Anfälligkeitssuche        Suche in 172616 CVE Beschreibungen
und 81291 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.804061
Kategorie:Mac OS X Local Security Checks
Titel:Apple Mac OS X Multiple Vulnerabilities - 02 Jan14
Zusammenfassung:This host is running Apple Mac OS X and; is prone to multiple vulnerabilities.
Beschreibung:Summary:
This host is running Apple Mac OS X and
is prone to multiple vulnerabilities.

Vulnerability Insight:
Multiple flaws are due to,

- Permanent cookies were saved after quitting Safari, even when Private
Browsing was enabled.

- An unbounded stack allocation issue existed in the handling of text glyphs.

- A privilege escalation issue existed in the handling of CUPS configuration
via the CUPS web interface.

- A local user who is not an administrator may disable FileVault using the
command-line.

- A buffer overflow existed in the handling of MP3 files.

- A buffer overflow existed in the handling of FPX files.

- A memory corruption issue existed in the handling of QTIF files.

- A buffer overflow existed in the handling of 'enof' atoms.

- Multiple errors in OpenSSL.

- There were known attacks on the confidentiality of TLS 1.0 when compression
was enabled.

- An uninitialized memory access issue existed in the handling of text tracks.

- A buffer overflow existed in the handling of PICT images.

- If SMB file sharing is enabled, an authenticated user may be able to write
files outside the shared directory.

Vulnerability Impact:
Successful exploitation will allow
attackers to, execute arbitrary code or cause a denial of service or
lead to an unexpected application termination.

Affected Software/OS:
Apple Mac OS X version 10.8 to 10.8.3,
10.7 to 10.7.5 and 10.6.8

Solution:
Upgrade to Apple Mac OS X version 10.8.4
or later or apply appropriate security update for 10.7 and 10.6 versions. Please see the references for more information.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2013-0982
http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
Common Vulnerability Exposure (CVE) ID: CVE-2013-0983
Common Vulnerability Exposure (CVE) ID: CVE-2012-5519
BugTraq ID: 56494
http://www.securityfocus.com/bid/56494
http://www.openwall.com/lists/oss-security/2012/11/10/5
http://www.openwall.com/lists/oss-security/2012/11/11/2
http://www.openwall.com/lists/oss-security/2012/11/11/5
RedHat Security Advisories: RHSA-2013:0580
http://rhn.redhat.com/errata/RHSA-2013-0580.html
SuSE Security Announcement: SUSE-SU-2015:1041 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00003.html
SuSE Security Announcement: SUSE-SU-2015:1044 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00006.html
SuSE Security Announcement: openSUSE-SU-2015:1056 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00010.html
http://www.ubuntu.com/usn/USN-1654-1
XForce ISS Database: cups-systemgroup-priv-esc(80012)
https://exchange.xforce.ibmcloud.com/vulnerabilities/80012
Common Vulnerability Exposure (CVE) ID: CVE-2013-0985
Common Vulnerability Exposure (CVE) ID: CVE-2013-0989
http://lists.apple.com/archives/security-announce/2013/May/msg00001.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16831
Common Vulnerability Exposure (CVE) ID: CVE-2012-4929
BugTraq ID: 55704
http://www.securityfocus.com/bid/55704
Debian Security Information: DSA-2579 (Google Search)
http://www.debian.org/security/2012/dsa-2579
Debian Security Information: DSA-2627 (Google Search)
http://www.debian.org/security/2013/dsa-2627
Debian Security Information: DSA-3253 (Google Search)
http://www.debian.org/security/2015/dsa-3253
http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101366.html
HPdes Security Advisory: HPSBUX02866
http://marc.info/?l=bugtraq&m=136612293908376&w=2
HPdes Security Advisory: SSRT101139
http://jvn.jp/en/jp/JVN65273415/index.html
http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000129.html
http://arstechnica.com/security/2012/09/crime-hijacks-https-sessions/
http://isecpartners.com/blog/2012/9/14/details-on-the-crime-attack.html
http://news.ycombinator.com/item?id=4510829
http://security.stackexchange.com/questions/19911/crime-how-to-beat-the-beast-successor
http://threatpost.com/en_us/blogs/crime-attack-uses-compression-ratio-tls-requests-side-channel-hijack-secure-sessions-091312
http://threatpost.com/en_us/blogs/new-attack-uses-ssltls-information-leak-hijack-https-sessions-090512
http://www.ekoparty.org/2012/thai-duong.php
http://www.iacr.org/cryptodb/data/paper.php?pubkey=3091
http://www.theregister.co.uk/2012/09/14/crime_tls_attack/
https://community.qualys.com/blogs/securitylabs/2012/09/14/crime-information-leakage-attack-against-ssltls
https://gist.github.com/3696912
https://github.com/mpgn/CRIME-poc
https://threatpost.com/en_us/blogs/demo-crime-tls-attack-091212
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18920
RedHat Security Advisories: RHSA-2013:0587
http://rhn.redhat.com/errata/RHSA-2013-0587.html
SuSE Security Announcement: openSUSE-SU-2012:1420 (Google Search)
http://lists.opensuse.org/opensuse-updates/2012-10/msg00096.html
SuSE Security Announcement: openSUSE-SU-2013:0143 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-01/msg00034.html
SuSE Security Announcement: openSUSE-SU-2013:0157 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-01/msg00048.html
http://www.ubuntu.com/usn/USN-1627-1
http://www.ubuntu.com/usn/USN-1628-1
http://www.ubuntu.com/usn/USN-1898-1
Common Vulnerability Exposure (CVE) ID: CVE-2011-1945
CERT/CC vulnerability note: VU#536044
http://www.kb.cert.org/vuls/id/536044
Debian Security Information: DSA-2309 (Google Search)
http://www.debian.org/security/2011/dsa-2309
http://www.mandriva.com/security/advisories?name=MDVSA-2011:136
http://www.mandriva.com/security/advisories?name=MDVSA-2011:137
http://eprint.iacr.org/2011/232.pdf
http://secunia.com/advisories/44935
SuSE Security Announcement: SUSE-SU-2011:0636 (Google Search)
https://hermes.opensuse.org/messages/8764170
SuSE Security Announcement: openSUSE-SU-2011:0634 (Google Search)
https://hermes.opensuse.org/messages/8760466
Common Vulnerability Exposure (CVE) ID: CVE-2011-3207
http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065744.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065712.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html
HPdes Security Advisory: HPSBMU02752
http://marc.info/?l=bugtraq&m=133226187115472&w=2
HPdes Security Advisory: SSRT100802
http://www.redhat.com/support/errata/RHSA-2011-1409.html
http://www.securitytracker.com/id?1026012
http://secunia.com/advisories/45956
http://secunia.com/advisories/57353
Common Vulnerability Exposure (CVE) ID: CVE-2011-3210
HPdes Security Advisory: HPSBUX02734
http://marc.info/?l=bugtraq&m=132750648501816&w=2
HPdes Security Advisory: SSRT100729
Common Vulnerability Exposure (CVE) ID: CVE-2011-4108
CERT/CC vulnerability note: VU#737740
http://www.kb.cert.org/vuls/id/737740
Debian Security Information: DSA-2390 (Google Search)
http://www.debian.org/security/2012/dsa-2390
HPdes Security Advisory: HPSBMU02776
http://marc.info/?l=bugtraq&m=133951357207000&w=2
HPdes Security Advisory: HPSBMU02786
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041
HPdes Security Advisory: HPSBOV02793
http://marc.info/?l=bugtraq&m=134039053214295&w=2
HPdes Security Advisory: SSRT100852
HPdes Security Advisory: SSRT100877
HPdes Security Advisory: SSRT100891
http://www.mandriva.com/security/advisories?name=MDVSA-2012:006
http://www.mandriva.com/security/advisories?name=MDVSA-2012:007
http://www.isg.rhul.ac.uk/~kp/dtls.pdf
RedHat Security Advisories: RHSA-2012:1306
http://rhn.redhat.com/errata/RHSA-2012-1306.html
RedHat Security Advisories: RHSA-2012:1307
http://rhn.redhat.com/errata/RHSA-2012-1307.html
RedHat Security Advisories: RHSA-2012:1308
http://rhn.redhat.com/errata/RHSA-2012-1308.html
http://secunia.com/advisories/48528
http://secunia.com/advisories/57260
SuSE Security Announcement: SUSE-SU-2012:0084 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.html
SuSE Security Announcement: SUSE-SU-2014:0320 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html
SuSE Security Announcement: openSUSE-SU-2012:0083 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.html
Common Vulnerability Exposure (CVE) ID: CVE-2011-4109
XForce ISS Database: openssl-policy-checks-dos(72129)
https://exchange.xforce.ibmcloud.com/vulnerabilities/72129
Common Vulnerability Exposure (CVE) ID: CVE-2011-4576
http://secunia.com/advisories/55069
Common Vulnerability Exposure (CVE) ID: CVE-2011-4577
Common Vulnerability Exposure (CVE) ID: CVE-2011-4619
HPdes Security Advisory: HPSBUX02782
http://marc.info/?l=bugtraq&m=133728068926468&w=2
HPdes Security Advisory: SSRT100844
Common Vulnerability Exposure (CVE) ID: CVE-2012-0050
BugTraq ID: 51563
http://www.securityfocus.com/bid/51563
Debian Security Information: DSA-2392 (Google Search)
http://www.debian.org/security/2012/dsa-2392
HPdes Security Advisory: HPSBUX02737
http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03169289
HPdes Security Advisory: SSRT100747
http://www.mandriva.com/security/advisories?name=MDVSA-2012:011
http://osvdb.org/78320
http://www.securitytracker.com/id?1026548
http://secunia.com/advisories/47631
http://secunia.com/advisories/47677
http://secunia.com/advisories/47755
Common Vulnerability Exposure (CVE) ID: CVE-2012-2110
BugTraq ID: 53158
http://www.securityfocus.com/bid/53158
Debian Security Information: DSA-2454 (Google Search)
http://www.debian.org/security/2012/dsa-2454
http://www.exploit-db.com/exploits/18756
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079149.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080176.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079299.html
http://archives.neohapsis.com/archives/fulldisclosure/2012-04/0209.html
HPdes Security Advisory: HPSBMU02900
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862
HPdes Security Advisory: SSRT101210
http://www.mandriva.com/security/advisories?name=MDVSA-2012:060
http://osvdb.org/81223
RedHat Security Advisories: RHSA-2012:0518
http://rhn.redhat.com/errata/RHSA-2012-0518.html
RedHat Security Advisories: RHSA-2012:0522
http://rhn.redhat.com/errata/RHSA-2012-0522.html
http://www.securitytracker.com/id?1026957
http://secunia.com/advisories/48847
http://secunia.com/advisories/48895
http://secunia.com/advisories/48899
http://secunia.com/advisories/48942
http://secunia.com/advisories/48999
SuSE Security Announcement: SUSE-SU-2012:0623 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00014.html
SuSE Security Announcement: SUSE-SU-2012:0637 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00015.html
SuSE Security Announcement: SUSE-SU-2012:1149 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00007.html
http://www.ubuntu.com/usn/USN-1424-1
Common Vulnerability Exposure (CVE) ID: CVE-2012-2131
BugTraq ID: 53212
http://www.securityfocus.com/bid/53212
http://www.mandriva.com/security/advisories?name=MDVSA-2012:064
http://www.openwall.com/lists/oss-security/2012/04/24/1
http://secunia.com/advisories/48956
http://www.ubuntu.com/usn/USN-1428-1
XForce ISS Database: openssl-asn1-code-execution(75099)
https://exchange.xforce.ibmcloud.com/vulnerabilities/75099
Common Vulnerability Exposure (CVE) ID: CVE-2012-2333
BugTraq ID: 53476
http://www.securityfocus.com/bid/53476
Debian Security Information: DSA-2475 (Google Search)
http://www.debian.org/security/2012/dsa-2475
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081460.html
HPdes Security Advisory: HPSBOV02852
http://marc.info/?l=bugtraq&m=136432043316835&w=2
HPdes Security Advisory: HPSBUX02814
http://marc.info/?l=bugtraq&m=134919053717161&w=2
HPdes Security Advisory: SSRT100930
HPdes Security Advisory: SSRT101108
http://www.mandriva.com/security/advisories?name=MDVSA-2012:073
http://www.cert.fi/en/reports/2012/vulnerability641549.html
RedHat Security Advisories: RHSA-2012:0699
http://rhn.redhat.com/errata/RHSA-2012-0699.html
http://www.securitytracker.com/id?1027057
http://secunia.com/advisories/49116
http://secunia.com/advisories/49208
http://secunia.com/advisories/49324
http://secunia.com/advisories/50768
http://secunia.com/advisories/51312
SuSE Security Announcement: SUSE-SU-2012:0678 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00019.html
SuSE Security Announcement: SUSE-SU-2012:0679 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00020.html
XForce ISS Database: openssl-tls-record-dos(75525)
https://exchange.xforce.ibmcloud.com/vulnerabilities/75525
Common Vulnerability Exposure (CVE) ID: CVE-2013-0986
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16794
Common Vulnerability Exposure (CVE) ID: CVE-2013-0987
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16759
Common Vulnerability Exposure (CVE) ID: CVE-2013-0988
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16637
Common Vulnerability Exposure (CVE) ID: CVE-2013-0990
Common Vulnerability Exposure (CVE) ID: CVE-2013-0975
Common Vulnerability Exposure (CVE) ID: CVE-2013-1024
http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html
CopyrightCopyright (C) 2014 Greenbone Networks GmbH

Dies ist nur einer von 81291 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2020 E-Soft Inc. Alle Rechte vorbehalten.