Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
NameCVE-2008-0989First vendor Publication2008-03-18
VendorCveLast vendor Modification2011-03-07

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score6.9Attack RangeLocal
Cvss Impact Score10Attack ComplexityMedium
Cvss Expoit Score3.4AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Security Protection

ImpactsProvides administrator access : Allows complete confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service.

Detail

Format string vulnerability in mDNSResponderHelper in Apple Mac OS X 10.5.2 allows local users to execute arbitrary code via format string specifiers in the local hostname.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0989

CWE : Common Weakness Enumeration

idName
CWE-134Uncontrolled Format String (CWE/SANS Top 25)

CPE : Common Platform Enumeration

TypeDescriptionCount
Os1
Os1

OpenVAS Exploits

DateDescription
2012-02-12Name : Gentoo Security Advisory GLSA 201201-05 (mDNSResponder)
File : nvt/glsa_201201_05.nasl
2009-11-17Name : Mac OS X Version
File : nvt/macosx_version.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
43391Apple Mac OS X mDNSResponderHelper hostname Local Format String

Nessus® Vulnerability Scanner

DateDescription
2012-01-23Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201201-05.nasl - Type : ACT_GATHER_INFO
2008-03-19Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_SecUpd2008-002.nasl - Type : ACT_GATHER_INFO

Internal Sources (Detail)

SourceUrl
APPLEhttp://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
BIDhttp://www.securityfocus.com/bid/28304
http://www.securityfocus.com/bid/28339
CERThttp://www.us-cert.gov/cas/techalerts/TA08-079A.html
CONFIRMhttp://docs.info.apple.com/article.html?artnum=307562
SECTRACKhttp://www.securitytracker.com/id?1019662
SECUNIAhttp://secunia.com/advisories/29420
VUPENhttp://www.vupen.com/english/advisories/2008/0924/references
XFhttp://xforce.iss.net/xforce/xfdb/41292

Alert History

If you want to see full details history, please login or register.
0
1
DateInformations
2014-02-17 10:43:53
  • Multiple Updates
2013-05-11 00:10:13
  • Multiple Updates