Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
NameCVE-2008-3438First vendor Publication2008-08-01
VendorCveLast vendor Modification2008-09-05

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score7.5Attack RangeNetwork
Cvss Impact Score6.4Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Apple Mac OS X does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3438

CAPEC : Common Attack Pattern Enumeration & Classification

idName
CAPEC-184Software Integrity Attacks
CAPEC-185Malicious Software Download
CAPEC-186Malicious Software Update
CAPEC-187Malicious Automated Software Update

CWE : Common Weakness Enumeration

%idName
100 %CWE-94Failure to Control Generation of Code ('Code Injection')

CPE : Common Platform Enumeration

TypeDescriptionCount
Os47

Open Source Vulnerability Database (OSVDB)

idDescription
48324Apple Mac OS X Update Authenticity Verification Weakness

Sources (Detail)

SourceUrl
FULLDISC http://archives.neohapsis.com/archives/bugtraq/2008-07/0250.html
MISC http://www.infobyte.com.ar/down/Francisco%20Amato%20-%20evilgrade%20-%20ENG.pdf

Alert History

If you want to see full details history, please login or register.
0
DateInformations
2013-05-11 00:22:40
  • Multiple Updates