Mac OS X < 10.10 多個弱點 (POODLE) (Shellshock)
critical Nessus Plugin ID 78550
語系:
概要
遠端主機缺少可修正多個弱點的 Mac OS X 更新。說明
遠端主機執行的 Mac OS X 版本比 10.10 版舊。此項更新包含下列元件的多項安全性相關修正:- 802.1X
- AFP File Server
- apache
- App Sandbox
- Bash
- Bluetooth
- Certificate Trust Policy
- CFPreferences
- CoreStorage
- CUPS
- Dock
- fdesetup
- iCloud Find My Mac
- IOAcceleratorFamily
- IOHIDFamily
- IOKit
- Kernel
- LaunchServices
- LoginWindow
- MCX Desktop Config Profiles
- NetFS Client Framework
- QuickTime
- Safari
- Secure Transport
- Security
- Security - Code Signing
請注意,如果成功惡意利用多數嚴重問題,將會導致任意程式碼執行。
解決方案
升級至 Mac OS X 版本 10.10 或更新版本。另請參閱
https://support.apple.com/kb/HT6535
http://www.securityfocus.com/archive/1/533720/30/0/threaded
http://seclists.org/oss-sec/2014/q3/650
https://www.invisiblethreat.ca/post/shellshock/
http://www.nessus.org/u?e40f2f5a
https://www.imperialviolet.org/2014/10/14/poodle.html
https://www.openssl.org/~bodo/ssl-poodle.pdf
https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00
Plugin 詳細資訊
嚴重性: Critical
ID: 78550
檔案名稱: macosx_10_10.nasl
版本: 1.30
類型: combined
代理程式: macosx
已發布: 2014/10/17
已更新: 2022/12/5
支援的感應器: Nessus Agent, Nessus
風險資訊
VPR
風險因素: Critical
分數: 9.4
CVSS v2
風險因素: Critical
基本分數: 10
時間分數: 8.7
媒介: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS 評分資料來源: CVE-2014-7169
弱點資訊
CPE: cpe:/o:apple:mac_os_x
可被惡意程式利用: true
可輕鬆利用: Exploits are available
修補程式發佈日期: 2014/10/16
弱點發布日期: 2013/9/19
CISA 已知遭惡意利用弱點到期日: 2022/7/28, 2022/8/10
可惡意利用
CANVAS (CANVAS)
Core Impact
Metasploit (Qmail SMTP Bash Environment Variable Injection (Shellshock))
參考資訊
CVE: CVE-2011-2391, CVE-2013-5150, CVE-2013-6438, CVE-2014-0098, CVE-2014-3537, CVE-2014-3566, CVE-2014-4351, CVE-2014-4364, CVE-2014-4371, CVE-2014-4373, CVE-2014-4375, CVE-2014-4380, CVE-2014-4388, CVE-2014-4391, CVE-2014-4404, CVE-2014-4405, CVE-2014-4407, CVE-2014-4408, CVE-2014-4417, CVE-2014-4418, CVE-2014-4419, CVE-2014-4420, CVE-2014-4421, CVE-2014-4422, CVE-2014-4425, CVE-2014-4426, CVE-2014-4427, CVE-2014-4428, CVE-2014-4430, CVE-2014-4431, CVE-2014-4432, CVE-2014-4433, CVE-2014-4434, CVE-2014-4435, CVE-2014-4436, CVE-2014-4437, CVE-2014-4438, CVE-2014-4439, CVE-2014-4440, CVE-2014-4441, CVE-2014-4442, CVE-2014-4443, CVE-2014-4444, CVE-2014-6271, CVE-2014-7169
BID: 69927, 69928, 69934, 69938, 69939, 69942, 69944, 69946, 69947, 69948, 70103, 70137, 70574, 70616, 70618, 70619, 70620, 70622, 70623, 70624, 62531, 62573, 66303, 68788, 69911, 69912, 69913, 69919, 69924, 70625, 70627, 70628, 70629, 70630, 70631, 70632, 70633, 70635, 70636, 70637, 70638, 70640, 70643, 70894