10.4.1

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

apple

nessus

NVD

Published: 2005-06-08

Updated: 2008-09-05

Summary

LaunchServices in Apple Mac OS X 10.4.x up to 10.4.1 does not properly mark file extensions and MIME types as unsafe if an Apple Uniform Type Identifier (UTI) is not created when the type is added to the database of unsafe types, which could allow attackers to bypass intended restrictions.

Vulnerable Configurations

Part	Description	Count
OS	Apple Apple MAC OS X Server 10.4 Apple MAC OS X Server 10.4.1	2

Nessus

NASL family	MacOS X Local Security Checks
NASL id	MACOSX_SECUPD2005-006.NASL
description	The remote host is missing Security Update 2005-006. This security update contains security fixes for the following application : - AFP Server - Bluetooth - CoreGraphics - Folder Permissions - launchd - LaunchServices - NFS - PHP - VPN These programs have multiple vulnerabilities, some of which may lead to arbitrary code execution.
last seen	2020-06-01
modified	2020-06-02
plugin id	18437
published	2005-06-08
reporter	This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/18437
title	Mac OS X Multiple Vulnerabilities (Security Update 2005-006)
code	# # (C) Tenable Network Security, Inc. # if ( ! defined_func("bn_random") ) exit(0); include("compat.inc"); if(description) { script_id(18437); script_version ("1.16"); script_cvs_date("Date: 2018/07/14 1:59:35"); if (NASL_LEVEL >= 3000) { script_cve_id("CVE-2005-0524", "CVE-2005-0525", "CVE-2005-1042", "CVE-2005-1043", "CVE-2005-1333", "CVE-2005-1343", "CVE-2005-1720", "CVE-2005-1721", "CVE-2005-1722", "CVE-2005-1723", "CVE-2005-1724", "CVE-2005-1725", "CVE-2005-1726", "CVE-2005-1727", "CVE-2005-1728"); } script_bugtraq_id(13491, 13899); script_name(english:"Mac OS X Multiple Vulnerabilities (Security Update 2005-006)"); script_summary(english:"Check for Security Update 2005-006"); script_set_attribute( attribute:"synopsis", value: "The remote host is missing a Mac OS X update that fixes a security issue." ); script_set_attribute( attribute:"description", value: "The remote host is missing Security Update 2005-006. This security update contains security fixes for the following application : - AFP Server - Bluetooth - CoreGraphics - Folder Permissions - launchd - LaunchServices - NFS - PHP - VPN These programs have multiple vulnerabilities, some of which may lead to arbitrary code execution." ); script_set_attribute( attribute:"see_also", value:"http://support.apple.com/kb/TA23304" ); script_set_attribute( attribute:"solution", value:"Install Security Update 2005-006." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_publication_date", value: "2005/06/08"); script_set_attribute(attribute:"vuln_publication_date", value: "2005/05/03"); script_set_attribute(attribute:"patch_publication_date", value: "2005/06/09"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/MacOSX/packages"); exit(0); } # packages = get_kb_item("Host/MacOSX/packages"); if ( ! packages ) exit(0); uname = get_kb_item("Host/uname"); # MacOS X 10.4.1 if ( egrep(pattern:"Darwin.* (7\.[0-9]\.\|8\.[01]\.)", string:uname) ) { if (!egrep(pattern:"^SecUpd(Srvr)?2005-006", string:packages)) security_hole(0); }

Summary

Vulnerable Configurations

Nessus

References