Vulnerabilities > CVE-2011-3453 - Numeric Errors vulnerability in Apple mac OS X and mac OS X Server

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
apple
CWE-189
nessus

Summary

Integer overflow in libresolv in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via crafted DNS data.

Vulnerable Configurations

Part Description Count
OS
Apple
144

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SECUPD2012-001.NASL
    descriptionThe remote host is running a version of Mac OS X 10.6 that does not have Security Update 2012-001 applied. This update contains multiple security-related fixes for the following components : - Apache - ATS - ColorSync - CoreAudio - CoreMedia - CoreText - curl - Data Security - dovecot - filecmds - libresolv - libsecurity - OpenGL - PHP - QuickTime - SquirrelMail - Subversion - Tomcat - X11
    last seen2020-06-01
    modified2020-06-02
    plugin id57798
    published2012-02-02
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/57798
    titleMac OS X Multiple Vulnerabilities (Security Update 2012-001) (BEAST)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_10_7_3.NASL
    descriptionThe remote host is running a version of Mac OS X 10.7.x that is prior to 10.7.3. The newer version contains multiple security-related fixes for the following components : - Address Book - Apache - ATS - CFNetwork - CoreMedia - CoreText - CoreUI - curl - Data Security - dovecot - filecmds - ImageIO - Internet Sharing - Libinfo - libresolv - libsecurity - OpenGL - PHP - QuickTime - Subversion - Time Machine - WebDAV Sharing - Webmail - X11
    last seen2020-06-01
    modified2020-06-02
    plugin id57797
    published2012-02-02
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/57797
    titleMac OS X 10.7.x < 10.7.3 Multiple Vulnerabilities (BEAST)

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 51807 CVE ID: CVE-2011-3453 Mac OS是一套运行于苹果的Macintosh系列电脑上的操作系统。 Apple Mac OS X 10.7.3之前版本中存在整数溢出漏洞,可允许远程攻击者通过特制的DNS数据执行任意数据或造成拒绝服务。 0 Apple MacOS X Server 10.7.2 Apple MacOS X Server 10.7.1 Apple MacOS X Server 10.7 Apple MacOS X Server 10.6.8 Apple TV 4.3 Apple TV 4.2 Apple TV 4.1 Apple TV 4.0 厂商补丁: Apple ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://support.apple.com/
idSSV:30181
last seen2017-11-19
modified2012-03-10
published2012-03-10
reporterRoot
titleApple Mac OS X整数溢出漏洞(CVE-2011-3453)