Mac OS X < 10.10 多种漏洞 (POODLE) (Shellshock)
critical Nessus 插件 ID 78550
语言:
简介
远程主机缺少用于修复多种漏洞的 Mac OS X 更新。描述
远程主机正在运行的 Mac OS X 版本低于 10.10。此更新包含若干针对以下组件的安全相关补丁:- 802.1X
- AFP File Server
- apache
- App Sandbox
- Bash
- Bluetooth
- Certificate Trust Policy
- CFPreferences
- CoreStorage
- CUPS
- Dock
- fdesetup
- iCloud Find My Mac
- IOAcceleratorFamily
- IOHIDFamily
- IOKit
- Kernel
- LaunchServices
- LoginWindow
- MCX Desktop Config Profiles
- NetFS Client Framework
- QuickTime
- Safari
- Secure Transport
- Security
- Security - Code Signing
请注意,如果成功利用最严重的问题则可能导致执行任意代码。
解决方案
升级到 Mac OS X 版本 10.10 或更高版本。另见
https://support.apple.com/kb/HT6535
http://www.securityfocus.com/archive/1/533720/30/0/threaded
http://seclists.org/oss-sec/2014/q3/650
https://www.invisiblethreat.ca/post/shellshock/
http://www.nessus.org/u?e40f2f5a
https://www.imperialviolet.org/2014/10/14/poodle.html
https://www.openssl.org/~bodo/ssl-poodle.pdf
https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00
插件详情
严重性: Critical
ID: 78550
文件名: macosx_10_10.nasl
版本: 1.30
类型: combined
代理: macosx
发布时间: 2014/10/17
最近更新时间: 2022/12/5
支持的传感器: Nessus Agent, Nessus
风险信息
VPR
风险因素: Critical
分数: 9.4
CVSS v2
风险因素: Critical
基本分数: 10
时间分数: 8.7
矢量: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS 分数来源: CVE-2014-7169
漏洞信息
CPE: cpe:/o:apple:mac_os_x
可利用: true
易利用性: Exploits are available
补丁发布日期: 2014/10/16
漏洞发布日期: 2013/9/19
CISA 已知可遭利用的漏洞到期日期: 2022/7/28, 2022/8/10
可利用的方式
CANVAS (CANVAS)
Core Impact
Metasploit (Qmail SMTP Bash Environment Variable Injection (Shellshock))
参考资料信息
CVE: CVE-2011-2391, CVE-2013-5150, CVE-2013-6438, CVE-2014-0098, CVE-2014-3537, CVE-2014-3566, CVE-2014-4351, CVE-2014-4364, CVE-2014-4371, CVE-2014-4373, CVE-2014-4375, CVE-2014-4380, CVE-2014-4388, CVE-2014-4391, CVE-2014-4404, CVE-2014-4405, CVE-2014-4407, CVE-2014-4408, CVE-2014-4417, CVE-2014-4418, CVE-2014-4419, CVE-2014-4420, CVE-2014-4421, CVE-2014-4422, CVE-2014-4425, CVE-2014-4426, CVE-2014-4427, CVE-2014-4428, CVE-2014-4430, CVE-2014-4431, CVE-2014-4432, CVE-2014-4433, CVE-2014-4434, CVE-2014-4435, CVE-2014-4436, CVE-2014-4437, CVE-2014-4438, CVE-2014-4439, CVE-2014-4440, CVE-2014-4441, CVE-2014-4442, CVE-2014-4443, CVE-2014-4444, CVE-2014-6271, CVE-2014-7169
BID: 69927, 69928, 69934, 69938, 69939, 69942, 69944, 69946, 69947, 69948, 70103, 70137, 70574, 70616, 70618, 70619, 70620, 70622, 70623, 70624, 62531, 62573, 66303, 68788, 69911, 69912, 69913, 69919, 69924, 70625, 70627, 70628, 70629, 70630, 70631, 70632, 70633, 70635, 70636, 70637, 70638, 70640, 70643, 70894