Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.810930
Category:Mac OS X Local Security Checks
Title:Apple Mac OS X Multiple Vulnerabilities-02 April-2017
Summary:Apple Mac OS X is prone to multiple vulnerabilities.
Description:Summary:
Apple Mac OS X is prone to multiple vulnerabilities.

Vulnerability Insight:
Multiple flaws exist due to:

- An input validation error exists in Help Viewer's handling of help: URLs.

- A buffer overflow exists in the handling of images.

- A double free issue exists in the renewal or validation of existing tickets
in the KDC process.

- A logic issue in the handling of KDC requests may cause an assertion to be
triggered.

- A logic issue exists in the handling of vfork where the Mach exception
handler is not reset in a certain case.

- A format string issue exists in the handling of afp:, cifs:, and smb: URLs.

- A man-in-the-middle attack in Open Directory.

- A character encoding issue exists in Printer Setup's handling of nearby printers.

- An integer overflow issue exists in the calculation of page sizes in the
cgtexttops CUPS filter.

Vulnerability Impact:
Successful exploitation will allow attacker
to conduct cross-site scripting attack, access sensitive information, cause
an unexpected application termination or arbitrary code execution, upload
files to arbitrary locations on the filesystem of a user and cause privilege
escalation.

Affected Software/OS:
Apple Mac OS X and Mac OS X Server
version 10.6 through 10.6.3

Solution:
Upgrade to Apple Mac OS X version
10.6.4 or later.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Cross-Ref: BugTraq ID: 40886
BugTraq ID: 39599
BugTraq ID: 38260
BugTraq ID: 40902
BugTraq ID: 40905
BugTraq ID: 40903
Common Vulnerability Exposure (CVE) ID: CVE-2010-1373
http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html
BugTraq ID: 40871
http://www.securityfocus.com/bid/40871
http://securitytracker.com/id?1024103
http://secunia.com/advisories/40220
http://www.vupen.com/english/advisories/2010/1481
Common Vulnerability Exposure (CVE) ID: CVE-2010-1816
https://support.apple.com/en-us/HT4188
Common Vulnerability Exposure (CVE) ID: CVE-2010-1320
http://www.securityfocus.com/bid/39599
Bugtraq: 20100420 MITKRB5-SA-2010-004 [CVE-2010-1320] double free in KDC (Google Search)
http://www.securityfocus.com/archive/1/510843/100/0/threaded
http://securitytracker.com/id?1023904
http://secunia.com/advisories/39656
http://secunia.com/advisories/39784
SuSE Security Announcement: SUSE-SR:2010:010 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html
http://www.ubuntu.com/usn/USN-940-1
http://www.vupen.com/english/advisories/2010/1001
http://www.vupen.com/english/advisories/2010/1192
Common Vulnerability Exposure (CVE) ID: CVE-2010-0283
http://www.securityfocus.com/bid/38260
Bugtraq: 20100216 MITKRB5-SA-2010-001 [CVE-2010-0283] krb5-1.7 KDC denial of service (Google Search)
http://www.securityfocus.com/archive/1/509553/100/0/threaded
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035222.html
http://securitytracker.com/id?1023593
http://secunia.com/advisories/38598
http://secunia.com/advisories/39023
http://www.ubuntu.com/usn/USN-916-1
Common Vulnerability Exposure (CVE) ID: CVE-2010-1821
Common Vulnerability Exposure (CVE) ID: CVE-2010-1376
Common Vulnerability Exposure (CVE) ID: CVE-2010-1377
Common Vulnerability Exposure (CVE) ID: CVE-2010-1379
Common Vulnerability Exposure (CVE) ID: CVE-2010-1380
CopyrightCopyright (C) 2017 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.