Executive Summary

Informations
Name CVE-2008-0989 First vendor Publication 2008-03-18
Vendor Cve Last vendor Modification 2011-03-07

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 6.9 Attack Range Local
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 3.4 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Security Protection

Impacts Provides administrator access : Allows complete confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service.

Detail

Format string vulnerability in mDNSResponderHelper in Apple Mac OS X 10.5.2 allows local users to execute arbitrary code via format string specifiers in the local hostname.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0989

CWE : Common Weakness Enumeration

idName
CWE-134Uncontrolled Format String

CPE : Common Platform Enumeration

TypeDescriptionCount
Os1
Os1

OpenVAS Exploits

DateDescription
2012-02-12Name : Gentoo Security Advisory GLSA 201201-05 (mDNSResponder)
File : nvt/glsa_201201_05.nasl
2009-11-17Name : Mac OS X Version
File : nvt/macosx_version.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
43391Apple Mac OS X mDNSResponderHelper hostname Local Format String

Nessus® Vulnerability Scanner

DateDescription
2012-01-23Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201201-05.nasl - Type : ACT_GATHER_INFO
2008-03-19Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_SecUpd2008-002.nasl - Type : ACT_GATHER_INFO

Internal Sources (Detail)

SourceUrl
APPLE http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
BID http://www.securityfocus.com/bid/28304
http://www.securityfocus.com/bid/28339
CERT http://www.us-cert.gov/cas/techalerts/TA08-079A.html
CONFIRM http://docs.info.apple.com/article.html?artnum=307562
SECTRACK http://www.securitytracker.com/id?1019662
SECUNIA http://secunia.com/advisories/29420
VUPEN http://www.vupen.com/english/advisories/2008/0924/references
XF http://xforce.iss.net/xforce/xfdb/41292

Alert History

If you want to see full details history, please login or register.
0
1
DateInformations
2014-02-17 10:43:53
  • Multiple Updates
2013-05-11 00:10:13
  • Multiple Updates