ID de Prueba:	1.3.6.1.4.1.25623.1.0.810930
Categoría:	Mac OS X Local Security Checks
Título:	Apple Mac OS X Multiple Vulnerabilities-02 (Apr 2017)
Resumen:	Apple Mac OS X is prone to multiple vulnerabilities.
Descripción:	Summary: Apple Mac OS X is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws exist due to: - An input validation error exists in Help Viewer's handling of help: URLs. - A buffer overflow exists in the handling of images. - A double free issue exists in the renewal or validation of existing tickets in the KDC process. - A logic issue in the handling of KDC requests may cause an assertion to be triggered. - A logic issue exists in the handling of vfork where the Mach exception handler is not reset in a certain case. - A format string issue exists in the handling of afp:, cifs:, and smb: URLs. - A man-in-the-middle attack in Open Directory. - A character encoding issue exists in Printer Setup's handling of nearby printers. - An integer overflow issue exists in the calculation of page sizes in the cgtexttops CUPS filter. Vulnerability Impact: Successful exploitation will allow attacker to conduct cross-site scripting attack, access sensitive information, cause an unexpected application termination or arbitrary code execution, upload files to arbitrary locations on the filesystem of a user and cause privilege escalation. Affected Software/OS: Apple Mac OS X and Mac OS X Server version 10.6 through 10.6.3 Solution: Upgrade to Apple Mac OS X version 10.6.4 or later. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-1373 http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html BugTraq ID: 40871 http://www.securityfocus.com/bid/40871 http://securitytracker.com/id?1024103 http://secunia.com/advisories/40220 http://www.vupen.com/english/advisories/2010/1481 Common Vulnerability Exposure (CVE) ID: CVE-2010-1816 https://support.apple.com/en-us/HT4188 Common Vulnerability Exposure (CVE) ID: CVE-2010-1320 BugTraq ID: 39599 http://www.securityfocus.com/bid/39599 Bugtraq: 20100420 MITKRB5-SA-2010-004 [CVE-2010-1320] double free in KDC (Google Search) http://www.securityfocus.com/archive/1/510843/100/0/threaded http://securitytracker.com/id?1023904 http://secunia.com/advisories/39656 http://secunia.com/advisories/39784 SuSE Security Announcement: SUSE-SR:2010:010 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html http://www.ubuntu.com/usn/USN-940-1 http://www.vupen.com/english/advisories/2010/1001 http://www.vupen.com/english/advisories/2010/1192 Common Vulnerability Exposure (CVE) ID: CVE-2010-0283 BugTraq ID: 38260 http://www.securityfocus.com/bid/38260 Bugtraq: 20100216 MITKRB5-SA-2010-001 [CVE-2010-0283] krb5-1.7 KDC denial of service (Google Search) http://www.securityfocus.com/archive/1/509553/100/0/threaded http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035222.html http://securitytracker.com/id?1023593 http://secunia.com/advisories/38598 http://secunia.com/advisories/39023 http://www.ubuntu.com/usn/USN-916-1 Common Vulnerability Exposure (CVE) ID: CVE-2010-1821 Common Vulnerability Exposure (CVE) ID: CVE-2010-1376 Common Vulnerability Exposure (CVE) ID: CVE-2010-1377 Common Vulnerability Exposure (CVE) ID: CVE-2010-1379 Common Vulnerability Exposure (CVE) ID: CVE-2010-1380
Copyright	Copyright (C) 2017 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.