Vulnerabilities > CVE-2009-0013 - Credentials Management vulnerability in Apple mac OS X and mac OS X Server

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
apple
CWE-255
nessus
NVD
Published: 2009-02-13
Updated: 2017-08-08

Summary

dscl in DS Tools in Apple Mac OS X 10.4.11 and 10.5.6 requires that passwords must be provided as command line arguments, which allows local users to gain privileges by listing process information.

Vulnerable Configurations

Part Description Count
OS
Apple
4

Common Weakness Enumeration (CWE)

Nessus

NASL familyMacOS X Local Security Checks
NASL idMACOSX_SECUPD2009-001.NASL
descriptionThe remote host is running a version of Mac OS X 10.5 or 10.4 that does not have Security Update 2009-001 applied. This security update contains fixes for the following products : - AFP Server - Apple Pixlet Video - CarbonCore - CFNetwork - Certificate Assistant - ClamAV - CoreText - CUPS - DS Tools - fetchmail - Folder Manager - FSEvents - Network Time - perl - Printing - python - Remote Apple Events - Safari RSS - servermgrd - SMB - SquirrelMail - X11 - XTerm
last seen2020-06-01
modified2020-06-02
plugin id35684
published2009-02-13
reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/35684
titleMac OS X Multiple Vulnerabilities (Security Update 2009-001)
code
#
# (C) Tenable Network Security, Inc.
#


if (!defined_func("bn_random")) exit(0);
if (NASL_LEVEL < 3004) exit(0);

include("compat.inc");

if (description)
{
  script_id(35684);
  script_version("1.32");
  script_cvs_date("Date: 2018/07/16 12:48:31");

  script_cve_id("CVE-2006-1861", "CVE-2006-3467", "CVE-2007-1351", "CVE-2007-1352", "CVE-2007-1667",
                "CVE-2007-4565", "CVE-2007-4965", "CVE-2008-1377", "CVE-2008-1379", "CVE-2008-1679",
                "CVE-2008-1721", "CVE-2008-1806", "CVE-2008-1807", "CVE-2008-1808", "CVE-2008-1887",
                "CVE-2008-1927", "CVE-2008-2315", "CVE-2008-2316", "CVE-2008-2360", "CVE-2008-2361",
                "CVE-2008-2362", "CVE-2008-2379", "CVE-2008-2711", "CVE-2008-3142", "CVE-2008-3144",
                "CVE-2008-3663", "CVE-2008-4864", "CVE-2008-5031", "CVE-2008-5050", "CVE-2008-5183",
                "CVE-2008-5314", "CVE-2009-0009", "CVE-2009-0011", "CVE-2009-0012", "CVE-2009-0013",
                "CVE-2009-0014", "CVE-2009-0015", "CVE-2009-0017", "CVE-2009-0018", "CVE-2009-0019",
                "CVE-2009-0020", "CVE-2009-0137", "CVE-2009-0138", "CVE-2009-0139", "CVE-2009-0140",
                "CVE-2009-0141", "CVE-2009-0142");
  script_bugtraq_id(25495, 25696, 28715, 28749, 28928, 29705, 30491, 31976, 32207, 32555,
                    33187, 33796, 33798, 33800, 33806, 33808, 33809, 33810, 33811, 33812,
                    33813, 33814, 33815, 33816, 33820, 33821);

  script_name(english:"Mac OS X Multiple Vulnerabilities (Security Update 2009-001)");
  script_summary(english:"Check for the presence of Security Update 2009-001");

  script_set_attribute(  attribute:"synopsis",   value:
"The remote host is missing a Mac OS X update that fixes various
security issues."  );
  script_set_attribute( attribute:"description", value:
"The remote host is running a version of Mac OS X 10.5 or 10.4 that
does not have Security Update 2009-001 applied.

This security update contains fixes for the following products :

  - AFP Server
  - Apple Pixlet Video
  - CarbonCore
  - CFNetwork
  - Certificate Assistant
  - ClamAV
  - CoreText
  - CUPS
  - DS Tools
  - fetchmail
  - Folder Manager
  - FSEvents
  - Network Time
  - perl
  - Printing
  - python
  - Remote Apple Events
  - Safari RSS
  - servermgrd
  - SMB
  - SquirrelMail
  - X11
  - XTerm"  );
  script_set_attribute(
    attribute:"see_also", 
    value:"http://support.apple.com/kb/ht3438"
  );
  script_set_attribute(
    attribute:"see_also", 
    value:"http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
  );
  script_set_attribute( attribute:"solution", value:
    "Install Security Update 2009-001 or later." );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_cwe_id(20, 79, 119, 189, 255, 264, 287, 310, 362, 399);
  script_set_attribute(attribute:"plugin_publication_date", value: "2009/02/13");
  script_set_attribute(attribute:"patch_publication_date", value: "2009/02/12");
  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"MacOS X Local Security Checks");
  script_copyright(english:"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/MacOSX/packages", "Host/uname");
  exit(0);
}

#

uname = get_kb_item("Host/uname");
if (!uname) exit(1, "The 'Host/uname' KB item is missing.");

if (egrep(pattern:"Darwin.* (8\.[0-9]\.|8\.1[01]\.)", string:uname))
{
  packages = get_kb_item("Host/MacOSX/packages");
  if (!packages) exit(1, "The 'Host/MacOSX/packages' KB item is missing.");

  if (egrep(pattern:"^SecUpd(Srvr)?(2009-00[1-9]|20[1-9][0-9]-)", string:packages))
    exit(0, "The host has Security Update 2009-001 or later installed and therefore is not affected.");
  else
    security_hole(0);
}
else if (egrep(pattern:"Darwin.* (9\.[0-6]\.)", string:uname))
{
  packages = get_kb_item("Host/MacOSX/packages/boms");
  if (!packages) exit(1, "The 'Host/MacOSX/packages/boms' KB item is missing.");

  if (egrep(pattern:"^com\.apple\.pkg\.update\.security\.(2009\.00[1-9]|20[1-9][0-9]\.[0-9]+)\.bom", string:packages))
    exit(0, "The host has Security Update 2009-001 or later installed and therefore is not affected.");
  else
    security_hole(0);
}
else exit(0, "The host is not affected.");

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 33759 CVE(CAN) ID: CVE-2009-0009,CVE-2009-0020,CVE-2009-0142,CVE-2009-0011,CVE-2009-0012,CVE-2009-0013,CVE-2009-0014,CVE-2009-0015,CVE-2009-0017,CVE-2009-0018,CVE-2009-0019,CVE-2009-0137,CVE-2009-0138,CVE-2009-0139,CVE-2009-0140,CVE-2009-0141 Mac OS X是苹果家族机器所使用的操作系统。 Apple 2009-001安全更新修复了Mac OS X中的多个安全漏洞,本地或远程攻击者可能利用这些漏洞导致拒绝服务、读取敏感信息或执行任意代码。 CVE-2009-0009 使用Pixlet codec处理电影文件时存在内存破坏漏洞,打开特制的电影文件可能导致应用程序意外终止或执行任意代码。 CVE-2009-0020 资源管理器处理资源fork时存在内存破坏漏洞,打开带有特制资源fork的文件可能导致应用程序意外终止或执行任意代码。 CVE-2009-0142 AFP服务器中的竞争条件可能导致死循环,在AFP服务器上枚举文件可能触发拒绝服务。 CVE-2009-0011 证书助手处理临时文件的方式存在不安全的文件操作,可能允许本地用户以其他用户的权限覆盖文件。 CVE-2009-0012 在CoreText中处理Unicode字符串时存在堆溢出,使用CoreText处理特制的Unicode字符串(如查看特制的网页)可能导致应用程序意外终止或执行任意代码。 CVE-2009-0013 dscl命令行工具要求以参数的形式传送口令,这可能导致向其他本地用户暴露口令。 CVE-2009-0014 文件夹管理器中存在默认权限问题,当用户删除下载文件夹且文件夹管理器重新创建时,可能以任何用户都可读的权限创建文件夹。 CVE-2009-0015 fseventsd中存在凭据管理问题,本地用户可以使用FSEvents框架查看其他情况下不可看到的文件系统行为,包括目录名称和指定时间的删除行为。 CVE-2009-0017 csregprinter中的错误处理问题可能导致堆溢出,这允许本地用户获得系统权限。 CVE-2009-0018 Remote Apple Events服务器中的未初始化缓冲区问题可能导致向网络客户端泄露内存内容。 CVE-2009-0019 Remote Apple Events中存在越界内存访问,启用Remote Apple Events可能导致应用程序意外终止或向网络客户端泄露敏感信息。 CVE-2009-0137 Safari处理feed: URLs的方式存在多个输入验证错误,可能允许在本地安全区中执行任意JavaScript。 CVE-2009-0138 服务器管理器验证认证凭据方式的漏洞可能允许远程攻击者更改系统配置。 CVE-2009-0139 SMB文件系统中的整数溢出可能触发堆溢出,连接到恶意的SMB文件系统可能导致系统关闭或以系统权限执行任意代码。 CVE-2009-0140 SMB文件系统处理文件系统名称的方式存在内存耗尽问题,连接到恶意的SMB文件系统服务器可能导致系统意外关机。 CVE-2009-0141 Xterm中存在权限问题。在同luit使用时,Xterm会创建任何用户都可访问的tty设备。 Apple Mac OS X 10.5.6 Apple MacOS X Server 10.5.6 Apple Safari 3.2.2 for Windows 厂商补丁: Apple ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href=http://support.apple.com/downloads/Security_Update_2009_001__Tiger_Intel_ target=_blank rel=external nofollow>http://support.apple.com/downloads/Security_Update_2009_001__Tiger_Intel_</a> <a href=http://support.apple.com/downloads/Security_Update_2009_001__Tiger_PPC target=_blank rel=external nofollow>http://support.apple.com/downloads/Security_Update_2009_001__Tiger_PPC</a> _
idSSV:4762
last seen2017-11-19
modified2009-02-13
published2009-02-13
reporterRoot
titleApple Mac OS X 2009-001更新修复多个安全漏洞

References