Vulnerabilities > CVE-2005-2742 - Unspecified vulnerability in Apple mac OS X and mac OS X Server

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
apple
nessus
NVD
Published: 2005-10-26
Updated: 2024-11-21

Summary

SecurityAgent in Apple Mac OS X 10.4.2, under certain circumstances, can cause the "Switch User..." button to appear even though the "Enable fast user switching" setting is disabled, which can allow attackers with physical access to gain access to the desktop and bypass the "Require password to wake this computer from sleep or screen saver" setting.

Vulnerable Configurations

Part Description Count
OS
Apple
2

Nessus

NASL familyMacOS X Local Security Checks
NASL idMACOSX_SECUPD2005-008.NASL
descriptionThe remote host is running Apple Mac OS X, but lacks Security Update 2005-008. This security update contains fixes for the following applications : - ImageIO - LibSystem - Mail - QuickDraw - Ruby - SecurityAgent - securityd
last seen2020-06-01
modified2020-06-02
plugin id19773
published2005-09-23
reporterThis script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/19773
titleMac OS X Multiple Vulnerabilities (Security Update 2005-008)
code
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
 script_id(19773);
 script_version("1.19");
 script_cvs_date("Date: 2018/07/14  1:59:35");

  script_cve_id("CVE-2005-1992", "CVE-2005-2524", "CVE-2005-2741", "CVE-2005-2742", "CVE-2005-2743",
                "CVE-2005-2744", "CVE-2005-2745", "CVE-2005-2746", "CVE-2005-2747", "CVE-2005-2748");
 script_bugtraq_id(14914, 14939);

 script_name(english:"Mac OS X Multiple Vulnerabilities (Security Update 2005-008)");
 script_summary(english:"Check for Security Update 2005-008");

 script_set_attribute(attribute:"synopsis", value:"The remote operating system is missing a vendor-supplied patch.");
 script_set_attribute(attribute:"description", value:
"The remote host is running Apple Mac OS X, but lacks
Security Update 2005-008.

This security update contains fixes for the following
applications :

- ImageIO
- LibSystem
- Mail
- QuickDraw
- Ruby
- SecurityAgent
- securityd");
 # http://web.archive.org/web/20060419122213/http://docs.info.apple.com/article.html?artnum=302413
 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b7db6d8b");
 script_set_attribute(attribute:"solution", value:
"Mac OS X 10.4 :
http://support.apple.com/downloads/Security_Update_2005_008__Mac_OS_X_10_4_2_

Mac OS X 10.3 :
http://support.apple.com/downloads/Security_Update_2005_008__Mac_OS_X_10_3_9_");
 script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C");
 script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"false");

 script_set_attribute(attribute:"vuln_publication_date", value:"2005/06/22");
 script_set_attribute(attribute:"patch_publication_date", value:"2005/06/22");
 script_set_attribute(attribute:"plugin_publication_date", value:"2005/09/23");

 script_set_attribute(attribute:"plugin_type", value:"local");
 script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x");
 script_end_attributes();

 script_category(ACT_GATHER_INFO);
 script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.");
 script_family(english:"MacOS X Local Security Checks");

 script_dependencies("ssh_get_info.nasl");
 script_require_keys("Host/MacOSX/packages");
 exit(0);
}


packages = get_kb_item("Host/MacOSX/packages");
if ( ! packages ) exit(0);


uname = get_kb_item("Host/uname");
if ( egrep(pattern:"Darwin.* (7\.[0-9]\.|8\.2\.)", string:uname) )
{
  if (!egrep(pattern:"^SecUpd(Srvr)?(2005-008|2006-00[123467]|2007-003)", string:packages)) security_hole(0);
}

References