Mac OS X v10.6.8 Multiple Vulnerabilities (2011-006)

Published: 2011-10-20 06:43:23
CVE Author: NIST National Vulnerability Database

CVSS Base Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact:
Successful exploitation could allow attackers to execute arbitrary code in the context of the browser, inject scripts, bypass certain security restrictions or cause a denial of service condition.

Affected Versions:
Apache, Application Firewall, ATS, BIND, Certificate Trust Policy, CFNetwork, CoreFoundation, CoreMedia, CoreProcesses, CoreStorage, File Systems, iChat Server, IOGraphics, Kernel, libsecurity, Mailman, MediaKit, Open Directory, PHP, postfix, python, QuickTime, SMB File Server, Tomcat, User Documentation, Web Server and X11.

Technical Details:
Please see the references for more information on the vulnerabilities.

Recommendations:
Run Mac Updates and update the Security Update 2011-006

Summary:
This host is missing an important security update according to Mac OS X 10.6.8 Update/Mac OS X Security Update 2011-006.

Detection Type:
Linux Distribution Package

Solution Type:
Vendor Patch

NIST (National Institute of Standards and Technology) NVD (National Vulnerability Database)

https://nvd.nist.gov/vuln/detail/CVE-2011-0419
https://nvd.nist.gov/vuln/detail/CVE-2011-3192
https://nvd.nist.gov/vuln/detail/CVE-2011-0185
https://nvd.nist.gov/vuln/detail/CVE-2011-3437
https://nvd.nist.gov/vuln/detail/CVE-2011-0229
https://nvd.nist.gov/vuln/detail/CVE-2011-0230
https://nvd.nist.gov/vuln/detail/CVE-2011-1910
https://nvd.nist.gov/vuln/detail/CVE-2011-2464
https://nvd.nist.gov/vuln/detail/CVE-2009-4022
https://nvd.nist.gov/vuln/detail/CVE-2010-0097
https://nvd.nist.gov/vuln/detail/CVE-2010-3613
https://nvd.nist.gov/vuln/detail/CVE-2010-3614
https://nvd.nist.gov/vuln/detail/CVE-2011-0231
https://nvd.nist.gov/vuln/detail/CVE-2011-3246
https://nvd.nist.gov/vuln/detail/CVE-2011-0259
https://nvd.nist.gov/vuln/detail/CVE-2011-0187
https://nvd.nist.gov/vuln/detail/CVE-2011-0224
https://nvd.nist.gov/vuln/detail/CVE-2011-0260
https://nvd.nist.gov/vuln/detail/CVE-2011-3212
https://nvd.nist.gov/vuln/detail/CVE-2011-3213
https://nvd.nist.gov/vuln/detail/CVE-2011-3214
https://nvd.nist.gov/vuln/detail/CVE-2011-1755
https://nvd.nist.gov/vuln/detail/CVE-2011-3215
https://nvd.nist.gov/vuln/detail/CVE-2011-3216
https://nvd.nist.gov/vuln/detail/CVE-2011-3227
https://nvd.nist.gov/vuln/detail/CVE-2011-0707
https://nvd.nist.gov/vuln/detail/CVE-2011-3217
https://nvd.nist.gov/vuln/detail/CVE-2011-3435
https://nvd.nist.gov/vuln/detail/CVE-2010-3436
https://nvd.nist.gov/vuln/detail/CVE-2010-4645
https://nvd.nist.gov/vuln/detail/CVE-2011-0420
https://nvd.nist.gov/vuln/detail/CVE-2011-0421
https://nvd.nist.gov/vuln/detail/CVE-2011-0708
https://nvd.nist.gov/vuln/detail/CVE-2011-1092
https://nvd.nist.gov/vuln/detail/CVE-2011-1153
https://nvd.nist.gov/vuln/detail/CVE-2011-1466
https://nvd.nist.gov/vuln/detail/CVE-2011-1467
https://nvd.nist.gov/vuln/detail/CVE-2011-1468
https://nvd.nist.gov/vuln/detail/CVE-2011-1469
https://nvd.nist.gov/vuln/detail/CVE-2011-1470
https://nvd.nist.gov/vuln/detail/CVE-2011-1471
https://nvd.nist.gov/vuln/detail/CVE-2011-0411
https://nvd.nist.gov/vuln/detail/CVE-2010-1634
https://nvd.nist.gov/vuln/detail/CVE-2010-2089
https://nvd.nist.gov/vuln/detail/CVE-2011-1521
https://nvd.nist.gov/vuln/detail/CVE-2011-3228
https://nvd.nist.gov/vuln/detail/CVE-2011-0249
https://nvd.nist.gov/vuln/detail/CVE-2011-0250
https://nvd.nist.gov/vuln/detail/CVE-2011-0251
https://nvd.nist.gov/vuln/detail/CVE-2011-0252
https://nvd.nist.gov/vuln/detail/CVE-2011-3218
https://nvd.nist.gov/vuln/detail/CVE-2011-3219
https://nvd.nist.gov/vuln/detail/CVE-2011-3220
https://nvd.nist.gov/vuln/detail/CVE-2011-3221
https://nvd.nist.gov/vuln/detail/CVE-2011-3222
https://nvd.nist.gov/vuln/detail/CVE-2011-3223
https://nvd.nist.gov/vuln/detail/CVE-2011-3225
https://nvd.nist.gov/vuln/detail/CVE-2010-1157
https://nvd.nist.gov/vuln/detail/CVE-2010-2227
https://nvd.nist.gov/vuln/detail/CVE-2010-3718
https://nvd.nist.gov/vuln/detail/CVE-2010-4172
https://nvd.nist.gov/vuln/detail/CVE-2011-0013
https://nvd.nist.gov/vuln/detail/CVE-2011-0534
https://nvd.nist.gov/vuln/detail/CVE-2011-3224
https://nvd.nist.gov/vuln/detail/CVE-2011-2690
https://nvd.nist.gov/vuln/detail/CVE-2011-2691
https://nvd.nist.gov/vuln/detail/CVE-2011-2692
https://nvd.nist.gov/vuln/detail/CVE-2011-3436
https://nvd.nist.gov/vuln/detail/CVE-2011-3226
https://nvd.nist.gov/vuln/detail/CVE-2011-0226

SecurityFocus Bugtraq ID:

https://www.securityfocus.com/bid/47820
https://www.securityfocus.com/bid/49303
https://www.securityfocus.com/bid/50092
https://www.securityfocus.com/bid/50112
https://www.securityfocus.com/bid/50091
https://www.securityfocus.com/bid/50099
https://www.securityfocus.com/bid/48007
https://www.securityfocus.com/bid/48566
https://www.securityfocus.com/bid/37118
https://www.securityfocus.com/bid/37865
https://www.securityfocus.com/bid/45133
https://www.securityfocus.com/bid/45137
https://www.securityfocus.com/bid/50098
https://www.securityfocus.com/bid/50115
https://www.securityfocus.com/bid/50067
https://www.securityfocus.com/bid/46992
https://www.securityfocus.com/bid/50095
https://www.securityfocus.com/bid/50120
https://www.securityfocus.com/bid/50109
https://www.securityfocus.com/bid/50116
https://www.securityfocus.com/bid/50111
https://www.securityfocus.com/bid/48250
https://www.securityfocus.com/bid/50113
https://www.securityfocus.com/bid/50121
https://www.securityfocus.com/bid/50129
https://www.securityfocus.com/bid/46464
https://www.securityfocus.com/bid/50117
https://www.securityfocus.com/bid/50114
https://www.securityfocus.com/bid/50146
https://www.securityfocus.com/bid/50153
https://www.securityfocus.com/bid/48619
https://www.securityfocus.com/bid/48660
https://www.securityfocus.com/bid/48618
https://www.securityfocus.com/bid/44723
https://www.securityfocus.com/bid/45668
https://www.securityfocus.com/bid/46429
https://www.securityfocus.com/bid/46354
https://www.securityfocus.com/bid/46365
https://www.securityfocus.com/bid/46786
https://www.securityfocus.com/bid/46854
https://www.securityfocus.com/bid/46967
https://www.securityfocus.com/bid/46968
https://www.securityfocus.com/bid/46977
https://www.securityfocus.com/bid/46970
https://www.securityfocus.com/bid/46969
https://www.securityfocus.com/bid/46975
https://www.securityfocus.com/bid/46767
https://www.securityfocus.com/bid/40370
https://www.securityfocus.com/bid/40863
https://www.securityfocus.com/bid/47024
https://www.securityfocus.com/bid/50127
https://www.securityfocus.com/bid/48993
https://www.securityfocus.com/bid/49038
https://www.securityfocus.com/bid/50122
https://www.securityfocus.com/bid/50068
https://www.securityfocus.com/bid/50130
https://www.securityfocus.com/bid/50131
https://www.securityfocus.com/bid/50100
https://www.securityfocus.com/bid/50101
https://www.securityfocus.com/bid/50144
https://www.securityfocus.com/bid/39635
https://www.securityfocus.com/bid/41544
https://www.securityfocus.com/bid/46177
https://www.securityfocus.com/bid/45015
https://www.securityfocus.com/bid/46174
https://www.securityfocus.com/bid/46164
https://www.securityfocus.com/bid/50150

References:

http://support.apple.com/kb/HT1222
http://support.apple.com/kb/HT5000
http://support.apple.com/kb/HT5002
http://lists.apple.com/archives/security-announce//2011//Oct//msg00003.html

Severity
High
CVSS Score
9.3
Published
2011-10-20
Modified
2019-03-19
Category
Mac OS X Local Security Checks

Free Vulnerability Scanning, Assessment and Management

Mageni's Platform is packed with all the features you need to scan, assess and manage vulnerabilities like this - it is free, open source, lightning fast, reliable and scalable.

Router
Servers
Laptop
Database
Group
Cloud

Frequently Asked Questions

No, you can scan concurrently as many assets as you want. Please note that you must be aware of the hardware requeriments of the platform to ensure a good performance.

No, you can add as many assest as you want. It doesn't matters if you have millions of assets, we won't charge you for that.

No. The software is completely free. We have no intention to charge you to use the software, in fact - it completely goes against our beliefs and business model.

A vulnerability is defined in the ISO 27002 standard as “A weakness of an asset or group of assets that can be exploited by one or more threats” (International Organization for Standardization, 2005)

We generate revenue by providing support and other services for customers that require a subscription so they get guaranteed support and enterprise services. To use Mageni's Platform is completely free, with no limits at all.

Yes. Mageni understands that there are professionals and businesses that need commercial support so Mageni provides an active support subscription with everything needed to run Mageni's Platform reliably and securely. More than software, it's access to security experts, knowledge resources, security updates, and support tools you can't get anywhere else. The subscription includes:

  • Ongoing delivery
    • Patches
    • Bug fixes
    • Updates
    • Upgrades
  • Technical support
    • 24/7 availability
    • Unlimited Incidents
    • Specialty-based routing
    • Multi-Channel
  • Commitments
    • Software certifications
    • Software assurance
    • SLA

No, we don't store the information of your vulnerabilities in our servers.

Vulnerability management is the process in which vulnerabilities in IT are identified and the risks of these vulnerabilities are evaluated. This evaluation leads to correcting the vulnerabilities and removing the risk or a formal risk acceptance by the management of an organization. The term vulnerability management is often confused with vulnerability scanning. Despite the fact both are related, there is an important difference between the two. Vulnerability scanning consists of using a computer program to identify vulnerabilities in networks, computer infrastructure or applications. Vulnerability management is the process surrounding vulnerability scanning, also taking into account other aspects such as risk acceptance, remediation etc. Source: "Implementing a Vulnerability Management Process". SANS Institute.

I am ready to start scanning for vulnerabilities