Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.MACOS_10_13_2.NASL
HistoryDec 07, 2017 - 12:00 a.m.

macOS 10.13.x < 10.13.2 Multiple Vulnerabilities (Meltdown)

2017-12-0700:00:00
This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
339

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

0.974 High

EPSS

Percentile

99.9%

JSON

The remote host is running a version of Mac OS X that is 10.13.x prior to 10.13.2. It is, therefore, affected by multiple vulnerabilities in the following components :

  • apache
  • curl
  • Directory Utility
  • IOAcceleratorFamily
  • IOKit
  • Intel Graphics Driver
  • Kernel
  • Mail
  • Mail Drafts
  • OpenSSL
  • Screen Sharing Server

Note that successful exploitation of the most serious issues can result in arbitrary code execution.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(105080);
  script_version("1.12");
  script_cvs_date("Date: 2019/06/19 15:17:43");

  script_cve_id(
    "CVE-2017-1000254",
    "CVE-2017-13847",
    "CVE-2017-13848",
    "CVE-2017-13855",
    "CVE-2017-13858",
    "CVE-2017-13860",
    "CVE-2017-13862",
    "CVE-2017-13865",
    "CVE-2017-13867",
    "CVE-2017-13868",
    "CVE-2017-13869",
    "CVE-2017-13871",
    "CVE-2017-13872",
    "CVE-2017-13875",
    "CVE-2017-13876",
    "CVE-2017-13878",
    "CVE-2017-13883",
    "CVE-2017-13886",
    "CVE-2017-13887",
    "CVE-2017-13892",
    "CVE-2017-13904",
    "CVE-2017-13905",
    "CVE-2017-13911",
    "CVE-2017-15422",
    "CVE-2017-3735",
    "CVE-2017-5754",
    "CVE-2017-7151",
    "CVE-2017-7154",
    "CVE-2017-7155",
    "CVE-2017-7158",
    "CVE-2017-7159",
    "CVE-2017-7162",
    "CVE-2017-7163",
    "CVE-2017-7171",
    "CVE-2017-7172",
    "CVE-2017-7173",
    "CVE-2017-9798"
  );
  script_bugtraq_id(
    100515,
    100872,
    101115,
    101981,
    102097,
    102098,
    102099,
    102100,
    102378,
    103134,
    103135
  );
  script_xref(name:"IAVA", value:"2018-A-0019");

  script_name(english:"macOS 10.13.x < 10.13.2 Multiple Vulnerabilities (Meltdown)");
  script_summary(english:"Checks the version of Mac OS X / macOS.");

  script_set_attribute(attribute:"synopsis", value:
"The remote host is missing a macOS update that fixes multiple security
vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The remote host is running a version of Mac OS X that is 10.13.x
prior to 10.13.2. It is, therefore, affected by multiple
vulnerabilities in the following components :

  - apache
  - curl
  - Directory Utility
  - IOAcceleratorFamily
  - IOKit
  - Intel Graphics Driver
  - Kernel
  - Mail
  - Mail Drafts
  - OpenSSL
  - Screen Sharing Server

Note that successful exploitation of the most serious issues can
result in arbitrary code execution.");
  script_set_attribute(attribute:"see_also", value:"https://support.apple.com/en-us/HT208331");
  script_set_attribute(attribute:"see_also", value:"https://support.apple.com/en-us/HT208394");
  script_set_attribute(attribute:"solution", value:
"Upgrade to macOS version 10.13.2 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-7172");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Mac OS X Root Privilege Escalation');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/12/06");
  script_set_attribute(attribute:"patch_publication_date", value:"2017/12/06");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/12/07");

  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:macos");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"MacOS X Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl", "os_fingerprint.nasl");
  script_require_ports("Host/MacOSX/Version", "Host/OS");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");

os = get_kb_item("Host/MacOSX/Version");
if (!os)
{
  os = get_kb_item_or_exit("Host/OS");
  if ("Mac OS X" >!< os) audit(AUDIT_OS_NOT, "macOS / Mac OS X");

  c = get_kb_item("Host/OS/Confidence");
  if (c <= 70) exit(1, "Can't determine the host's OS with sufficient confidence.");
}
if (!os) audit(AUDIT_OS_NOT, "macOS / Mac OS X");

matches = pregmatch(pattern:"Mac OS X ([0-9]+(\.[0-9]+)+)", string:os);
if (empty_or_null(matches)) exit(1, "Failed to parse the macOS / Mac OS X version ('" + os + "').");

version = matches[1];
fixed_version = "10.13.2";

if (version !~"^10\.13($|[^0-9])")
  audit(AUDIT_OS_NOT, "macOS 10.13.x");

if (ver_compare(ver:version, fix:'10.13.2', strict:FALSE) == -1)
{
  security_report_v4(
    port:0,
    severity:SECURITY_HOLE,
    extra:
      '\n  Installed version : ' + version +
      '\n  Fixed version     : ' + fixed_version +
      '\n'
  );
}
else audit(AUDIT_INST_VER_NOT_VULN, "macOS / Mac OS X", version);
VendorProductVersionCPE
applemac_os_xcpe:/o:apple:mac_os_x
applemacoscpe:/o:apple:macos

References

Related

apple 10
openvas 10
nessus 14
kitploit 1
n0where 1
cvelist 32
nvd 30
cve 28
cert 1
prion 30
zdt 8
cnvd 2
seebug 6
packetstorm 3
exploitpack 1
zdi 5
ibm 3
debian 1
freebsd 1
redhatcve 1
veracode 1
osv 2
alpinelinux 1
fedora 2
amazon 1
archlinux 1
ubuntucve 1
debiancve 1
altlinux 1
apple
apple
About the security content of macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan
2017-12-06 00:00:00
About the security content of macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan - Apple Support
2020-07-27 08:21:38
About the security content of watchOS 4.2 - Apple Support
2018-10-18 06:10:21
openvas
openvas
Apple Mac OS X Security Updates (HT208331, HT208394)-01
2017-12-07 00:00:00
Apple Mac OS X Security Updates (HT208331)-02
2017-12-07 00:00:00
Apple Mac OS X Security Updates (HT208331)-04
2017-12-07 00:00:00
nessus
nessus
macOS and Mac OS X Multiple Vulnerabilities (Security Update 2017-002 and 2017-005)
2017-12-07 00:00:00
Apple TV < 11.2 Multiple Vulnerabilities
2018-01-05 00:00:00
MacOS 10.13 root Authentication Bypass (Security Update 2017-001)
2017-11-28 00:00:00
kitploit
kitploit
Kemon - An Open-Source Pre And Post Callback-Based Framework For macOS Kernel Monitoring
2018-09-30 21:25:00
n0where
n0where
An Open-Source Pre and Post Callback-Based Framework for macOS Kernel Monitoring: Kemon
2018-08-21 18:47:21
cvelist
cvelist
CVE-2017-13868
2017-12-25 21:00:00
CVE-2017-13905
2021-12-23 19:48:22
CVE-2017-13860
2017-12-25 21:00:00
nvd
nvd
CVE-2017-13858
2017-12-25 21:29:14
CVE-2017-13872
2017-11-29 17:29:00
CVE-2017-13887
2019-01-11 18:29:00
cve
cve
CVE-2017-13858
2017-12-25 21:29:14
CVE-2017-13892
2021-12-23 20:15:08
CVE-2017-13865
2017-12-25 21:29:14
cert
cert
Apple MacOS High Sierra disabled account authentication bypass
2017-11-29 00:00:00
prion
prion
Hardcoded credentials
2019-01-11 18:29:00
Code injection
2017-12-25 21:29:00
Out-of-bounds
2017-12-25 21:29:00
zdt
zdt
macOS 10.13 (17A365) - Kernel Memory Disclosure due to Lack of Bounds Checking in AppleIntelCapriCon
2018-01-19 00:00:00
macOS - Kernel Code Execution due to Lack of Bounds Checking in AppleIntelCapriController::GetLinkCo
2017-12-13 00:00:00
macOS / iOS - Multiple Kernel Use-After-Frees due to Incorrect IOKit Object Lifetime Management in I
2017-12-12 00:00:00
cnvd
cnvd
Apple macOS High Sierra Elevation of Privilege Vulnerability
2021-12-27 00:00:00
Apple macOS High Sierra Information Disclosure Vulnerability (CNVD-2022-15495)
2021-12-27 00:00:00
seebug
seebug
MacOS so_pcb type confusion in necp_get_socket_attributes(CVE-2017-13855)
2017-12-15 00:00:00
MacOS kernel code execution due to lack of bounds checking in AppleIntelCapriController::GetLinkConfig(CVE-2017-13875)
2017-12-15 00:00:00
MacOS/iOS multiple kernel UAFs due to incorrect IOKit object lifetime management in IOTimeSyncClockManagerUserClient(CVE-2017-13847)
2017-12-15 00:00:00
packetstorm
packetstorm
macOS necp_get_socket_attributes so_pcb Type Confusion
2017-12-12 00:00:00
macOS getrusage Stack Leak
2017-12-12 00:00:00
macOS process_policy Stack Leak
2018-01-12 00:00:00
exploitpack
exploitpack
Apple macOS High Sierra 10.13 - ctl_ctloutput-leak Information Leak
2017-12-07 00:00:00
zdi
zdi
(Pwn2Own) Apple Safari UIProcess Out-Of-Bounds Access Privilege Escalation Vulnerability
2018-02-07 00:00:00
(Pwn2Own) Apple iOS backboardd Untrusted Pointer Dereference Privilege Escalation Vulnerability
2018-02-07 00:00:00
(Pwn2Own) Apple iOS backboardd Untrusted Pointer Dereference Privilege Escalation Vulnerability
2018-02-07 00:00:00
ibm
ibm
Security Bulletin: Vulnerability in cURL affects IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter Systems (CVE-2017-1000254)
2023-04-14 14:32:25
Security Bulletin: Vulnerability in libcurl affects IBM Chassis Management Module (CVE-2017-1000254)
2019-01-31 02:40:01
Security Bulletin: Vulnerability in cURL affects IBM BladeCenter Advanced Management Module (AMM)
2023-04-14 14:32:25
debian
debian
[SECURITY] [DLA 1121-1] curl security update
2017-10-05 09:39:01
freebsd
freebsd
cURL -- out of bounds read
2017-10-04 00:00:00
redhatcve
redhatcve
CVE-2017-1000254
2019-10-10 10:51:19
veracode
veracode
Out-Of-Bounds Read
2019-05-16 03:21:39
osv
osv
CVE-2017-1000254
2017-10-06 13:29:00
curl - security update
2017-10-05 00:00:00
alpinelinux
alpinelinux
CVE-2017-1000254
2017-10-06 13:29:00
fedora
fedora
[SECURITY] Fedora 27 Update: curl-7.55.1-6.fc27
2017-11-11 03:23:12
[SECURITY] Fedora 27 Update: curl-7.55.1-6.fc27
2017-11-11 13:41:16
amazon
amazon
Medium: curl
2017-11-02 20:18:00
archlinux
archlinux
[ASA-201710-2] curl: denial of service
2017-10-05 00:00:00
ubuntucve
ubuntucve
CVE-2017-1000254
2017-10-04 00:00:00
debiancve
debiancve
CVE-2017-1000254
2017-10-06 13:29:00
altlinux
altlinux
Security fix for the ALT Linux 8 package curl version 7.56.0-alt1
2017-10-04 00:00:00

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

0.974 High

EPSS

Percentile

99.9%

JSON
Related for MACOS_10_13_2.NASL
apple10openvas10nessus14kitploit1n0where1cvelist32nvd30cve28cert1prion30zdt8cnvd2seebug6packetstorm3exploitpack1zdi5ibm3debian1freebsd1redhatcve1veracode1osv2alpinelinux1fedora2amazon1archlinux1ubuntucve1debiancve1altlinux1