Mac OS X v10.6.8 Multiple Vulnerabilities (2011-006)

# SPDX-FileCopyrightText: 2011 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.802336");
  script_version("2023-11-02T05:05:26+0000");
  script_tag(name:"last_modification", value:"2023-11-02 05:05:26 +0000 (Thu, 02 Nov 2023)");
  script_tag(name:"creation_date", value:"2011-10-20 08:43:23 +0200 (Thu, 20 Oct 2011)");
  script_cve_id("CVE-2011-0419", "CVE-2011-3192", "CVE-2011-0185", "CVE-2011-3437",
                "CVE-2011-0229", "CVE-2011-0230", "CVE-2011-1910", "CVE-2011-2464",
                "CVE-2009-4022", "CVE-2010-0097", "CVE-2010-3613", "CVE-2010-3614",
                "CVE-2011-0231", "CVE-2011-3246", "CVE-2011-0259", "CVE-2011-0187",
                "CVE-2011-0224", "CVE-2011-0260", "CVE-2011-3212", "CVE-2011-3213",
                "CVE-2011-3214", "CVE-2011-1755", "CVE-2011-3215", "CVE-2011-3216",
                "CVE-2011-3227", "CVE-2011-0707", "CVE-2011-3217", "CVE-2011-3435",
                "CVE-2010-3436", "CVE-2010-4645", "CVE-2011-0420", "CVE-2011-0421",
                "CVE-2011-0708", "CVE-2011-1092", "CVE-2011-1153", "CVE-2011-1466",
                "CVE-2011-1467", "CVE-2011-1468", "CVE-2011-1469", "CVE-2011-1470",
                "CVE-2011-1471", "CVE-2011-0411", "CVE-2010-1634", "CVE-2010-2089",
                "CVE-2011-1521", "CVE-2011-3228", "CVE-2011-0249", "CVE-2011-0250",
                "CVE-2011-0251", "CVE-2011-0252", "CVE-2011-3218", "CVE-2011-3219",
                "CVE-2011-3220", "CVE-2011-3221", "CVE-2011-3222", "CVE-2011-3223",
                "CVE-2011-3225", "CVE-2010-1157", "CVE-2010-2227", "CVE-2010-3718",
                "CVE-2010-4172", "CVE-2011-0013", "CVE-2011-0534", "CVE-2011-3224",
                "CVE-2011-2690", "CVE-2011-2691", "CVE-2011-2692", "CVE-2011-3436",
                "CVE-2011-3226", "CVE-2011-0226");
  script_tag(name:"cvss_base", value:"9.3");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2020-08-06 15:53:00 +0000 (Thu, 06 Aug 2020)");
  script_name("Mac OS X v10.6.8 Multiple Vulnerabilities (2011-006)");
  script_xref(name:"URL", value:"http://support.apple.com/kb/HT1222");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/37118");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/37865");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/39635");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/40370");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/40863");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/41544");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/44723");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/45015");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/45133");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/45137");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/45668");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/46164");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/46174");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/46177");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/46354");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/46365");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/46429");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/46464");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/46767");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/46786");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/46854");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/46967");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/46968");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/46969");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/46970");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/46975");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/46977");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/46992");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/47024");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/47820");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/48007");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/48250");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/48566");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/48618");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/48619");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/48660");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/48993");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/49038");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/49303");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/50067");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/50068");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/50091");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/50092");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/50095");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/50098");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/50099");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/50100");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/50101");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/50109");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/50111");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/50112");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/50113");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/50114");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/50115");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/50116");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/50117");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/50120");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/50121");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/50122");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/50127");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/50129");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/50130");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/50131");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/50144");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/50146");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/50150");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/50153");
  script_xref(name:"URL", value:"http://support.apple.com/kb/HT5000");
  script_xref(name:"URL", value:"http://support.apple.com/kb/HT5002");
  script_xref(name:"URL", value:"http://lists.apple.com/archives/security-announce//2011//Oct//msg00003.html");

  script_copyright("Copyright (C) 2011 Greenbone AG");
  script_category(ACT_GATHER_INFO);
  script_family("Mac OS X Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/osx_name", "ssh/login/osx_version", re:"ssh/login/osx_version=^10\.6\.8");
  script_tag(name:"impact", value:"Successful exploitation could allow attackers to execute arbitrary code in
  the context of the browser, inject scripts, bypass certain security
  restrictions or cause a denial of service condition.");
  script_tag(name:"affected", value:"Apache, Application Firewall, ATS, BIND, Certificate Trust Policy, CFNetwork,
  CoreFoundation, CoreMedia, CoreProcesses, CoreStorage, File Systems,
  iChat Server, IOGraphics, Kernel, libsecurity, Mailman, MediaKit,
  Open Directory, PHP, postfix, python, QuickTime, SMB File Server, Tomcat,
  User Documentation, Web Server and X11.");
  script_tag(name:"insight", value:"Please see the references for more information on the vulnerabilities.");
  script_tag(name:"solution", value:"Run Mac Updates and update the Security Update 2011-006");
  script_tag(name:"summary", value:"This host is missing an important security update according to
  Mac OS X 10.6.8 Update/Mac OS X Security Update 2011-006.");
  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");

  exit(0);
}

include("version_func.inc");
include("pkg-lib-macosx.inc");

osName = get_kb_item("ssh/login/osx_name");
if(!osName)
  exit(0);

osVer = get_kb_item("ssh/login/osx_version");
if(!osVer)
  exit(0);

if("Mac OS X" >< osName)
{
  if(version_is_equal(version:osVer, test_version:"10.6.8"))
  {
    if(isosxpkgvuln(fixed:"com.apple.pkg.update.security.", diff:"2011.006"))
    {
      report = report_fixed_ver(installed_version:osVer, vulnerable_range:"Equal to 10.6.8");
      security_message(port:0, data:report);
      exit(0);
    }
  }
}