var-200712-0596
Vulnerability from variot
The cs_validate_page function in bsd/kern/ubc_subr.c in the xnu kernel 1228.0 and earlier in Apple Mac OS X 10.5.1 allows local users to cause a denial of service (failed assertion and system crash) via a crafted signed Mach-O binary that causes the hashes function to return NULL. Mac OS X is prone to a denial-of-service vulnerability.
I. Further details are available in the US-CERT Vulnerability Notes Database.
II.
III. These and other updates are available via Software Update or via Apple Downloads.
IV. Please send email to cert@cert.org with "TA08-150A Feedback VU#566875" in the subject.
For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.
Produced 2008 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
Revision History
May 29 2008: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBSD8M8XIHljM+H4irAQL8gggAhPXOm6pPXxrZpjiJYHmlhwCCIclyj9vo Yvs/cicI8vJ3vB4xkUd51/iFoze6D3mFnSxwVAgrixysdkaCxBUyWqmRumEDTXfx 403FR2yIFpSFr7+9VXXWpmq6E0aHVjrKPOArq5uysuIPOHiEbKUisT2gBXUlPrtN RjUg/w/9/IEryPxv/nVzHMcLDde2OLyoo+tiSCOqJK/sC/VUM/d1zkdIDOfu0zom vmqM10hDyA7VR2rgkKvSbqXOWHua0t4eHaNMP0h3N51yLmFhMHxBGj9zWXj9dpHI DcQ9gnQKm7YocOfLC4IPV0BWuPoAkNOEAPeRapPgmJ60icjOpn/MTQ== =QvSr -----END PGP SIGNATURE----- . ----------------------------------------------------------------------
Secunia Network Software Inspector 2.0 (NSI) - Public Beta
The Public Beta has ended. Thanks to all that participated.
Learn more: http://secunia.com/network_software_inspector_2/
TITLE: Apple Mac OS X Security Update Fixes Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA30430
VERIFY ADVISORY: http://secunia.com/advisories/30430/
CRITICAL: Highly critical
IMPACT: Security Bypass, Cross Site Scripting, Exposure of system information, Exposure of sensitive information, Privilege escalation, DoS, System access
WHERE:
From remote
REVISION: 1.1 originally posted 2008-05-29
OPERATING SYSTEM: Apple Macintosh OS X http://secunia.com/product/96/
DESCRIPTION: Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities.
1) An error in AFP server allows connected users or guests to access files and directories that are not within a shared directory.
2) Some vulnerabilities in Apache can be exploited by malicious people to conduct cross-site scripting attacks or to cause a DoS (Denial of Service).
3) An unspecified error in AppKit can potentially be exploited to execute arbitrary code when a user opens a specially crafted document file with an editor that uses AppKit (e.g. TextEdit).
4) Multiple unspecified errors exist in the processing of Pixlet video files. These can be exploited to cause memory corruption and potentially allow for execution of arbitrary code when a user opens a specially crafted movie file.
5) An unspecified error exists in Apple Type Services when processing embedded fonts in PDF files. This can be exploited to cause a memory corruption when a PDF file containing a specially crafted embedded font is printed.
Successful exploitation may allow execution of arbitrary code.
6) An error in Safari's SSL client certificate handling can lead to an information disclosure of the first client certificate found in the keychain when a web server issues a client certificate request.
7) An integer overflow exists in CoreFoundation when handling CFData objects. This can be exploited to cause a heap-based buffer overflow if an application calls "CFDataReplaceBytes" with an invalid "length" argument.
8) An error due to an uninitialised variable in CoreGraphics can potentially be exploited to execute arbitrary code when a specially crafted PDF is opened.
9) A weakness is caused due to users not being warned before opening certain potentially unsafe content types.
10) An error when printing to password-protected printers with debug logging enabled may lead to the disclosure of sensitive information.
11) Some vulnerabilities in Adobe Flash Player can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, or to potentially compromise a user's system.
For more information: SA28083
12) An integer underflow error in Help Viewer when handling help:topic URLs can be exploited to cause a buffer overflow when a specially crafted help:topic URL is accessed.
Successful exploitation may allow execution of arbitrary code.
13) A conversion error exists in ICU when handling certain character encodings. This can potentially be exploited bypass content filters and may lead to cross-site scripting and disclosure of sensitive information.
14) Input passed to unspecified parameters in Image Capture's embedded web server is not properly sanitised before being used. This can be exploited to disclose the content of local files via directory traversal attacks.
15) An error in the handling of temporary files in Image Capture can be exploited by malicious, local users to manipulate files with the privilege of a user running Image Capture.
16) A boundary error in the BMP and GIF image decoding engine in ImageIO can be exploited to disclose content in memory.
17) Some vulnerabilities in ImageIO can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerabilities are caused due to the use of vulnerable libpng code.
For more information: SA27093 SA27130
18) An integer overflow error in ImageIO within the processing of JPEG2000 images can be exploited to cause a heap-based buffer overflow when a specially crafted JPEG2000 image is viewed.
Successful exploitation of this vulnerability may allow execution of arbitrary code.
19) An error in Mail is caused due to an uninitialised variable and can lead to disclosure of sensitive information and potentially execution of arbitrary code when mail is sent through an SMTP server over IPv6.
20) A vulnerability in Mongrel can be exploited by malicious people to disclose sensitive information.
For more information: SA28323
21) The sso_util command-line tool requires that passwords be passed to it in its arguments, which can be exploited by malicious, local users to disclose the passwords.
22) An error in Wiki Server can be exploited to determine valid local user names when nonexistent blogs are accessed.
Security Update 2008-003 (PPC): http://www.apple.com/support/downloads/securityupdate2008003ppc.html
Security Update 2008-003 Server (PPC): http://www.apple.com/support/downloads/securityupdate2008003serverppc.html
Security Update 2008-003 Server (Universal): http://www.apple.com/support/downloads/securityupdate2008003serveruniversal.html
Security Update 2008-003 (Intel): http://www.apple.com/support/downloads/securityupdate2008003intel.html
Mac OS X 10.5.3 Combo Update: http://www.apple.com/support/downloads/macosx1053comboupdate.html
Mac OS X 10.5.3 Update: http://www.apple.com/support/downloads/macosx1053update.html
Mac OS X Server 10.5.3 Combo Update: http://www.apple.com/support/downloads/macosxserver1053comboupdate.html
Mac OS X Server 10.5.3 Update: http://www.apple.com/support/downloads/macosxserver1053update.html
PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Alex deVries and Robert Rich 3) Rosyna of Unsanity 5) Melissa O'Neill, Harvey Mudd College 9) Brian Mastenbrook 12) Paul Haddad, PTH Consulting 16) Gynvael Coldwind, Hispasec 19) Derek Morr, Pennsylvania State University 21) Geoff Franks, Hauptman Woodward Institute 22) Don Rainwater, University of Cincinnati
CHANGELOG: 2008-05-29: Added links to Mac OS X 10.5.3 in "Solution" section.
ORIGINAL ADVISORY: http://support.apple.com/kb/HT1897
OTHER REFERENCES: SA18008: http://secunia.com/advisories/18008/
SA18307: http://secunia.com/advisories/18307/
SA26273: http://secunia.com/advisories/26273/
SA26636: http://secunia.com/advisories/26636/
SA27093: http://secunia.com/advisories/27093/
SA27130: http://secunia.com/advisories/27130/
SA28081: http://secunia.com/advisories/28081/
SA28083: http://secunia.com/advisories/28083/
SA28323: http://secunia.com/advisories/28323/
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
.
2003: 2,700 advisories published 2004: 3,100 advisories published 2005: 4,600 advisories published 2006: 5,300 advisories published
How do you know which Secunia advisories are important to you?
The Secunia Vulnerability Intelligence Solutions allows you to filter and structure all the information you need, so you can address issues effectively.
The vulnerability is caused due to an error in the handling of return values of "hashes()" in the "cs_validate_page()" function when processing signed Mach-O binaries and can be exploited to cause a system panic. Other versions may also be affected.
SOLUTION: Grant only trusted users access to affected systems
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200712-0596",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.5.1"
},
{
"model": "mac os x",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "v10.5.3"
},
{
"model": "mac os x server",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "v10.5.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.1"
}
],
"sources": [
{
"db": "BID",
"id": "81529"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001407"
},
{
"db": "NVD",
"id": "CVE-2007-6359"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:apple:mac_os_x",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:mac_os_x_server",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-001407"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "81529"
}
],
"trust": 0.3
},
"cve": "CVE-2007-6359",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2007-6359",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "VHN-29721",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2007-6359",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2007-6359",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200712-403",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-29721",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-29721"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001407"
},
{
"db": "CNNVD",
"id": "CNNVD-200712-403"
},
{
"db": "NVD",
"id": "CVE-2007-6359"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The cs_validate_page function in bsd/kern/ubc_subr.c in the xnu kernel 1228.0 and earlier in Apple Mac OS X 10.5.1 allows local users to cause a denial of service (failed assertion and system crash) via a crafted signed Mach-O binary that causes the hashes function to return NULL. Mac OS X is prone to a denial-of-service vulnerability. \n\nI. Further\n details are available in the US-CERT Vulnerability Notes Database. \n\nII. \n\nIII. These and other updates are available via Software Update or\n via Apple Downloads. \n\nIV. Please send\n email to \u003ccert@cert.org\u003e with \"TA08-150A Feedback VU#566875\" in the\n subject. \n _________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n _________________________________________________________________\n\n Produced 2008 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\n Revision History\n\n May 29 2008: Initial release\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.2.1 (GNU/Linux)\n\niQEVAwUBSD8M8XIHljM+H4irAQL8gggAhPXOm6pPXxrZpjiJYHmlhwCCIclyj9vo\nYvs/cicI8vJ3vB4xkUd51/iFoze6D3mFnSxwVAgrixysdkaCxBUyWqmRumEDTXfx\n403FR2yIFpSFr7+9VXXWpmq6E0aHVjrKPOArq5uysuIPOHiEbKUisT2gBXUlPrtN\nRjUg/w/9/IEryPxv/nVzHMcLDde2OLyoo+tiSCOqJK/sC/VUM/d1zkdIDOfu0zom\nvmqM10hDyA7VR2rgkKvSbqXOWHua0t4eHaNMP0h3N51yLmFhMHxBGj9zWXj9dpHI\nDcQ9gnQKm7YocOfLC4IPV0BWuPoAkNOEAPeRapPgmJ60icjOpn/MTQ==\n=QvSr\n-----END PGP SIGNATURE-----\n. ----------------------------------------------------------------------\n\nSecunia Network Software Inspector 2.0 (NSI) - Public Beta\n\nThe Public Beta has ended. Thanks to all that participated. \n\nLearn more:\nhttp://secunia.com/network_software_inspector_2/\n\n----------------------------------------------------------------------\n\nTITLE:\nApple Mac OS X Security Update Fixes Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA30430\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/30430/\n\nCRITICAL:\nHighly critical\n\nIMPACT:\nSecurity Bypass, Cross Site Scripting, Exposure of system\ninformation, Exposure of sensitive information, Privilege escalation,\nDoS, System access\n\nWHERE:\n\u003eFrom remote\n\nREVISION:\n1.1 originally posted 2008-05-29\n\nOPERATING SYSTEM:\nApple Macintosh OS X\nhttp://secunia.com/product/96/\n\nDESCRIPTION:\nApple has issued a security update for Mac OS X, which fixes multiple\nvulnerabilities. \n\n1) An error in AFP server allows connected users or guests to access\nfiles and directories that are not within a shared directory. \n\n2) Some vulnerabilities in Apache can be exploited by malicious\npeople to conduct cross-site scripting attacks or to cause a DoS\n(Denial of Service). \n\n3) An unspecified error in AppKit can potentially be exploited to\nexecute arbitrary code when a user opens a specially crafted document\nfile with an editor that uses AppKit (e.g. TextEdit). \n\n4) Multiple unspecified errors exist in the processing of Pixlet\nvideo files. These can be exploited to cause memory corruption and\npotentially allow for execution of arbitrary code when a user opens a\nspecially crafted movie file. \n\n5) An unspecified error exists in Apple Type Services when processing\nembedded fonts in PDF files. This can be exploited to cause a memory\ncorruption when a PDF file containing a specially crafted embedded\nfont is printed. \n\nSuccessful exploitation may allow execution of arbitrary code. \n\n6) An error in Safari\u0027s SSL client certificate handling can lead to\nan information disclosure of the first client certificate found in\nthe keychain when a web server issues a client certificate request. \n\n7) An integer overflow exists in CoreFoundation when handling CFData\nobjects. This can be exploited to cause a heap-based buffer overflow\nif an application calls \"CFDataReplaceBytes\" with an invalid \"length\"\nargument. \n\n8) An error due to an uninitialised variable in CoreGraphics can\npotentially be exploited to execute arbitrary code when a specially\ncrafted PDF is opened. \n\n9) A weakness is caused due to users not being warned before opening\ncertain potentially unsafe content types. \n\n10) An error when printing to password-protected printers with debug\nlogging enabled may lead to the disclosure of sensitive information. \n\n11) Some vulnerabilities in Adobe Flash Player can be exploited by\nmalicious people to bypass certain security restrictions, conduct\ncross-site scripting attacks, or to potentially compromise a user\u0027s\nsystem. \n\nFor more information:\nSA28083\n\n12) An integer underflow error in Help Viewer when handling\nhelp:topic URLs can be exploited to cause a buffer overflow when a \nspecially crafted help:topic URL is accessed. \n\nSuccessful exploitation may allow execution of arbitrary code. \n\n13) A conversion error exists in ICU when handling certain character\nencodings. This can potentially be exploited bypass content filters\nand may lead to cross-site scripting and disclosure of sensitive\ninformation. \n\n14) Input passed to unspecified parameters in Image Capture\u0027s\nembedded web server is not properly sanitised before being used. This\ncan be exploited to disclose the content of local files via directory\ntraversal attacks. \n\n15) An error in the handling of temporary files in Image Capture can\nbe exploited by malicious, local users to manipulate files with the\nprivilege of a user running Image Capture. \n\n16) A boundary error in the BMP and GIF image decoding engine in\nImageIO can be exploited to disclose content in memory. \n\n17) Some vulnerabilities in ImageIO can be exploited by malicious\npeople to cause a DoS (Denial of Service). \n\nThe vulnerabilities are caused due to the use of vulnerable libpng\ncode. \n\nFor more information:\nSA27093\nSA27130\n\n18) An integer overflow error in ImageIO within the processing of\nJPEG2000 images can be exploited to cause a heap-based buffer\noverflow when a specially crafted JPEG2000 image is viewed. \n\nSuccessful exploitation of this vulnerability may allow execution of\narbitrary code. \n\n19) An error in Mail is caused due to an uninitialised variable and\ncan lead to disclosure of sensitive information and potentially\nexecution of arbitrary code when mail is sent through an SMTP server\nover IPv6. \n\n20) A vulnerability in Mongrel can be exploited by malicious people\nto disclose sensitive information. \n\nFor more information:\nSA28323\n\n21) The sso_util command-line tool requires that passwords be passed\nto it in its arguments, which can be exploited by malicious, local\nusers to disclose the passwords. \n\n22) An error in Wiki Server can be exploited to determine valid local\nuser names when nonexistent blogs are accessed. \n\nSecurity Update 2008-003 (PPC):\nhttp://www.apple.com/support/downloads/securityupdate2008003ppc.html\n\nSecurity Update 2008-003 Server (PPC):\nhttp://www.apple.com/support/downloads/securityupdate2008003serverppc.html\n\nSecurity Update 2008-003 Server (Universal):\nhttp://www.apple.com/support/downloads/securityupdate2008003serveruniversal.html\n\nSecurity Update 2008-003 (Intel):\nhttp://www.apple.com/support/downloads/securityupdate2008003intel.html\n\nMac OS X 10.5.3 Combo Update:\nhttp://www.apple.com/support/downloads/macosx1053comboupdate.html\n\nMac OS X 10.5.3 Update:\nhttp://www.apple.com/support/downloads/macosx1053update.html\n\nMac OS X Server 10.5.3 Combo Update:\nhttp://www.apple.com/support/downloads/macosxserver1053comboupdate.html\n\nMac OS X Server 10.5.3 Update:\nhttp://www.apple.com/support/downloads/macosxserver1053update.html\n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits:\n1) Alex deVries and Robert Rich\n3) Rosyna of Unsanity\n5) Melissa O\u0027Neill, Harvey Mudd College\n9) Brian Mastenbrook\n12) Paul Haddad, PTH Consulting\n16) Gynvael Coldwind, Hispasec\n19) Derek Morr, Pennsylvania State University\n21) Geoff Franks, Hauptman Woodward Institute\n22) Don Rainwater, University of Cincinnati\n\nCHANGELOG:\n2008-05-29: Added links to Mac OS X 10.5.3 in \"Solution\" section. \n\nORIGINAL ADVISORY:\nhttp://support.apple.com/kb/HT1897\n\nOTHER REFERENCES:\nSA18008:\nhttp://secunia.com/advisories/18008/\n\nSA18307:\nhttp://secunia.com/advisories/18307/\n\nSA26273:\nhttp://secunia.com/advisories/26273/\n\nSA26636:\nhttp://secunia.com/advisories/26636/\n\nSA27093:\nhttp://secunia.com/advisories/27093/\n\nSA27130:\nhttp://secunia.com/advisories/27130/\n\nSA28081:\nhttp://secunia.com/advisories/28081/\n\nSA28083:\nhttp://secunia.com/advisories/28083/\n\nSA28323:\nhttp://secunia.com/advisories/28323/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \n\n----------------------------------------------------------------------\n\n2003: 2,700 advisories published\n2004: 3,100 advisories published\n2005: 4,600 advisories published\n2006: 5,300 advisories published\n\nHow do you know which Secunia advisories are important to you?\n\nThe Secunia Vulnerability Intelligence Solutions allows you to filter\nand structure all the information you need, so you can address issues\neffectively. \n\nThe vulnerability is caused due to an error in the handling of return\nvalues of \"hashes()\" in the \"cs_validate_page()\" function when\nprocessing signed Mach-O binaries and can be exploited to cause a\nsystem panic. Other versions may\nalso be affected. \n\nSOLUTION:\nGrant only trusted users access to affected systems",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-6359"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001407"
},
{
"db": "BID",
"id": "81529"
},
{
"db": "VULHUB",
"id": "VHN-29721"
},
{
"db": "PACKETSTORM",
"id": "66818"
},
{
"db": "PACKETSTORM",
"id": "66804"
},
{
"db": "PACKETSTORM",
"id": "61802"
}
],
"trust": 2.25
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-29721",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-29721"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "USCERT",
"id": "TA08-150A",
"trust": 2.9
},
{
"db": "BID",
"id": "26840",
"trust": 2.8
},
{
"db": "NVD",
"id": "CVE-2007-6359",
"trust": 2.8
},
{
"db": "SECUNIA",
"id": "28048",
"trust": 2.6
},
{
"db": "VUPEN",
"id": "ADV-2007-4216",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2008-1697",
"trust": 1.7
},
{
"db": "XF",
"id": "38997",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "30430",
"trust": 1.2
},
{
"db": "USCERT",
"id": "SA08-150A",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001407",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "TA08-150A",
"trust": 0.6
},
{
"db": "APPLE",
"id": "APPLE-SA-2008-05-28",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200712-403",
"trust": 0.6
},
{
"db": "BID",
"id": "81529",
"trust": 0.4
},
{
"db": "EXPLOIT-DB",
"id": "4723",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-65038",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-29721",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "66818",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "66804",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "61802",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-29721"
},
{
"db": "BID",
"id": "81529"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001407"
},
{
"db": "PACKETSTORM",
"id": "66818"
},
{
"db": "PACKETSTORM",
"id": "66804"
},
{
"db": "PACKETSTORM",
"id": "61802"
},
{
"db": "CNNVD",
"id": "CNNVD-200712-403"
},
{
"db": "NVD",
"id": "CVE-2007-6359"
}
]
},
"id": "VAR-200712-0596",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-29721"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:25:34.562000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Mac OS X 10.5.3",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT1897"
},
{
"title": "Mac OS X 10.5.3",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT1897?viewlocale=ja_JP"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-001407"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-189",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-29721"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001407"
},
{
"db": "NVD",
"id": "CVE-2007-6359"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://www.securityfocus.com/bid/26840"
},
{
"trust": 2.8,
"url": "http://www.us-cert.gov/cas/techalerts/ta08-150a.html"
},
{
"trust": 2.5,
"url": "http://secunia.com/advisories/28048"
},
{
"trust": 2.0,
"url": "http://lists.apple.com/archives/security-announce/2008//may/msg00001.html"
},
{
"trust": 2.0,
"url": "http://digit-labs.org/files/exploits/xnu-superblob-dos.c"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2007/4216"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2008/1697"
},
{
"trust": 1.7,
"url": "http://xforce.iss.net/xforce/xfdb/38997"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/30430"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38997"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-6359"
},
{
"trust": 0.8,
"url": "http://www.frsirt.com/english/advisories/2007/4216"
},
{
"trust": 0.8,
"url": "http://www.frsirt.com/english/advisories/2008/1697"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta08-150a/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/trta08-150a/index.html"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-6359"
},
{
"trust": 0.8,
"url": "http://www.us-cert.gov/cas/alerts/sa08-150a.html"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/product/96/"
},
{
"trust": 0.1,
"url": "http://support.apple.com/kb/ht1338?viewlocale=en_us\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
},
{
"trust": 0.1,
"url": "http://support.apple.com/kb/ht1897\u003e"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/byid?searchview\u0026query=apple_security_update_2008_003\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/signup.html\u003e."
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/reading_room/securing_browser/\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta08-150a.html\u003e"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/26273/"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/macosxserver1053update.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/18307/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/27093/"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/macosxserver1053comboupdate.html"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/securityupdate2008003ppc.html"
},
{
"trust": 0.1,
"url": "http://support.apple.com/kb/ht1897"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/macosx1053update.html"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/securityupdate2008003serverppc.html"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/securityupdate2008003serveruniversal.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/27130/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/30430/"
},
{
"trust": 0.1,
"url": "http://secunia.com/network_software_inspector_2/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/26636/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/28083/"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/securityupdate2008003intel.html"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/macosx1053comboupdate.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/28081/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/18008/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/28323/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/28048/"
},
{
"trust": 0.1,
"url": "http://www.digit-labs.org/files/exploits/xnu-superblob-dos.c"
},
{
"trust": 0.1,
"url": "http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-29721"
},
{
"db": "BID",
"id": "81529"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001407"
},
{
"db": "PACKETSTORM",
"id": "66818"
},
{
"db": "PACKETSTORM",
"id": "66804"
},
{
"db": "PACKETSTORM",
"id": "61802"
},
{
"db": "CNNVD",
"id": "CNNVD-200712-403"
},
{
"db": "NVD",
"id": "CVE-2007-6359"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-29721"
},
{
"db": "BID",
"id": "81529"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001407"
},
{
"db": "PACKETSTORM",
"id": "66818"
},
{
"db": "PACKETSTORM",
"id": "66804"
},
{
"db": "PACKETSTORM",
"id": "61802"
},
{
"db": "CNNVD",
"id": "CNNVD-200712-403"
},
{
"db": "NVD",
"id": "CVE-2007-6359"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-12-15T00:00:00",
"db": "VULHUB",
"id": "VHN-29721"
},
{
"date": "2007-12-14T00:00:00",
"db": "BID",
"id": "81529"
},
{
"date": "2008-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-001407"
},
{
"date": "2008-05-29T23:21:11",
"db": "PACKETSTORM",
"id": "66818"
},
{
"date": "2008-05-29T23:19:06",
"db": "PACKETSTORM",
"id": "66804"
},
{
"date": "2007-12-13T23:02:52",
"db": "PACKETSTORM",
"id": "61802"
},
{
"date": "2007-12-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200712-403"
},
{
"date": "2007-12-15T01:46:00",
"db": "NVD",
"id": "CVE-2007-6359"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-08T00:00:00",
"db": "VULHUB",
"id": "VHN-29721"
},
{
"date": "2007-12-14T00:00:00",
"db": "BID",
"id": "81529"
},
{
"date": "2008-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-001407"
},
{
"date": "2021-12-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200712-403"
},
{
"date": "2024-11-21T00:39:57.583000",
"db": "NVD",
"id": "CVE-2007-6359"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "81529"
},
{
"db": "PACKETSTORM",
"id": "61802"
},
{
"db": "CNNVD",
"id": "CNNVD-200712-403"
}
],
"trust": 1.0
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple Mac OS X of cs_validate_page Service disruption in functions (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-001407"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "digital error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200712-403"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.