Vulnerabilities > CVE-2005-3705 - Multiple vulnerability in RETIRED: Apple Mac OS X Security Update 2005-009

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
apple
nessus
NVD
Published: 2005-12-01
Updated: 2017-07-11

Summary

Heap-based buffer overflow in WebKit in Mac OS X and OS X Server 10.3.9 and 10.4.3, as used in applications such as Safari, allows remote attackers to execute arbitrary code via unknown attack vectors.

Vulnerable Configurations

Part Description Count
OS
Apple
4

Nessus

NASL familyMacOS X Local Security Checks
NASL idMACOSX_SECUPD2005-009.NASL
descriptionThe remote host is running Apple Mac OS X, but lacks Security Update 2005-009. This security update contains fixes for the following applications : - Apache2 - Apache_mod_ssl - CoreFoundation - curl - iodbcadmintool - OpenSSL - passwordserver - Safari - sudo - syslog
last seen2020-06-01
modified2020-06-02
plugin id20249
published2005-11-30
reporterThis script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/20249
titleMac OS X Multiple Vulnerabilities (Security Update 2005-009)
code
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(20249);
  script_version("1.20");
  script_cvs_date("Date: 2018/07/14  1:59:35");

  script_cve_id("CVE-2005-1993", "CVE-2005-2088", "CVE-2005-2272", "CVE-2005-2491", "CVE-2005-2700",
                "CVE-2005-2757", "CVE-2005-2969", "CVE-2005-3185", "CVE-2005-3700", "CVE-2005-3701",
                "CVE-2005-3702", "CVE-2005-3704", "CVE-2005-3705");
  script_bugtraq_id(13993, 14011, 14106, 14620, 14721, 15071, 15102, 16882, 16903, 16904, 16926, 29011);

  script_name(english:"Mac OS X Multiple Vulnerabilities (Security Update 2005-009)");
  script_summary(english:"Check for Security Update 2005-009");

  script_set_attribute(attribute:"synopsis", value:"The remote operating system is missing a vendor-supplied patch.");
  script_set_attribute(attribute:"description", value:
"The remote host is running Apple Mac OS X, but lacks
Security Update 2005-009.

This security update contains fixes for the following
applications :

- Apache2
- Apache_mod_ssl
- CoreFoundation
- curl
- iodbcadmintool
- OpenSSL
- passwordserver
- Safari
- sudo
- syslog");
  script_set_attribute(attribute:"see_also", value:"http://docs.info.apple.com/article.html?artnum=302847");
  script_set_attribute(attribute:"solution", value:
"Mac OS X 10.4 :
http://www.apple.com/support/downloads/securityupdate2005009tigerclient.html
http://www.apple.com/support/downloads/securityupdate2005009tigerserver.html

Mac OS X 10.3 :
http://www.apple.com/support/downloads/securityupdate2005009pantherclient.html
http://www.apple.com/support/downloads/securityupdate2005009pantherserver.html");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2005/06/06");
  script_set_attribute(attribute:"patch_publication_date", value:"2005/06/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2005/11/30");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.");
  script_family(english:"MacOS X Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/MacOSX/packages");
  exit(0);
}


packages = get_kb_item("Host/MacOSX/packages");
if ( ! packages ) exit(0);


uname = get_kb_item("Host/uname");
if ( egrep(pattern:"Darwin.* (7\.[0-9]\.|8\.[0-3]\.)", string:uname) )
{
  if (!egrep(pattern:"^SecUpd(Srvr)?(2005-009|2006-00[123467]|2007-003)", string:packages)) security_hole(0);
}

References