Exposure (CVE) ID: CVE-2010-1376 Common Vulnerability Exposure (CVE) ID: CVE-2010-1377 Common Vulnerability Exposure (CVE) ID: CVE-2010-1379 Common Vulnerability Exposure (CVE) ID: CVE-2010-1380
Copyright	Copyright (C) 2017 Greenbone AG