Vulnerabilities > CVE-2004-0079 - NULL Pointer Dereference vulnerability in multiple products

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2005:830 and 
# CentOS Errata and Security Advisory 2005:830 respectively.
#

include("compat.inc");

if (description)
{
  script_id(21870);
  script_version("1.19");
  script_cvs_date("Date: 2019/10/25 13:36:03");

  script_cve_id("CVE-2004-0079");
  script_bugtraq_id(9899);
  script_xref(name:"RHSA", value:"2005:830");

  script_name(english:"CentOS 3 / 4 : openssl096b (CESA-2005:830)");
  script_summary(english:"Checks rpm output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote CentOS host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Updated OpenSSL096b compatibility packages that fix a remote denial of
service vulnerability are now available.

This update has been rated as having moderate security impact by the
Red Hat Security Response Team.

The OpenSSL toolkit implements Secure Sockets Layer (SSL v2/v3),
Transport Layer Security (TLS v1) protocols, and serves as a
full-strength general purpose cryptography library. OpenSSL 0.9.6b
libraries are provided for Red Hat Enterprise Linux 3 and 4 to allow
compatibility with legacy applications.

Testing performed by the OpenSSL group using the Codenomicon TLS Test
Tool uncovered a NULL pointer assignment in the
do_change_cipher_spec() function. A remote attacker could perform a
carefully crafted SSL/TLS handshake against a server that uses the
OpenSSL library in such a way as to cause OpenSSL to crash. Depending
on the server this could lead to a denial of service. (CVE-2004-0079)

This issue was reported as not affecting OpenSSL versions prior to
0.9.6c, and testing with the Codenomicon Test Tool showed that OpenSSL
0.9.6b as shipped as a compatibility library with Red Hat Enterprise
Linux 3 and 4 did not crash. However, an alternative reproducer has
been written which shows that this issue does affect versions of
OpenSSL prior to 0.9.6c.

Note that Red Hat does not ship any applications with Red Hat
Enterprise Linux 3 or 4 that use these compatibility libraries.

Users of the OpenSSL096b compatibility package are advised to upgrade
to these updated packages, which contain a patch provided by the
OpenSSL group that protect against this issue."
  );
  # https://lists.centos.org/pipermail/centos-announce/2005-November/012352.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?4dad2955"
  );
  # https://lists.centos.org/pipermail/centos-announce/2005-November/012357.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?a0a9eed0"
  );
  # https://lists.centos.org/pipermail/centos-announce/2005-November/012370.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?121e2d2d"
  );
  # https://lists.centos.org/pipermail/centos-announce/2005-November/012371.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?6d9aeddb"
  );
  # https://lists.centos.org/pipermail/centos-announce/2005-November/012373.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?dfdafd39"
  );
  # https://lists.centos.org/pipermail/centos-announce/2005-November/012374.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?3914e401"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected openssl096b package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:openssl096b");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:3");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:4");

  script_set_attribute(attribute:"vuln_publication_date", value:"2004/11/23");
  script_set_attribute(attribute:"patch_publication_date", value:"2005/11/02");
  script_set_attribute(attribute:"plugin_publication_date", value:"2006/07/03");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"CentOS Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/CentOS/release");
if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
os_ver = os_ver[1];
if (! preg(pattern:"^(3|4)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 3.x / 4.x", "CentOS " + os_ver);

if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);


flag = 0;
if (rpm_check(release:"CentOS-3", reference:"openssl096b-0.9.6b-16.42")) flag++;

if (rpm_check(release:"CentOS-4", reference:"openssl096b-0.9.6b-22.42")) flag++;


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openssl096b");
}

#
# (C) Tenable Network Security, Inc.
#

# better URL in solution, preserving old:
#http://www.apple.com/downloads/macosx/apple/securityupdate__2004-05-03_(10_3_3_Client).html
#http://www.apple.com/downloads/macosx/apple/securityupdate_2004-05-03_(10_2_8_Client).html
#http://www.apple.com/downloads/macosx/apple/securityupdate_2004-05-03_(10_2_8_Server).html
#http://www.apple.com/downloads/macosx/apple/securityupdate.html
               
if ( ! defined_func("bn_random") ) exit(0);

include("compat.inc");

if(description)
{
 script_id(12518);
 script_version ("1.17");
 script_cve_id(
   "CVE-2004-0020",
   "CVE-2004-0113",
   "CVE-2004-0155",
   "CVE-2004-0174",
   "CVE-2004-0392",
   "CVE-2004-0403", 
   "CVE-2004-0428",
   "CVE-2004-0430"
 );

 script_name(english:"Mac OS X Multiple Vulnerabilities (Security Update 2004-05-03)");
 script_summary(english:"Check for Security Update 2004-05-03");
 
 script_set_attribute(
   attribute:"synopsis",
   value:
"The remote host is missing a Mac OS X update that fixes a security
issue." );
 script_set_attribute(
   attribute:"description", 
   value:
"The remote host is missing Security Update 2004-05-03.
This security update includes updates for AFP Server, CoreFoundation,
and IPSec.

It also includes Security Update 2004-04-05, which includes updates
for CUPS, libxml2, Mail, and OpenSSL.

For Mac OS X 10.2.8, it also includes updates for Apache 1.3,
cd9660.util, Classic, CUPS, Directory Services, DiskArbitration,
fetchmail, fs_usage, gm4, groff, Mail, OpenSSL, Personal File Sharing,
PPP, rsync, Safari, System Configuration, System Initialization, and
zlib.

This update fixes various issues which may allow an attacker to
execute arbitrary code on the remote host." );
 script_set_attribute(
   attribute:"see_also",
   value:"http://support.apple.com/kb/HT1646"
 );
 script_set_attribute(
   attribute:"see_also",
   value:"http://lists.apple.com/archives/security-announce/2004/May/msg00000.html"
 );
 script_set_attribute(
   attribute:"solution", 
   value:"Install Security Update 2004-05-03."
 );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
 script_set_attribute(attribute:"metasploit_name", value:'AppleFileServer LoginExt PathName Overflow');
 script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
 script_set_attribute(attribute:"plugin_publication_date", value: "2004/07/06");
 script_set_attribute(attribute:"vuln_publication_date", value: "2003/02/24");
 script_set_attribute(attribute:"patch_publication_date", value: "2004/05/03");
 script_cvs_date("Date: 2018/08/10 18:07:07");
 script_set_attribute(attribute:"plugin_type", value:"local");
 script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x");
 script_end_attributes();

 script_category(ACT_GATHER_INFO);
 script_family(english:"MacOS X Local Security Checks");

 script_copyright(english:"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.");

 script_dependencies("ssh_get_info.nasl");
 script_require_keys("Host/MacOSX/packages");
 exit(0);
}


packages = get_kb_item("Host/MacOSX/packages");
if ( ! packages ) exit(0);

uname = get_kb_item("Host/uname");
os    = get_kb_item("Host/MacOSX/Version");
if ( egrep(pattern:"Mac OS X 10\.3.* Server", string:os) ) exit(0);

# MacOS X 10.2.8 and 10.3.3 only
if ( egrep(pattern:"Darwin.* (6\.8\.|7\.3\.)", string:uname) )
{
  if ( ! egrep(pattern:"^SecUpd2004-05-03", string:packages) ) security_hole(0);
  else {
	set_kb_item(name:"CVE-2004-0174", value:TRUE);
	set_kb_item(name:"CVE-2003-0020", value:TRUE);
	set_kb_item(name:"CVE-2004-0079", value:TRUE);
	set_kb_item(name:"CVE-2004-0081", value:TRUE);
	set_kb_item(name:"CVE-2004-0112", value:TRUE);
	}
}

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 200403-03.
#
# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike 
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#

include("compat.inc");

if (description)
{
  script_id(14454);
  script_version("1.13");
  script_cvs_date("Date: 2019/08/02 13:32:41");

  script_cve_id("CVE-2004-0079", "CVE-2004-0081", "CVE-2004-0112");
  script_xref(name:"GLSA", value:"200403-03");

  script_name(english:"GLSA-200403-03 : Multiple OpenSSL Vulnerabilities");
  script_summary(english:"Checks for updated package(s) in /var/db/pkg");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Gentoo host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The remote host is affected by the vulnerability described in GLSA-200403-03
(Multiple OpenSSL Vulnerabilities)

    Testing performed by the OpenSSL group using the Codenomicon TLS Test
    Tool uncovered a NULL pointer assignment in the do_change_cipher_spec()
    function. A remote attacker could perform a carefully crafted SSL/TLS
    handshake against a server that used the OpenSSL library in such a way
    as to cause OpenSSL to crash. Depending on the application this could
    lead to a denial of service. All versions of OpenSSL from 0.9.6c to
    0.9.6l inclusive and from 0.9.7a to 0.9.7c inclusive are affected by
    this issue.
    A flaw has been discovered in SSL/TLS handshaking code when using
    Kerberos ciphersuites. A remote attacker could perform a carefully
    crafted SSL/TLS handshake against a server configured to use Kerberos
    ciphersuites in such a way as to cause OpenSSL to crash. Most
    applications have no ability to use Kerberos cipher suites and will
    therefore be unaffected. Versions 0.9.7a, 0.9.7b, and 0.9.7c of OpenSSL
    are affected by this issue.
    Testing performed by the OpenSSL group using the Codenomicon TLS Test
    Tool uncovered a bug in older versions of OpenSSL 0.9.6 that can lead
    to a Denial of Service attack (infinite loop). This issue was traced to
    a fix that was added to OpenSSL 0.9.6d some time ago. This issue will
    affect vendors that ship older versions of OpenSSL with backported
    security patches.
  
Impact :

    Although there are no public exploits known for bug, users are
    recommended to upgrade to ensure the security of their infrastructure.
  
Workaround :

    There is no immediate workaround; a software upgrade is required. The
    vulnerable function in the code has been rewritten."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security.gentoo.org/glsa/200403-03"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"All users are recommened to upgrade openssl to either 0.9.7d or 0.9.6m:
    # emerge sync
    # emerge -pv '>=dev-libs/openssl-0.9.7d'
    # emerge '>=dev-libs/openssl-0.9.7d'"
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:openssl");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2004/03/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2004/08/30");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.");
  script_family(english:"Gentoo Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("qpkg.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;

if (qpkg_check(package:"dev-libs/openssl", unaffected:make_list("ge 0.9.7d", "eq 0.9.6m"), vulnerable:make_list("le 0.9.7c"))) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = qpkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "dev-libs/openssl");
}

#%NASL_MIN_LEVEL 999999

# @DEPRECATED@
#
# This script has been deprecated by freebsd_pkg_68233cba777411d889ed0020ed76ef5a.nasl.
#
# Disabled on 2011/10/02.
#

#
# (C) Tenable Network Security, Inc.
#
# This script contains information extracted from VuXML :
#
# Copyright 2003-2006 Jacques Vidrine and contributors
#
# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
# HTML, PDF, PostScript, RTF and so forth) with or without modification,
# are permitted provided that the following conditions are met:
# 1. Redistributions of source code (VuXML) must retain the above
#   copyright notice, this list of conditions and the following
#   disclaimer as the first lines of this file unmodified.
# 2. Redistributions in compiled form (transformed to other DTDs,
#   published online in any format, converted to PDF, PostScript,
#   RTF and other formats) must reproduce the above copyright
#   notice, this list of conditions and the following disclaimer
#   in the documentation and/or other materials provided with the
#   distribution.
#
# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#
#
#

include('compat.inc');

if ( description )
{
 script_id(12588);
 script_version("1.13");
 script_bugtraq_id(9899);
 script_cve_id("CVE-2004-0079");

 script_name(english:"FreeBSD : OpenSSL ChangeCipherSpec denial-of-service vulnerability (132)");

script_set_attribute(attribute:'synopsis', value: 'The remote host is missing a security update');
script_set_attribute(attribute:'description', value:'The following package needs to be updated: openssl-beta');
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
 script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:'solution', value: 'Update the package on the remote host');
script_set_attribute(attribute: 'see_also', value: 'http://bugs.mysql.com/bug.php?id=35658
http://bugzilla.remotesensing.org/show_bug.cgi?id=843
http://drupal.org/node/53806
http://www.gentoo.org/security/en/glsa/glsa-200505-07.xml
http://www.mozilla.org/projects/security/known-vulnerabilities.html
http://www.mozilla.org/security/announce/mfsa2005-45.html
http://www.mozilla.org/security/announce/mfsa2005-46.html
http://www.mozilla.org/security/announce/mfsa2005-47.html
http://www.mozilla.org/security/announce/mfsa2005-48.html
http://www.mozilla.org/security/announce/mfsa2005-49.html
http://www.mozilla.org/security/announce/mfsa2005-50.html
http://www.mozilla.org/security/announce/mfsa2005-51.html
http://www.openssl.org/news/secadv_20040317.txt');
script_set_attribute(attribute:'see_also', value: 'http://www.FreeBSD.org/ports/portaudit/68233cba-7774-11d8-89ed-0020ed76ef5a.html');

 script_set_attribute(attribute:"plugin_publication_date", value: "2004/07/06");
 script_cvs_date("Date: 2018/07/20  0:18:52");
 script_end_attributes();
 script_summary(english:"Check for openssl-beta");
 script_category(ACT_GATHER_INFO);
 script_copyright(english:"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.");
 family["english"] = "FreeBSD Local Security Checks";
 script_family(english:family["english"]);
 script_dependencies("ssh_get_info.nasl");
 script_require_keys("Host/FreeBSD/pkg_info");
 exit(0);
}

# Deprecated.
exit(0, "This plugin has been deprecated. Refer to plugin #37800 (freebsd_pkg_68233cba777411d889ed0020ed76ef5a.nasl) instead.");

global_var cvss_score;
cvss_score=5;
include('freebsd_package.inc');


pkg_test(pkg:"openssl<0.9.7d");

pkg_test(pkg:"openssl-beta<0.9.7d");

#
# (C) Tenable Network Security, Inc.
#

if ( ! defined_func("bn_random") ) exit(0);
if (NASL_LEVEL < 3004) exit(0);

include("compat.inc");

if(description)
{
 script_id(19463);
 script_version ("1.15");
 script_cvs_date("Date: 2018/07/14  1:59:35");

 script_cve_id("CVE-2005-1344", "CVE-2004-0942", "CVE-2004-0885", "CVE-2004-1083", "CVE-2004-1084",
               "CVE-2005-2501", "CVE-2005-2502", "CVE-2005-2503", "CVE-2005-2504", "CVE-2005-2505",
               "CVE-2005-2506", "CVE-2005-2525", "CVE-2005-2526", "CVE-2005-2507", "CVE-2005-2508",
               "CVE-2005-2519", "CVE-2005-2513", "CVE-2004-1189", "CVE-2005-1174", "CVE-2005-1175",
               "CVE-2005-1689", "CVE-2005-2511", "CVE-2005-2509", "CVE-2005-2512", "CVE-2005-2745",
               "CVE-2005-0709", "CVE-2005-0710", "CVE-2005-0711", "CVE-2004-0079", "CVE-2004-0112",
               "CVE-2005-2514", "CVE-2005-2515", "CVE-2005-2516", "CVE-2005-2517", "CVE-2005-2524",
               "CVE-2005-2520", "CVE-2005-2518", "CVE-2005-2510", "CVE-2005-1769", "CVE-2005-2095",
               "CVE-2005-2521", "CVE-2005-2522", "CVE-2005-2523", "CVE-2005-0605", "CVE-2005-2096",
               "CVE-2005-1849");
 script_bugtraq_id(14567, 14569);

 script_name(english:"Mac OS X Multiple Vulnerabilities (Security Update 2005-007)");
 script_summary(english:"Check for Security Update 2005-007");
 
 script_set_attribute(attribute:"synopsis", value:
"The remote host is missing a Mac OS X update that fixes various
security issues." );
 script_set_attribute(attribute:"description",  value:
"The remote host is running a version of Mac OS X 10.4 or 10.3 that
does not have Security Update 2005-007 applied.

This security update contains fixes for the following products :

  - Apache 2
  - AppKit
  - Bluetooth
  - CoreFoundation
  - CUPS
  - Directory Services
  - HItoolbox
  - Kerberos
  - loginwindow
  - Mail
  - MySQL
  - OpenSSL
  - QuartzComposerScreenSaver
  - ping
  - Safari
  - SecurityInterface
  - servermgrd
  - servermgr_ipfilter
  - SquirelMail
  - traceroute
  - WebKit
  - WebLog Server
  - X11
  - zlib" );
  # http://web.archive.org/web/20060406190355/http://docs.info.apple.com/article.html?artnum=302163
  script_set_attribute(
    attribute:"see_also", 
    value:"http://www.nessus.org/u?74ffa359"
  );
 script_set_attribute(attribute:"solution", value:
"!Install Security Update 2005-007." );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_cwe_id(119);
 script_set_attribute(attribute:"plugin_publication_date", value: "2005/08/18");
 script_set_attribute(attribute:"vuln_publication_date", value: "2005/08/12");
 script_set_attribute(attribute:"patch_publication_date", value: "2005/08/12");
 script_set_attribute(attribute:"plugin_type", value:"local");
 script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x");
 script_end_attributes();

 script_category(ACT_GATHER_INFO);
 script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.");
 script_family(english:"MacOS X Local Security Checks");
 script_dependencies("ssh_get_info.nasl");
 script_require_keys("Host/MacOSX/packages");
 exit(0);
}

#

packages = get_kb_item("Host/MacOSX/packages");
if ( ! packages ) exit(0);


uname = get_kb_item("Host/uname");
# MacOS X 10.4.2
if ( egrep(pattern:"Darwin.* (7\.[0-9]\.|8\.2\.)", string:uname) )
{
  if (!egrep(pattern:"^SecUpd(Srvr)?2005-007", string:packages)) security_hole(0);
}

• name	Yuzheng Zhou
  organization	Hewlett-Packard

• name	Shane Shaffer
  organization	G2, Inc.

• name	Matt Busby
  organization	The MITRE Corporation

• name	Matt Busby
  organization	The MITRE Corporation

• name	Matt Busby
  organization	The MITRE Corporation

• name	Thomas R. Jones
  organization	Maitreya Security

• name	Matt Busby
  organization	The MITRE Corporation

• name	Matt Busby
  organization	The MITRE Corporation

• name	Thomas R. Jones
  organization	Maitreya Security

• name	Aharon Chernin
  organization	SCAP.com, LLC

• name	Dragos Prisaca
  organization	G2, Inc.

• comment	The operating system installed on the system is Red Hat Enterprise Linux 3
  oval	oval:org.mitre.oval:def:11782

• comment	CentOS Linux 3.x
  oval	oval:org.mitre.oval:def:16651

• comment	The operating system installed on the system is Red Hat Enterprise Linux 4
  oval	oval:org.mitre.oval:def:11831

• comment	CentOS Linux 4.x
  oval	oval:org.mitre.oval:def:16636

• comment	Oracle Linux 4.x
  oval	oval:org.mitre.oval:def:15990