Vulnerabilities > CVE-2010-1377 - Cryptographic Issues vulnerability in Apple mac OS X and mac OS X Server
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Open Directory in Apple Mac OS X 10.6 before 10.6.4 creates an unencrypted connection upon certain SSL failures, which allows man-in-the-middle attackers to spoof arbitrary network account servers, and possibly execute arbitrary code, via unspecified vectors.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 8 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Signature Spoofing by Key Recreation An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Nessus
NASL family | MacOS X Local Security Checks |
NASL id | MACOSX_10_6_4.NASL |
description | The remote host is running a version of Mac OS X 10.6.x that is prior to 10.6.4. Mac OS X 10.6.4 contains security fixes for the following components : - CUPS - DesktopServices - Flash Player plug-in - Folder Manager - Help Viewer - iChat - ImageIO - Kerberos - Kernel - libcurl - Network Authorization - Open Directory - Printer Setup - Printing - Ruby - SMB File Server - SquirrelMail - Wiki Server |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 47023 |
published | 2010-06-15 |
reporter | This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/47023 |
title | Mac OS X 10.6.x < 10.6.4 Multiple Vulnerabilities |
code |
|