cvelistv5 - cve-2008-2310

CVE-2008-2310 (GCVE-0-2008-2310)

Vulnerability from cvelistv5

Published

2008-07-01 18:00

Modified

2024-08-07 08:58

Severity ?

CWE

Summary

References

URL

	Vendor	Product	Version
	n/a	n/a	Version: n/a

ghsa-mx5r-5fpq-f39j

Vulnerability from github

Published

2022-05-01 23:48

Modified

2022-05-01 23:48

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2008-2310"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-134"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-07-01T18:41:00Z",
    "severity": "MODERATE"
  },
  "details": "Format string vulnerability in c++filt in Apple Mac OS X 10.5 before 10.5.4 allows user-assisted attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string in (1) C++ or (2) Java source code.",
  "id": "GHSA-mx5r-5fpq-f39j",
  "modified": "2022-05-01T23:48:48Z",
  "published": "2022-05-01T23:48:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2310"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43494"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/30802"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1020392"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT2163"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/30018"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/1981/references"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

fkie_cve-2008-2310

Vulnerability from fkie_nvd

Published

2008-07-01 18:41

Modified

2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
cve@mitre.org	http://secunia.com/advisories/30802	Vendor Advisory
cve@mitre.org	http://securitytracker.com/id?1020392
cve@mitre.org	http://support.apple.com/kb/HT2163	Patch
cve@mitre.org	http://www.securityfocus.com/bid/30018
cve@mitre.org	http://www.vupen.com/english/advisories/2008/1981/references
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/43494
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30802	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1020392
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT2163	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/30018
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/1981/references
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/43494

Impacted products

Vendor	Product	Version
apple	mac_os_x	*
apple	mac_os_x	10.4.1
apple	mac_os_x	10.4.2
apple	mac_os_x	10.4.3
apple	mac_os_x	10.4.4
apple	mac_os_x	10.4.5
apple	mac_os_x	10.4.6
apple	mac_os_x	10.4.7
apple	mac_os_x	10.4.8
apple	mac_os_x	10.4.9
apple	mac_os_x	10.4.10
apple	mac_os_x	10.4.11
apple	mac_os_x	10.5
apple	mac_os_x	10.5.1
apple	mac_os_x	10.5.2
apple	mac_os_x_server	*
apple	mac_os_x_server	10.4.1
apple	mac_os_x_server	10.4.2
apple	mac_os_x_server	10.4.3
apple	mac_os_x_server	10.4.4
apple	mac_os_x_server	10.4.5
apple	mac_os_x_server	10.4.6
apple	mac_os_x_server	10.4.7
apple	mac_os_x_server	10.4.8
apple	mac_os_x_server	10.4.9
apple	mac_os_x_server	10.4.10
apple	mac_os_x_server	10.4.11
apple	mac_os_x_server	10.5
apple	mac_os_x_server	10.5.1
apple	mac_os_x_server	10.5.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "44248469-2B47-43FC-9B9F-8DBDD6BC9F3C",
              "versionEndIncluding": "10.5.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFD4DE58-46C7-4E69-BF36-C5FD768B8248",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF824694-52DE-44E3-ACAD-60B2A84CD3CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B73A0891-A37A-4E0D-AA73-B18BFD6B1447",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "26AC38AB-D689-4B2B-9DAE-F03F4DFD15BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C580935-0091-4163-B747-750FB7686973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB0F2132-8431-4CEF-9A3D-A69425E3834E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "8719F3C4-F1DE-49B5-9301-22414A2B6F9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "09ED46A8-1739-411C-8807-2A416BDB6DFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.4.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "786BB737-EA99-4EC6-B742-0C35BF2453F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.4.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D089858-3AF9-4B82-912D-AA33F25E3715",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EE39585-CF3B-4493-96D8-B394544C7643",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2442D35-7484-43D8-9077-3FDF63104816",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F3E721C-00CA-4D51-B542-F2BC5C0D65BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3267A41-1AE0-48B8-BD1F-DEC8A212851A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFC987D4-6ABD-4EBB-8C09-CD26FF43033A",
              "versionEndIncluding": "10.5.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x_server:10.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "29644501-54BD-45E9-A6C1-618892CD354F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x_server:10.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A132487-E89F-4D0D-8366-14AFC904811F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x_server:10.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD231103-D7C7-4697-BE90-D67558D6115C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x_server:10.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "BCADAAA0-C885-466C-A122-A94E73EAF817",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x_server:10.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "448DB1C7-7B0C-4076-9B9F-1CDCD5EB6930",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x_server:10.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BE429EF-24D4-453A-8B43-8CCEF5D72773",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x_server:10.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "8AC9692A-CE81-446D-B136-449662C4B9A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x_server:10.4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "504D78AB-5374-48C9-B357-DB6BD2267D2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x_server:10.4.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "3029892E-1375-4F40-83D3-A51BDC4E9840",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x_server:10.4.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "81F8DA6D-2258-4138-8FB2-90BE3C68B230",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "D09D5933-A7D9-4A61-B863-CD8E7D5E67D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x_server:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "20E8648C-5469-4280-A581-D4A9A41B7213",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x_server:10.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "77E8D614-E1EE-42F1-9E55-EA54FB500621",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x_server:10.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C73BED9E-29FB-4965-B38F-013FFE5A9170",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Format string vulnerability in c++filt in Apple Mac OS X 10.5 before 10.5.4 allows user-assisted attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string in (1) C++ or (2) Java source code."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de formato de cadena en c++filt en Apple Mac OS X 10.5 anterior a la v10.5.4, permite a atacantes asistidos por el usuario ejecutar c\u00f3digo de su elecci\u00f3n o provocar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de una cadena manipulada en c\u00f3digo (1) C++ o (2) Java."
    }
  ],
  "id": "CVE-2008-2310",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2008-07-01T18:41:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30802"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1020392"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://support.apple.com/kb/HT2163"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/30018"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/1981/references"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43494"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30802"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1020392"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://support.apple.com/kb/HT2163"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/30018"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/1981/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43494"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vendorComments": [
    {
      "comment": "Not vulnerable.  This issue does not affect the version of c++filt as shipped with binutils in Red Hat Enterprise Linux 3 or 4.  Although this bug is present in the version of c++filt as shipped with binutils in Red Hat Enterprise Linux 5, the format string protection from FORTIFY_SOURCE makes this unexploitable.",
      "lastModified": "2008-07-04T00:00:00",
      "organization": "Red Hat"
    }
  ],
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-134"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTA-2008-AVI-343

Vulnerability from certfr_avis

Plusieurs vulnérablités concernant le système d'exploitation Apple Mac OS X ont été corrigées.

Description

Plusieurs vulnérablités ont été corrigées :

Alias Manager : un alias spécifiquement créé permet l'exécution de code arbitraire ;
CoresTypes : des contenus incertains peuvent être ouverts automatiquement ;
c++filt : une chaine de caratères spécifiquement créée permet l'exécution de code arbitraire ;
Dock : une personne ayant physiquement accès à la machine peut contourner l'écran de verrouillage ;
Launch Services : du code malveillant peut être exécuté via un site Web malveillant ;
Net-SNMP : il est possible de contrefaire un paquet SNMPv3 ;
Ruby : une chaine de caractères ou un tableau spécifiquement créé permet l'exécution de code arbitraire ;
SMB File Server : une trame SMB spécialement réalisée permet l'exécution de code arbitraire ;
System Configuration : un utilisateur local peut exécuter du code arbitraire avec les droits de nouveaux utilisateurs ;
Tomcat : plusieurs vulnérabilités affectent le logiciel dont une permettant des attaques de type Cross Site Scripting ;
VPN : un attaquant peut réaliser un déni de service à distance à l'aide de paquets UDP spécifiquement créés ;
Webkit : du code malveillant peut être exécuté via un site Web malveillant.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Apple Mac OS X versions v10.5.3 et antérieures.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

gsd-2008-2310

Vulnerability from gsd

Modified

2023-12-13 01:23

Details

Aliases

CVE-2008-2310

Aliases

CVE-2008-2310

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2008-2310",
    "description": "Format string vulnerability in c++filt in Apple Mac OS X 10.5 before 10.5.4 allows user-assisted attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string in (1) C++ or (2) Java source code.",
    "id": "GSD-2008-2310"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2008-2310"
      ],
      "details": "Format string vulnerability in c++filt in Apple Mac OS X 10.5 before 10.5.4 allows user-assisted attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string in (1) C++ or (2) Java source code.",
      "id": "GSD-2008-2310",
      "modified": "2023-12-13T01:23:01.340895Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2008-2310",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Format string vulnerability in c++filt in Apple Mac OS X 10.5 before 10.5.4 allows user-assisted attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string in (1) C++ or (2) Java source code."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://support.apple.com/kb/HT2163",
            "refsource": "CONFIRM",
            "url": "http://support.apple.com/kb/HT2163"
          },
          {
            "name": "ADV-2008-1981",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/1981/references"
          },
          {
            "name": "macos-c++filt-format-string(43494)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43494"
          },
          {
            "name": "APPLE-SA-2008-06-30",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html"
          },
          {
            "name": "30802",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/30802"
          },
          {
            "name": "1020392",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1020392"
          },
          {
            "name": "30018",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/30018"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.4.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.4.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.5.3",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.4.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.4.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.4.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.4.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.5.3",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.4.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.4.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.4.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-2310"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Format string vulnerability in c++filt in Apple Mac OS X 10.5 before 10.5.4 allows user-assisted attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string in (1) C++ or (2) Java source code."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-134"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://support.apple.com/kb/HT2163",
              "refsource": "CONFIRM",
              "tags": [
                "Patch"
              ],
              "url": "http://support.apple.com/kb/HT2163"
            },
            {
              "name": "APPLE-SA-2008-06-30",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html"
            },
            {
              "name": "30018",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/30018"
            },
            {
              "name": "1020392",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1020392"
            },
            {
              "name": "30802",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/30802"
            },
            {
              "name": "ADV-2008-1981",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2008/1981/references"
            },
            {
              "name": "macos-c++filt-format-string(43494)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43494"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": true,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2017-08-08T01:30Z",
      "publishedDate": "2008-07-01T18:41Z"
    }
  }
}

Format string vulnerability in c++filt in Apple Mac OS X 10.5 before 10.5.4 allows user-assisted attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string in (1) C++ or (2) Java source code. Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2008-004 and Mac OS X/Mac OS X Server 10.5.4. Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers. ----------------------------------------------------------------------

Want a new job?

http://secunia.com/secunia_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/

International Partner Manager - Project Sales in the IT-Security Industry: http://corporate.secunia.com/about_secunia/64/

TITLE: Apple Mac OS X Security Update Fixes Multiple Vulnerabilities

SECUNIA ADVISORY ID: SA30802

VERIFY ADVISORY: http://secunia.com/advisories/30802/

CRITICAL: Highly critical

IMPACT: Security Bypass, Cross Site Scripting, Spoofing, Exposure of sensitive information, Privilege escalation, DoS, System access

WHERE:

From remote

OPERATING SYSTEM: Apple Macintosh OS X http://secunia.com/product/96/

DESCRIPTION: Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities and a weakness.

1) An unspecified error in the Alias Manager when handling AFP volume mount information in an alias data structure can be exploited to cause a memory corruption and potentially execute arbitrary code.

2) A weakness is caused due to users not being warned before opening certain potentially unsafe content types, e.g. .xht and .xhtm files.

4) An vulnerability in Dock can be exploited by malicious people with physical access to a system to bypass the screen lock when Expos\xe9 hot corners are set.

5) A race condition error exists in Launch Services in the download validation of symbolic links. This can be exploited to execute arbitrary code when a user visits a malicious web site.

Successful exploitation requires that the "Open 'safe' files" option is enabled in Safari.

6) A vulnerability in Net-SNMP can be exploited by malicious people to spoof authenticated SNMPv3 packets.

For more information: SA30574

7) Some vulnerabilities in Ruby can be exploited by malicious people to disclose sensitive information, cause a DoS (Denial of Service), or potentially compromise a vulnerable system.

For more information: SA29232 SA29794

NOTE: Reportedly, the directory traversal issue does not affect Mac OS X.

8) A vulnerability in SMB File Server can be exploited by malicious people to compromise a vulnerable system.

For more information: SA30228

9) It is possible to store malicious files within the User Template directory. This can be exploited to execute arbitrary code with permissions of a new user when his home directory is created using the User Template directory.

10) Some vulnerabilities in Tomcat can be exploited by malicious users to disclose sensitive information and by malicious people to disclose sensitive information or to conduct cross-site scripting attacks.

For more information: SA25678 SA26466 SA27398 SA28878

11) A vulnerability in WebKit can be exploited by malicious people to compromise a user's system. or apply Security Update 2008-004.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200807-0008",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.4.10"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.4.11"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.5.2"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.5.1"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.4.9"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.5"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.4.1"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.4.8"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.4.2"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.4.7"
      },
      {
        "model": "mac os x",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.5.3"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.4.3"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.4.3"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.4.5"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.4.5"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.4.4"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.4.9"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.4.4"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.5.2"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.4.8"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.4.1"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.4.10"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.4.11"
      },
      {
        "model": "mac os x server",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.5.3"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.4.6"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.4.6"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.5"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.4.2"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.5.1"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.4.7"
      },
      {
        "model": "mac os x",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.5.4"
      },
      {
        "model": "mac os x server",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.5.4"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "10.5.3"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "10.5.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.11"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.10"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.9"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.7"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.6"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.5"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.4"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.11"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.10"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.9"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.7"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.6"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5"
      },
      {
        "model": "mac os server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.4"
      },
      {
        "model": "mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.4"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "30018"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001477"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200807-003"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-2310"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:apple:mac_os_x",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:apple:mac_os_x_server",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001477"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Brian MastenbrookAndrew CassellAndrew Mortensen",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200807-003"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2008-2310",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CVE-2008-2310",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-32435",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2008-2310",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2008-2310",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200807-003",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-32435",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-32435"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001477"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200807-003"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-2310"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Format string vulnerability in c++filt in Apple Mac OS X 10.5 before 10.5.4 allows user-assisted attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string in (1) C++ or (2) Java source code. Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2008-004 and Mac OS X/Mac OS X Server 10.5.4. \nAttackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers. ----------------------------------------------------------------------\n\nWant a new job?\n\nhttp://secunia.com/secunia_security_specialist/\nhttp://secunia.com/hardcore_disassembler_and_reverse_engineer/\n\nInternational Partner Manager - Project Sales in the IT-Security\nIndustry:\nhttp://corporate.secunia.com/about_secunia/64/\n\n----------------------------------------------------------------------\n\nTITLE:\nApple Mac OS X Security Update Fixes Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA30802\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/30802/\n\nCRITICAL:\nHighly critical\n\nIMPACT:\nSecurity Bypass, Cross Site Scripting, Spoofing, Exposure of\nsensitive information, Privilege escalation, DoS, System access\n\nWHERE:\n\u003eFrom remote\n\nOPERATING SYSTEM:\nApple Macintosh OS X\nhttp://secunia.com/product/96/\n\nDESCRIPTION:\nApple has issued a security update for Mac OS X, which fixes multiple\nvulnerabilities and a weakness. \n\n1) An unspecified error in the Alias Manager when handling AFP volume\nmount information in an alias data structure can be exploited to cause\na memory corruption and potentially execute arbitrary code. \n\n2) A weakness is caused due to users not being warned before opening\ncertain potentially unsafe content types, e.g. .xht and .xhtm files. \n\n4) An vulnerability in Dock can be exploited by malicious people with\nphysical access to a system to bypass the screen lock when Expos\\xe9 hot\ncorners are set. \n\n5) A race condition error exists in Launch Services in the download\nvalidation of symbolic links. This can be exploited to execute\narbitrary code when a user visits a malicious web site. \n\nSuccessful exploitation requires that the \"Open \u0027safe\u0027 files\" option\nis enabled in Safari. \n\n6) A vulnerability in Net-SNMP can be exploited by malicious people\nto spoof authenticated SNMPv3 packets. \n\nFor more information:\nSA30574\n\n7) Some vulnerabilities in Ruby can be exploited by malicious people\nto disclose sensitive information, cause a DoS (Denial of Service),\nor potentially compromise a vulnerable system. \n\nFor more information:\nSA29232\nSA29794\n\nNOTE: Reportedly, the directory traversal issue does not affect Mac\nOS X. \n\n8) A vulnerability in SMB File Server can be exploited by malicious\npeople to compromise a vulnerable system. \n\nFor more information:\nSA30228\n\n9) It is possible to store malicious files within the User Template\ndirectory. This can be exploited to execute arbitrary code with\npermissions of a new user when his home directory is created using\nthe User Template directory. \n\n10) Some vulnerabilities in Tomcat can be exploited by malicious\nusers to disclose sensitive information and by malicious people to\ndisclose sensitive information or to conduct cross-site scripting\nattacks. \n\nFor more information:\nSA25678\nSA26466\nSA27398\nSA28878\n\n11) A vulnerability in WebKit can be exploited by malicious people to\ncompromise a user\u0027s system. or apply Security Update 2008-004. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2008-2310"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001477"
      },
      {
        "db": "BID",
        "id": "30018"
      },
      {
        "db": "VULHUB",
        "id": "VHN-32435"
      },
      {
        "db": "PACKETSTORM",
        "id": "67844"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2008-2310",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "30018",
        "trust": 2.8
      },
      {
        "db": "SECUNIA",
        "id": "30802",
        "trust": 2.6
      },
      {
        "db": "SECTRACK",
        "id": "1020392",
        "trust": 2.5
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-1981",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001477",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200807-003",
        "trust": 0.7
      },
      {
        "db": "APPLE",
        "id": "APPLE-SA-2008-06-30",
        "trust": 0.6
      },
      {
        "db": "XF",
        "id": "43494",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-32435",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "67844",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-32435"
      },
      {
        "db": "BID",
        "id": "30018"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001477"
      },
      {
        "db": "PACKETSTORM",
        "id": "67844"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200807-003"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-2310"
      }
    ]
  },
  "id": "VAR-200807-0008",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-32435"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T20:45:49.325000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Security Update 2008-004",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/HT2163"
      },
      {
        "title": "Security Update 2008-004",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/HT2163?viewlocale=ja_JP\u0026locale=ja_JP"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001477"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-134",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001477"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-2310"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "http://www.securityfocus.com/bid/30018"
      },
      {
        "trust": 2.5,
        "url": "http://securitytracker.com/id?1020392"
      },
      {
        "trust": 2.5,
        "url": "http://secunia.com/advisories/30802"
      },
      {
        "trust": 2.1,
        "url": "http://support.apple.com/kb/ht2163"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2008//jun/msg00002.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2008/1981/references"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43494"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-2310"
      },
      {
        "trust": 0.8,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-2310"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/43494"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2008/1981/references"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/macosx/"
      },
      {
        "trust": 0.1,
        "url": "http://corporate.secunia.com/about_secunia/64/"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/securityupdate2008004serverppc.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/hardcore_disassembler_and_reverse_engineer/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_specialist/"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/securityupdate2008004intel.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/30574/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/29794/"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/securityupdate2008004ppc.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/macosx1054update.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/27398/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/macosxservercombo1054.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/securityupdate2008004serverintel.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/macosx1054comboupdate.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/macosxserver1054.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/30802/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/29232/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/25678/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/28878/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/30775/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/26466/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/96/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/30228/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-32435"
      },
      {
        "db": "BID",
        "id": "30018"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001477"
      },
      {
        "db": "PACKETSTORM",
        "id": "67844"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200807-003"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-2310"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-32435"
      },
      {
        "db": "BID",
        "id": "30018"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001477"
      },
      {
        "db": "PACKETSTORM",
        "id": "67844"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200807-003"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-2310"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2008-07-01T00:00:00",
        "db": "VULHUB",
        "id": "VHN-32435"
      },
      {
        "date": "2008-06-30T00:00:00",
        "db": "BID",
        "id": "30018"
      },
      {
        "date": "2008-07-15T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2008-001477"
      },
      {
        "date": "2008-07-02T17:42:37",
        "db": "PACKETSTORM",
        "id": "67844"
      },
      {
        "date": "2008-06-30T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200807-003"
      },
      {
        "date": "2008-07-01T18:41:00",
        "db": "NVD",
        "id": "CVE-2008-2310"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-08-08T00:00:00",
        "db": "VULHUB",
        "id": "VHN-32435"
      },
      {
        "date": "2008-07-02T20:00:00",
        "db": "BID",
        "id": "30018"
      },
      {
        "date": "2008-07-15T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2008-001477"
      },
      {
        "date": "2008-09-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200807-003"
      },
      {
        "date": "2024-11-21T00:46:34.937000",
        "db": "NVD",
        "id": "CVE-2008-2310"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200807-003"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple Mac OS X of  c++filt Vulnerable to arbitrary code execution",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001477"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "format string",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200807-003"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2008-2310 (GCVE-0-2008-2310)

Vulnerability from cvelistv5

ghsa-mx5r-5fpq-f39j

Vulnerability from github

fkie_cve-2008-2310

Vulnerability from fkie_nvd

CERTA-2008-AVI-343

Vulnerability from certfr_avis

Description

Solution

gsd-2008-2310

Vulnerability from gsd

var-200807-0008

Vulnerability from variot

Tags

Sightings

Nomenclature