检测

Mac OS X < 10.11 多种漏洞 (GHOST)

critical Nessus 插件 ID 86270

语言:

简介

远程主机缺少一个用于修复多种安全漏洞的 Mac OS X 更新。

描述

远程主机正在运行的 Mac OS X 版本为 10.6.8 或更高版本,但低于 10.11.。因此,它受到以下组件中的多种漏洞影响:

- Address Book
 - AirScan
 - apache_mod_php
 - Apple Online Store Kit
 - AppleEvents
 - Audio
 - bash
 - Certificate Trust Policy
 - CFNetwork Cookies
 - CFNetwork FTPProtocol
 - CFNetwork HTTPProtocol
 - CFNetwork Proxies
 - CFNetwork SSL
 - CoreCrypto
 - CoreText
 - Dev Tools
 - Disk Images
 - dyld
 - EFI
 - Finder
 - Game Center
 - Heimdal
 - ICU
 - Install Framework Legacy
 - Intel Graphics Driver
 - IOAudioFamily
 - IOGraphics
 - IOHIDFamily
 - IOStorageFamily
 - Kernel
 - libc
 - libpthread
 - libxpc
 - Login Window
 - lukemftpd
 - Mail
 - Multipeer Connectivity
 - NetworkExtension
 - Notes
 - OpenSSH
 - OpenSSL
 - procmail
 - remote_cmds
 - removefile
 - Ruby
 - Safari
 - Safari Downloads
 - Safari Extensions
 - Safari Safe Browsing
 - Security
 - SMB
 - SQLite
 - Telephony
 - Terminal
 - tidy
 - Time Machine
 - WebKit
 - WebKit CSS
 - WebKit JavaScript Bindings
 - WebKit Page Loading
 - WebKit Plug-ins

请注意,如果成功利用最严重的问题则可能导致执行任意代码。

解决方案

升级到 Mac OS X 10.11 或更高版本。

另见

https://support.apple.com/en-us/HT205267

http://www.nessus.org/u?76b3b492

http://www.nessus.org/u?c7a6ddbd

插件详情

严重性: Critical

ID: 86270

文件名: macosx_10_11.nasl

版本: 1.15

类型: combined

代理: macosx

发布时间: 2015/10/5

最近更新时间: 2019/6/20

支持的传感器: Nessus Agent, Nessus

风险信息

VPR

风险因素: Critical

分数: 9.8

CVSS v2

风险因素: Critical

基本分数: 10

时间分数: 8.7

矢量: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS 分数来源: CVE-2014-6277

CVSS v3

风险因素: Critical

基本分数: 9.8

时间分数: 9.4

矢量: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

时间矢量: CVSS:3.0/E:H/RL:O/RC:C

漏洞信息

CPE: cpe:/o:apple:mac_os_x

可利用: true

易利用性: Exploits are available

补丁发布日期: 2015/9/30

漏洞发布日期: 2013/4/26

可利用的方式

CANVAS (CANVAS)

Core Impact

Metasploit (Mac OS X 10.9.5 / 10.10.5 - rsh/libmalloc Privilege Escalation)

参考资料信息

CVE: CVE-2013-3951, CVE-2014-2532, CVE-2014-3618, CVE-2014-6277, CVE-2014-7186, CVE-2014-7187, CVE-2014-8080, CVE-2014-8090, CVE-2014-8146, CVE-2014-8147, CVE-2014-8611, CVE-2014-9425, CVE-2014-9427, CVE-2014-9652, CVE-2014-9705, CVE-2014-9709, CVE-2015-0231, CVE-2015-0232, CVE-2015-0235, CVE-2015-0273, CVE-2015-0286, CVE-2015-0287, CVE-2015-1351, CVE-2015-1352, CVE-2015-1855, CVE-2015-2301, CVE-2015-2305, CVE-2015-2331, CVE-2015-2348, CVE-2015-2783, CVE-2015-2787, CVE-2015-3329, CVE-2015-3330, CVE-2015-3414, CVE-2015-3415, CVE-2015-3416, CVE-2015-3785, CVE-2015-3801, CVE-2015-5522, CVE-2015-5523, CVE-2015-5764, CVE-2015-5765, CVE-2015-5767, CVE-2015-5780, CVE-2015-5788, CVE-2015-5789, CVE-2015-5790, CVE-2015-5791, CVE-2015-5792, CVE-2015-5793, CVE-2015-5794, CVE-2015-5795, CVE-2015-5796, CVE-2015-5797, CVE-2015-5798, CVE-2015-5799, CVE-2015-5800, CVE-2015-5801, CVE-2015-5802, CVE-2015-5803, CVE-2015-5804, CVE-2015-5805, CVE-2015-5806, CVE-2015-5807, CVE-2015-5808, CVE-2015-5809, CVE-2015-5810, CVE-2015-5811, CVE-2015-5812, CVE-2015-5813, CVE-2015-5814, CVE-2015-5815, CVE-2015-5816, CVE-2015-5817, CVE-2015-5818, CVE-2015-5819, CVE-2015-5820, CVE-2015-5821, CVE-2015-5822, CVE-2015-5823, CVE-2015-5824, CVE-2015-5825, CVE-2015-5826, CVE-2015-5827, CVE-2015-5828, CVE-2015-5830, CVE-2015-5831, CVE-2015-5833, CVE-2015-5836, CVE-2015-5839, CVE-2015-5840, CVE-2015-5841, CVE-2015-5842, CVE-2015-5847, CVE-2015-5849, CVE-2015-5851, CVE-2015-5853, CVE-2015-5854, CVE-2015-5855, CVE-2015-5858, CVE-2015-5860, CVE-2015-5862, CVE-2015-5863, CVE-2015-5864, CVE-2015-5865, CVE-2015-5866, CVE-2015-5867, CVE-2015-5868, CVE-2015-5869, CVE-2015-5870, CVE-2015-5871, CVE-2015-5872, CVE-2015-5873, CVE-2015-5874, CVE-2015-5875, CVE-2015-5876, CVE-2015-5877, CVE-2015-5878, CVE-2015-5879, CVE-2015-5881, CVE-2015-5882, CVE-2015-5883, CVE-2015-5884, CVE-2015-5885, CVE-2015-5887, CVE-2015-5888, CVE-2015-5889, CVE-2015-5890, CVE-2015-5891, CVE-2015-5893, CVE-2015-5894, CVE-2015-5896, CVE-2015-5897, CVE-2015-5899, CVE-2015-5900, CVE-2015-5901, CVE-2015-5902, CVE-2015-5903, CVE-2015-5912, CVE-2015-5913, CVE-2015-5914, CVE-2015-5915, CVE-2015-5917, CVE-2015-5922, CVE-2015-7760, CVE-2015-7761

BID: 60440, 66355, 69573, 70152, 70154, 70165, 70935, 71230, 71621, 71800, 71833, 71929, 71932, 72325, 72505, 72539, 72541, 72611, 72701, 73031, 73037, 73225, 73227, 73306, 73431, 73434, 74204, 74228, 74239, 74240, 74446, 74457, 75037, 76763, 76764, 76765, 76766, 76908, 76909, 76910, 76911, 79707

APPLE-SA: APPLE-SA-2015-09-30-3

CERT: 967332

IAVA: 2014-A-0142