Executive Summary
This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
| Summary | |
|---|---|
| Title | Apple Updates for Multiple Vulnerabilities |
| Informations | |||
|---|---|---|---|
| Name | TA08-350A | First vendor Publication | 2008-12-15 |
| Vendor | US-CERT | Last vendor Modification | 2008-12-15 |
| Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 10 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Apple has released Security Update 2008-008 and Mac OS X version I. Description Apple Security Update 2008-008 and Apple Mac OS X version 10.5.6 II. Impact The impacts of these vulnerabilities vary. Potential consequences include arbitrary code execution, sensitive information disclosure, denial of service, or privilege escalation. III. Solution Install Apple Security Update 2008-008 or Apple Mac OS X version |
Original Source
| Url : http://www.us-cert.gov/cas/techalerts/TA08-350A.html |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 21 % | CWE-399 | Resource Management Errors |
| 21 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
| 16 % | CWE-264 | Permissions, Privileges, and Access Controls |
| 11 % | CWE-200 | Information Exposure |
| 11 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
| 11 % | CWE-20 | Improper Input Validation |
| 5 % | CWE-287 | Improper Authentication |
| 5 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2010-11-16 | Name : SuSE Update for glibc SUSE-SA:2010:052 File : nvt/gb_suse_2010_052.nasl |
| 2010-06-11 | Name : Mandriva Update for glibc MDVSA-2010:111 (glibc) File : nvt/gb_mandriva_MDVSA_2010_111.nasl |
| 2010-06-11 | Name : Mandriva Update for glibc MDVSA-2010:112 (glibc) File : nvt/gb_mandriva_MDVSA_2010_112.nasl |
| 2010-06-10 | Name : Debian Security Advisory DSA 2058-1 (glibc, eglibc) File : nvt/deb_2058_1.nasl |
| 2010-05-28 | Name : Ubuntu Update for glibc, eglibc vulnerabilities USN-944-1 File : nvt/gb_ubuntu_USN_944_1.nasl |
| 2010-05-12 | Name : Mac OS X 10.5.6 Update / Mac OS X Security Update 2008-008 File : nvt/macosx_upd_10_5_6_secupd_2008-008.nasl |
| 2009-11-17 | Name : Mac OS X Version File : nvt/macosx_version.nasl |
| 2009-03-13 | Name : Gentoo Security Advisory GLSA 200903-23 (netscape-flash) File : nvt/glsa_200903_23.nasl |
| 2008-11-12 | Name : Adobe Flash Player Multiple Vulnerabilities - Nov08 (Linux) File : nvt/gb_adobe_flash_player_mult_vuln_nov08_lin.nasl |
| 2008-11-12 | Name : Adobe Flash Player Multiple Vulnerabilities - Nov08 (Win) File : nvt/gb_adobe_flash_player_mult_vuln_nov08_win.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 53100 | Apple Mac OS X Managed Client Per-host Configuration Setup Installation Unspe... |
| 50984 | Apple Mac OS X Libsystem strptime API Crafted Date String Memory Corruption A memory corruption flaw exists in Mac OS X. The strptime API fails to validate date strings resulting in memory corruption. With a specially crafted date string, an attacker can cause arbitrary code execution resulting in a loss of integrity. |
| 50983 | Apple Mac OS X Kernel Application Dynamically Linked NFS Server Library Local... Mac OS X contains a flaw that may allow a local denial of service. The issue is triggered when running an executable that links dynamic libraries on an NFS share, and will result in loss of availability for the platform. |
| 50982 | Apple Mac OS X Crafted i386_*et_ldt Calls Multiple Local Overflow A buffer overflow exists in Mac OS X. The kernel fails to validate calls to i386_set_ldt and i386_get_ldt resulting in an integer overflow. With a specially designed application, a local user can gain system privileges resulting in a loss of integrity. |
| 50958 | Apple Mac OS X CoreTypes Quarantine Feature Blacklist Bypass Mac OS X contains a flaw that may allow a malicious file to bypass Download Validation. The issue is triggered by file types that are executable, but have no associated programs. It is possible that the flaw may allow malicious programs to be executed resulting in a loss of integrity. |
| 50928 | Apple Mac OS X Apple Type Services PDF File Crafted Embedded Font Infinite Lo... Mac OS X contains a flaw that may allow a local denial of service. The issue is triggered when Apple Type Services fails to validate PDF files, and will result in loss of availability for the application. |
| 50927 | Apple Mac OS X UDF Volume Crafted ISO File Handling DoS Mac OS X contains a flaw that may allow a local denial of service. The issue is triggered when a malformed UDF volume is opened, and will result in loss of availability for the system. |
| 50925 | Apple Mac OS X network_cmds natd Crafted TCP Packet Handling Infinite Loop Re... MAC OS X contains a flaw that may allow a remote denial of service. The issue is triggered by specially crafted TCP packets which are handled by natd, and will result in loss of availability for the service. |
| 50924 | Apple Mac OS X Libsystem inet_net_pton API Unspecified Overflow A buffer overflow exists in Mac OS X. The inet_net_pton API fails to validate application data resulting in an integer overflow. With a specially designed application, a context-dependent attacker can cause arbitrary code execution resulting in a loss of integrity. |
| 50923 | Apple Mac OS X BOM Crafted CPIO Archive Header Handling Overflow A buffer overflow exists in Mac OS X. BOM fails to validate cpio archives resulting in a stack overflow. With a specially crafted archive, a context-dependent attacker can cause arbitrary code execution resulting in a loss of integrity. |
| 50861 | Apple Mac OS X Server Podcast Producer Unspecified Remote Admin Authenticatio... Mac OS X contains a flaw that may allow a malicious user to bypass authentication. The issue is triggered by an unspecified flaw in Podcast Producer. It is possible that the flaw may allow unauthorized access to administrative privileges resulting in a loss of integrity. |
| 49958 | Adobe Flash Player Multiple Unspecified Arbitrary Remote Code Execution |
| 49939 | Apple Safari CoreGraphics Image Color Space Handling Overflow |
| 49790 | Adobe Flash Player ActionScript Attribute Interpretation Unspecified XSS |
| 49785 | Adobe Flash Player Policy File Interpretation Remote Non-root Domain Policy B... |
| 49783 | Adobe Flash Player on Mozilla jar: URL Unspecified Information Disclosure |
| 49781 | Adobe Flash Player on Windows ActiveX Unspecified Information Disclosure |
| 49780 | Adobe Flash Player Unspecified Remote DNS Rebinding Weakness |
| 49753 | Adobe Flash Player HTTP Response Header XSS |
| 47275 | Apple Safari Top Level Domain Cross-Domain Cookie Fixation |
| 43837 | FreeBSD libc strfmon() Multiple Overflows |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2013-01-24 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2008-0980.nasl - Type : ACT_GATHER_INFO |
| 2013-01-24 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2008-0945.nasl - Type : ACT_GATHER_INFO |
| 2010-12-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_glibc-101025.nasl - Type : ACT_GATHER_INFO |
| 2010-10-28 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_glibc-7201.nasl - Type : ACT_GATHER_INFO |
| 2010-10-28 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_glibc-101027.nasl - Type : ACT_GATHER_INFO |
| 2010-10-28 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_glibc-101026.nasl - Type : ACT_GATHER_INFO |
| 2010-10-06 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12641.nasl - Type : ACT_GATHER_INFO |
| 2010-07-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-112.nasl - Type : ACT_GATHER_INFO |
| 2010-06-11 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2058.nasl - Type : ACT_GATHER_INFO |
| 2010-06-09 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-111.nasl - Type : ACT_GATHER_INFO |
| 2010-05-26 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-944-1.nasl - Type : ACT_GATHER_INFO |
| 2009-03-11 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200903-23.nasl - Type : ACT_GATHER_INFO |
| 2008-12-16 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2008-008.nasl - Type : ACT_GATHER_INFO |
| 2008-12-16 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_5_6.nasl - Type : ACT_GATHER_INFO |
| 2008-11-18 | Name : The remote Windows host contains a runtime environment that is affected by mu... File : adobe_air_apsb08-23.nasl - Type : ACT_GATHER_INFO |
| 2008-11-14 | Name : The remote host contains a web browser that is affected by several issues. File : safari_3_2.nasl - Type : ACT_GATHER_INFO |
| 2008-11-14 | Name : The remote host contains a web browser that is affected by several issues. File : macosx_Safari3_2.nasl - Type : ACT_GATHER_INFO |
| 2008-11-11 | Name : The remote Windows host contains a browser plugin that is affected by multipl... File : flash_player_apsb08-20.nasl - Type : ACT_GATHER_INFO |
