Executive Summary

Informations
Name	CVE-2008-0989	First vendor Publication	2008-03-18
Vendor	Cve	Last vendor Modification	2011-03-07

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score	6.9	Attack Range	Local
Cvss Impact Score	10	Attack Complexity	Medium
Cvss Expoit Score	3.4	Authentification	None Required
Calculate full CVSS 2.0 Vectors scores

Security Protection

Impacts

Provides administrator access : Allows complete confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service.

Detail

Format string vulnerability in mDNSResponderHelper in Apple Mac OS X 10.5.2 allows local users to execute arbitrary code via format string specifiers in the local hostname.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0989

CWE : Common Weakness Enumeration

id	Name
CWE-134	Uncontrolled Format String

CPE : Common Platform Enumeration

Type	Description	Count
Os	Apple Mac Os X cpe:/o:apple:mac_os_x:10.5.2	1
Os	Apple Mac Os X Server cpe:/o:apple:mac_os_x_server:10.5.2	1

Open Source Vulnerability Database (OSVDB)

id	Description
43391	Apple Mac OS X mDNSResponderHelper hostname Local Format String

Internal Sources (Detail)

Source	Url
APPLE	http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
BID	http://www.securityfocus.com/bid/28304 http://www.securityfocus.com/bid/28339
CERT	http://www.us-cert.gov/cas/techalerts/TA08-079A.html
CONFIRM	http://docs.info.apple.com/article.html?artnum=307562
SECTRACK	http://www.securitytracker.com/id?1019662
SECUNIA	http://secunia.com/advisories/29420
VUPEN	http://www.vupen.com/english/advisories/2008/0924/references
XF	http://xforce.iss.net/xforce/xfdb/41292

Alert History

Date	Informations
2013-05-11 00:10:13	Multiple Updates