Return to the 2006 Operating System Vulnerability Summary on OmniNerd

List of hosts

192.168.1.2

High Severity problem(s) found

192.168.1.2

Scan time :

Start time :	Sun Feb 25 20:51:04 2007
End time :	Sun Feb 25 20:56:08 2007

Number of vulnerabilities :

Open ports :	0
Low :	8
Medium :	1
High :	3

Information about the remote host :

Operating system :	Mac OS X 10.4
NetBIOS name :	(unknown)
DNS name :	(unknown)

[^] Back to 192.168.1.2

Port general/udp

Traceroute
For your information, here is the traceroute from 192.168.1.250 to 192.168.1.2 : 192.168.1.250 192.168.1.2 Nessus ID : 10287

[^] Back to 192.168.1.2

Port ntp (123/udp)

NTP read variables

It is possible to determine a lot of information about the remote host
by querying the NTP (Network Time Protocol) variables - these include
OS descriptor, and time settings.

It was possible to gather the following information from the remote NTP host :

version='ntpd 4.1.1@1.786 Sun Mar 20 15:40:56 PST 2005 (1)',
processor='Power Macintosh', system='Darwin8.0.0', leap=3, stratum=16,
precision=-17, rootdelay=0.000, rootdispersion=3.615, peer=0,
refid=0.0.0.0, reftime=0x00000000.00000000, poll=4,
clock=0xc98cada0.8912ec6b, state=0, offset=0.000, frequency=0.000,
jitter=0.008, stability=0.000

Quickfix: Set NTP to restrict default access to ignore all info packets:
restrict default ignore

Risk factor : Low

Nessus ID : 10884

[^] Back to 192.168.1.2

Port general/icmp

Record route
Here is the route recorded between 192.168.1.250 and 192.168.1.2 : 127.0.0.1. Nessus ID : 12264

[^] Back to 192.168.1.2

Port mdns (5353/udp)

mDNS Detection

The remote host is running the RendezVous (also known as ZeroConf or mDNS)
protocol.

This protocol allows anyone to dig information from the remote host, such
as its operating system type and exact version, its hostname, and the list
of services it is running.

We could extract the following information :

Computer name : vea-familys-power-mac-g4-cube.local.
Ethernet addr : 00:30:65:c1:70:42
Computer Type : PowerMac5,1
Operating System : Mac OS X 10.4

Solution : You should filter incoming traffic to this port if you do not use
this protocol.

Risk factor : Low

Nessus ID : 12218

[^] Back to 192.168.1.2

Port general/tcp

Mac OS X < 10.4.8

Synopsis :

The remote host is missing a Mac OS X update which fixes a security
issue.

Description :

The remote host is running a version of Mac OS X 10.4 which is older than
version 10.4.8.

Mac OS X 10.4.8 contains several security fixes for the following
programs :

- CFNetwork
- Flash Player
- ImageIO
- Kernel
- LoginWindow
- Preferences
- QuickDraw Manager
- SASL
- WebCore
- Workgroup Manager

Solution :

Upgrade to Mac OS X 10.4.8 :
http://www.apple.com/support/downloads/macosx1048updateintel.html
http://www.apple.com/support/downloads/macosx1048updateppc.html
http://www.apple.com/support/downloads/macosxserver1048update.html

See also :

http://docs.info.apple.com/article.html?artnum=304460

Risk factor :

High / CVSS Base Score : 7.0
(AV:L/AC:L/Au:NR/C:C/I:C/A:C/B:N)
CVE : CVE-2006-4390, CVE-2006-3311, CVE-2006-3587, CVE-2006-3588, CVE-2006-4640, CVE-2006-4391, CVE-2006-4392, CVE-2006-4397, CVE-2006-4393, CVE-2006-4394, CVE-2006-4387, CVE-2006-4395, CVE-2006-1721, CVE-2006-3946, CVE-2006-4399
BID : 20271

Nessus ID : 22476

Mac OS X < 10.4.7

Synopsis :

The remote host is missing a Mac OS X update which fixes a security
issue.

Description :

The remote host is running a version of Mac OS X 10.4 which is older than
version 10.4.7.

Mac OS X 10.4.7 contains several security fixes for the following
programs :

- AFP server
- ImageIO
- launched
- OpenLDAP

Solution :

Upgrade to Mac OS X 10.4.7 :
http://www.apple.com/support/downloads/macosxupdate1047intel.html
http://www.apple.com/support/downloads/macosxupdate1047ppc.html
http://www.apple.com/support/downloads/macosxserverupdate1047.html

See also :

http://docs.info.apple.com/article.html?artnum=303973

Risk factor :

High / CVSS Base Score : 7.0
(AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:N)
CVE : CVE-2006-1468, CVE-2006-1469, CVE-2006-1470
BID : 18724, 18728, 18731, 18733

Nessus ID : 21763

Mac OS X < 10.4.5

Synopsis :

The remote host is missing a Mac OS X update which fixes a security
issue.

Description :

The remote host is running a version of Mac OS X 10.4 which is older than
version 10.4.5.

Mac OS X 10.4.5 contains several security fixes for a local denial of
service vulnerability. A malicious local user may trigger the vulnerability
by invoking an undocumented system call.

Solution :

Upgrade to Mac OS X 10.4.5 :
http://www.apple.com/support/downloads/macosxupdate1045.html
http://www.apple.com/support/downloads/macosxserver1045.html

See also :

http://docs.info.apple.com/article.html?artnum=61798

Risk factor :

Low / CVSS Base Score : 1.6
(AV:L/AC:L/Au:NR/C:N/I:N/A:P/B:N)
CVE : CVE-2006-0382
BID : 16654

Nessus ID : 20911

Mac OS X < 10.4.3

Synopsis :

The remote host is missing a Mac OS X update which fixes security
issues.

Description :

The remote host is running a version of Mac OS X 10.4 which is older than
version 10.4.3.

Mac OS X 10.4.3 contains several security fixes for :

- Finder
- Sofware Update
- memberd
- KeyChain
- Kernel

Solution :

Upgrade to Mac OS X 10.4.3 :
http://www.apple.com/support/downloads/macosxupdate1043.html
http://www.apple.com/support/downloads/macosxserver1043.html

See also :

http://docs.info.apple.com/article.html?artnum=61798

Risk factor :

Low / CVSS Base Score : 2
(AV:L/AC:L/Au:R/C:P/A:N/I:P/B:N)
BID : 15252

Nessus ID : 20113

Mac OS X < 10.4.2
The remote host is running a version of Mac OS X 10.4 which is older than version 10.4.2. Mac OS X 10.4.2 contains several security fixes for : - TCP/IP - Dashboard Solution : http://docs.info.apple.com/article.html?artnum=301948 Risk factor : Medium CVE : CVE-2005-2194, CVE-2005-1333 BID : 14241 Other references : IAVA:2005-t-0015 Nessus ID : 18683

Mac OS X < 10.4.1
The remote host is running a version of Mac OS X 10.4 which is older than version 10.4.1. Mac OS X 10.4.1 contains several security fixes for : - Bluetooth - Dashboard - Kernel - SecurityAgent Solution : http://docs.info.apple.com/article.html?artnum=301630 Risk factor : High CVE : CVE-2005-1474 BID : 13694, 13695, 13696 Nessus ID : 18353

OS Identification
The remote host is running Mac OS X 10.4 Nessus ID : 11936

Information about the scan

Information about this scan :

Nessus version : 3.0.4
Plugin feed version : 200701101815
Type of plugin feed : Registered (7 days delay)
Scanner IP : 192.168.1.250
Port scanner(s) : nessus_tcp_scanner synscan
Port range : default
Thorough tests : yes
Experimental tests : no
Paranoia level : 0
Report Verbosity : 2
Safe checks : no
Max hosts : 40
Max checks : 5
Scan Start Date : 2007/2/25 20:51
Scan duration : 304 sec

Nessus ID : 19506