Vulnerabilities > CVE-2011-3453 - Numeric Errors vulnerability in Apple mac OS X Server
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Integer overflow in libresolv in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via crafted DNS data.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2012-001.NASL description The remote host is running a version of Mac OS X 10.6 that does not have Security Update 2012-001 applied. This update contains multiple security-related fixes for the following components : - Apache - ATS - ColorSync - CoreAudio - CoreMedia - CoreText - curl - Data Security - dovecot - filecmds - libresolv - libsecurity - OpenGL - PHP - QuickTime - SquirrelMail - Subversion - Tomcat - X11 last seen 2020-06-01 modified 2020-06-02 plugin id 57798 published 2012-02-02 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/57798 title Mac OS X Multiple Vulnerabilities (Security Update 2012-001) (BEAST) NASL family MacOS X Local Security Checks NASL id MACOSX_10_7_3.NASL description The remote host is running a version of Mac OS X 10.7.x that is prior to 10.7.3. The newer version contains multiple security-related fixes for the following components : - Address Book - Apache - ATS - CFNetwork - CoreMedia - CoreText - CoreUI - curl - Data Security - dovecot - filecmds - ImageIO - Internet Sharing - Libinfo - libresolv - libsecurity - OpenGL - PHP - QuickTime - Subversion - Time Machine - WebDAV Sharing - Webmail - X11 last seen 2020-06-01 modified 2020-06-02 plugin id 57797 published 2012-02-02 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/57797 title Mac OS X 10.7.x < 10.7.3 Multiple Vulnerabilities (BEAST)
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 51807 CVE ID: CVE-2011-3453 Mac OS是一套运行于苹果的Macintosh系列电脑上的操作系统。 Apple Mac OS X 10.7.3之前版本中存在整数溢出漏洞,可允许远程攻击者通过特制的DNS数据执行任意数据或造成拒绝服务。 0 Apple MacOS X Server 10.7.2 Apple MacOS X Server 10.7.1 Apple MacOS X Server 10.7 Apple MacOS X Server 10.6.8 Apple TV 4.3 Apple TV 4.2 Apple TV 4.1 Apple TV 4.0 厂商补丁: Apple ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://support.apple.com/ |
| id | SSV:30181 |
| last seen | 2017-11-19 |
| modified | 2012-03-10 |
| published | 2012-03-10 |
| reporter | Root |
| title | Apple Mac OS X整数溢出漏洞(CVE-2011-3453) |
References
- http://support.apple.com/kb/HT5130
- http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html
- http://lists.apple.com/archives/security-announce/2012/Mar/msg00002.html
- http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html
- http://www.securitytracker.com/id?1026774
- http://secunia.com/advisories/48288
- http://secunia.com/advisories/48289