Test ID:	1.3.6.1.4.1.25623.1.0.14251
Category:	Mac OS X Local Security Checks
Title:	Apple SA 2003-12-19
Summary:	Check for Security Update 2003-12-19
Description:	The remote host is missing Security Update 2003-12-19. Mac OS X contains a flaw that may allow a malicious user with physical access to gain root access. The issue is triggered when the Ctrl and c keys are pressed on the connected USB keyboard during boot and thus interrupting the system initialization. It is possible that the flaw may allow root access resulting in a loss of integrity. Solution : http://docs.info.apple.com/article.html?artnum=61798
Cross-Ref:	BugTraq ID: 8945 Common Vulnerability Exposure (CVE) ID: CVE-2003-1011 Bugtraq: 20031031 Console Root On OSX up to 10.2.8 (Google Search) http://www.securityfocus.com/archive/1/343087 http://www.securityfocus.com/bid/8945 XForce ISS Database: macos-ctrlc-gain-access(13573) http://xforce.iss.net/xforce/xfdb/13573 Common Vulnerability Exposure (CVE) ID: CVE-2003-1007 BugTraq ID: 9264 http://www.securityfocus.com/bid/9264 http://securitytracker.com/id?1008532 XForce ISS Database: applefileserver-dos(14051) http://xforce.iss.net/xforce/xfdb/14051 Common Vulnerability Exposure (CVE) ID: CVE-2003-1006 Bugtraq: 20031215 Buffer overflow/privilege escalation in MacOS X (Google Search) http://www.securityfocus.com/archive/1/347578 Bugtraq: 20031216 Re: Buffer overflow/privilege escalation in MacOS X (Google Search) http://www.securityfocus.com/archive/1/347707 Bugtraq: 20031219 Re: Buffer overflow/privilege escalation in MacOS X - hfs.util also (Google Search) http://www.securityfocus.com/archive/1/348097 CERT/CC vulnerability note: VU#878526 http://www.kb.cert.org/vuls/id/878526 XForce ISS Database: macos-cd9660-bo(13995) http://xforce.iss.net/xforce/xfdb/13995 BugTraq ID: 9228 http://www.securityfocus.com/bid/9228 Common Vulnerability Exposure (CVE) ID: CVE-2003-1009 http://www.carrel.org/dhcp-vuln.html http://docs.info.apple.com/article.html?artnum=32478 BugTraq ID: 9110 http://www.securityfocus.com/bid/9110 XForce ISS Database: macos-dhcp-gain-privileges(13874) http://xforce.iss.net/xforce/xfdb/13874 Common Vulnerability Exposure (CVE) ID: CVE-2003-0792 http://security.gentoo.org/glsa/glsa-200403-10.xml Immunix Linux Advisory: IMNX-2003-7+-023-01 http://www.securityfocus.com/advisories/5987 http://www.mandriva.com/security/advisories?name=MDKSA-2003:101 SCO Security Bulletin: CSSA-2004-004.0 ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-004.0/CSSA-2004-004.0.txt TurboLinux Advisory: TLSA-2003-61 http://www.turbolinux.com/security/TLSA-2003-61.txt Bugtraq: 20040220 LNSA-#2004-0002: Fetchmail 6.2.4 and earlier remote denial of service (Google Search) http://marc.theaimsgroup.com/?l=bugtraq&m=107731542827401&w=2 BugTraq ID: 8843 http://www.securityfocus.com/bid/8843 XForce ISS Database: fetchmail-email-dos(13450) http://xforce.iss.net/xforce/xfdb/13450 Common Vulnerability Exposure (CVE) ID: CVE-2003-1010 BugTraq ID: 9265 http://www.securityfocus.com/bid/9265 XForce ISS Database: macos-fsusage-gain-privileges(14193) http://xforce.iss.net/xforce/xfdb/14193 Common Vulnerability Exposure (CVE) ID: CVE-2003-0962 Bugtraq: 20031204 rsync security advisory (fwd) (Google Search) http://marc.theaimsgroup.com/?l=bugtraq&m=107055681311602&w=2 SuSE Security Announcement: SuSE-SA:2003:050 (Google Search) Debian Security Information: DSA-404 (Google Search) En Garde Linux Advisory: ESA-20031204-032 Conectiva Linux advisory: CLA-2003:794 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000794 http://www.redhat.com/support/errata/RHSA-2003-398.html http://www.mandriva.com/security/advisories?name=MDKSA-2003:111 Immunix Linux Advisory: IMNX-2003-73-001-01 SGI Security Advisory: 20031202-01-U ftp://patches.sgi.com/support/free/security/advisories/20031202-01-U Bugtraq: 20031204 GLSA: exploitable heap overflow in rsync (200312-03) (Google Search) http://marc.theaimsgroup.com/?l=bugtraq&m=107056923528423&w=2 http://marc.theaimsgroup.com/?l=bugtraq&m=107055684711629&w=2 Bugtraq: 20031204 [OpenPKG-SA-2003.051] OpenPKG Security Advisory (rsync) (Google Search) http://marc.theaimsgroup.com/?l=bugtraq&m=107055702911867&w=2 CERT/CC vulnerability note: VU#325603 http://www.kb.cert.org/vuls/id/325603 BugTraq ID: 9153 http://www.securityfocus.com/bid/9153 http://www.osvdb.org/2898 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9415 http://secunia.com/advisories/10353 http://secunia.com/advisories/10354 http://secunia.com/advisories/10355 http://secunia.com/advisories/10356 http://secunia.com/advisories/10357 http://secunia.com/advisories/10358 http://secunia.com/advisories/10359 http://secunia.com/advisories/10360 http://secunia.com/advisories/10361 http://secunia.com/advisories/10362 http://secunia.com/advisories/10363 http://secunia.com/advisories/10364 http://secunia.com/advisories/10378 http://secunia.com/advisories/10474 XForce ISS Database: linux-rsync-heap-overflow(13899) http://xforce.iss.net/xforce/xfdb/13899 Common Vulnerability Exposure (CVE) ID: CVE-2003-1005 http://lists.apple.com/archives/security-announce/2003/Dec/msg00001.html AUSCERT Advisory: ESB-2003.0867 http://www.auscert.org.au/render.html?it=3704 BugTraq ID: 9266 http://www.securityfocus.com/bid/9266 http://secunia.com/advisories/10474/ Common Vulnerability Exposure (CVE) ID: CVE-2003-1008 XForce ISS Database: macos-screen-saver-bypass(14195) http://xforce.iss.net/xforce/xfdb/14195
Copyright	This script is Copyright (C) 2004 David Maciejak

This is only one of 32582 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.

New User Registration Email: UserID: Passwd: Please email me your monthly newsletters, informing the latest services, improvements & surveys. Please email me a vulnerability test announcement whenever a new test is added.     Privacy

Registered User Login   UserID:     Passwd:     Forgot userid or passwd? Email/Userid: