Signature Detail

Short Name	HTTP:STC:OSX-UPDATE
Severity	High
Recommended	No
Recommended Action	Drop
Category	HTTP
Keywords	Apple OS X Update Command Execution
Release Date	2011/12/19
Update Number	2049
Supported Platforms	idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: Apple OS X Update Command Execution

This signature detects attempts to exploit a known vulnerability against Apple OS X software update. A successful attack can lead to arbitrary code execution.

Extended Description

Apple Mac OS X is prone to a weakness that may allow attackers to execute arbitrary commands. Successfully exploiting this issue in conjunction with other latent vulnerabilities may allow an attacker to execute arbitrary commands on affected computers, provided that the 'allow-external-scripts' option is enabled.

Affected Products

Apple Mac OS X 10.5
Apple Mac OS X 10.5.1
Apple Mac OS X Server 10.5
Apple Mac OS X Server 10.5.1

References

BugTraq: 26908
CVE: CVE-2007-5863
URL: http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html
URL: http://docs.info.apple.com/article.html?artnum=307179

Signature Detail

Short Name

Severity

Recommended

Recommended Action

Category

Keywords

Release Date

Update Number

Supported Platforms

HTTP: Apple OS X Update Command Execution

Extended Description

Affected Products

References