var-200803-0233
Vulnerability from variot
notifyd in Apple Mac OS X 10.4.11 does not verify that Mach port death notifications have originated from the kernel, which allows local users to cause a denial of service via spoofed death notifications that prevent other applications from receiving notifications. (DoS) There is a vulnerability that becomes a condition.Disguised disabling notifications by a malicious local user can prevent other applications from receiving notifications. Attackers can leverage this issue to cause denial-of-service conditions. These issues affect Mac OS X and various applications, including AFP Client, AFP Server, AppKit, Application Firewall, CoreFoundation, CoreServices, CUPS, Foundation, Help Viewer, Image Raw, libc, mDNSResponder, notifyd, pax archive utility, Podcast Producer, Preview, Printing, System Configuration, UDF, and Wiki Server. Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers. NOTE: This BID is being retired. The following individual records have been created to fully document all the vulnerabilities that were described in this BID: 28320 Apple Mac OS X AFP Client 'afp://' URI Remote Code Execution Vulnerability CVE-2008-0044. ----------------------------------------------------------------------
A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched.
1) Multiple boundary errors in AFP client when processing "afp://" URLs can be exploited to cause stack-based buffer overflows when a user connects to a malicious AFP server.
Successful exploitation may allow execution of arbitrary code.
2) An error exists in AFP Server when checking Kerberos principal realm names. This can be exploited to make unauthorized connections to the server when cross-realm authentication with AFP Server is used.
3) Multiple vulnerabilities in Apache can be exploited by malicious people to conduct cross-site scripting attacks, cause a DoS (Denial of Service), or potentially compromise a vulnerable system.
For more information: SA18008 SA21197 SA26636 SA27906 SA28046
4) A boundary error within the handling of file names in the NSDocument API in AppKit can be exploited to cause a stack-based buffer overflow.
6) Multiple integer overflow errors exist in the parser for a legacy serialization format. This can be exploited to cause a heap-based buffer overflow when a specially crafted serialized property list is parsed.
Successful exploitation may allow execution of arbitrary code.
7) An error in CFNetwork can be exploited to spoof secure websites via 502 Bad Gateway errors from a malicious HTTPS proxy server.
8) Multiple vulnerabilities in ClamAV can be exploited by malicious people to cause a DoS (Denial of Service) or to compromise a vulnerable system.
For more information: SA23347 SA24187 SA24891 SA26038 SA26530 SA28117 SA28907
9) An integer overflow error exists in CoreFoundation when handling time zone data.
10) The problem is that files with names ending in ".ief" can be automatically opened in AppleWorks if "Open 'Safe' files" is enabled in Safari.
For more information: SA29431
12) Multiple input validation errors exist in CUPS, which can be exploited to execute arbitrary code with system privileges.
13) A boundary error in curl can be exploited to compromise a user's system.
For more information: SA17907
14) A vulnerability in emacs can be exploited by malicious people to compromise a user's system.
For more information: SA27508
15) A vulnerability in "file" can be exploited by malicious people to compromise a vulnerable system.
For more information: SA24548
16) An input validation error exists in the NSSelectorFromString API, which can potentially be exploited to execute arbitrary code via a malformed selector name.
17) A race condition error in NSFileManager can potentially be exploited to gain escalated privileges.
18) A boundary error in NSFileManager can potentially be exploited to cause a stack-based buffer overflow via an overly long pathname with a specially crafted structure.
19) A race condition error exists in the cache management of NSURLConnection. This can be exploited to cause a DoS or execute arbitrary code in applications using the library (e.g. Safari).
20) A race condition error exists in NSXML. This can be exploited to execute arbitrary code by enticing a user to process an XML file in an application which uses NSXML.
21) An error in Help Viewer can be exploited to insert arbitrary HTML or JavaScript into the generated topic list page via a specially crafted "help:topic_list" URL and may redirect to a Help Viewer "help:runscript" link that runs Applescript.
22) A boundary error exists in Image Raw within the handling of Adobe Digital Negative (DNG) image files. This can be exploited to cause a stack-based buffer overflow by enticing a user to open a maliciously crafted image file.
23) Multiple vulnerabilities in Kerberos can be exploited to cause a DoS or to compromise a vulnerable system.
For more information: SA29428
24) An off-by-one error the "strnstr()" in libc can be exploited to cause a DoS.
25) A format string error exists in mDNSResponderHelper, which can be exploited by a malicious, local user to cause a DoS or execute arbitrary code with privileges of mDNSResponderHelper by setting the local hostname to a specially crafted string.
27) An array indexing error in the pax command line tool can be exploited to execute arbitrary code.
28) Multiple vulnerabilities in php can be exploited to bypass certain security restrictions.
For more information: SA27648 SA28318
29) A security issue is caused due to the Podcast Capture application providing passwords to a subtask through the arguments.
30) Printing and Preview handle PDF files with weak encryption.
31) An error in Printing in the handling of authenticated print queues can lead to credentials being saved to disk.
33) A null-pointer dereference error exists in the handling of Universal Disc Format (UDF) file systems, which can be exploited to cause a system shutdown by enticing a user to open a maliciously crafted disk image.
35) Some vulnerabilities in X11 can be exploited by malicious, local users to gain escalated privileges.
For more information: SA27040 SA28532
36) Some vulnerabilities in libpng can be exploited by malicious people to cause a DoS (Denial of Service).
For more information: SA22900 SA25292 SA27093 SA27130
SOLUTION: Apply Security Update 2008-002.
Security Update 2008-002 v1.0 (PPC): http://www.apple.com/support/downloads/securityupdate2008002v10ppc.html
Security Update 2008-002 v1.0 (Universal): http://www.apple.com/support/downloads/securityupdate2008002v10universal.html
Security Update 2008-002 v1.0 (Leopard): http://www.apple.com/support/downloads/securityupdate2008002v10leopard.html
Security Update 2008-002 v1.0 Server (Leopard): http://www.apple.com/support/downloads/securityupdate2008002v10serverleopard.html
Security Update 2008-002 v1.0 Server (PPC): http://www.apple.com/support/downloads/securityupdate2008002v10serverppc.html
Security Update 2008-002 v1.0 Server (Universal): http://www.apple.com/support/downloads/securityupdate2008002v10serveruniversal.html
PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Ragnar Sundblad of KTH - Royal Institute of Technology, Stockholm 11) regenrecht via iDefense 19) Daniel Jalkut, Red Sweater Software 22) Brian Mastenbrook 24) Mike Ash, Rogue Amoeba Software 29) Maximilian Reiss, Chair for Applied Software Engineering, TUM 33) Paul Wagland of Redwood Software, and Wayne Linder of Iomega
34) Rodrigo Carvalho CORE Security Technologies
ORIGINAL ADVISORY: Apple: http://docs.info.apple.com/article.html?artnum=307562
CORE-2008-0123: http://www.coresecurity.com/?action=item&id=2189
OTHER REFERENCES: SA17907: http://secunia.com/advisories/17907/
SA18008: http://secunia.com/advisories/18008/
SA21187: http://secunia.com/advisories/21197/
SA22900: http://secunia.com/advisories/22900/
SA23347: http://secunia.com/advisories/23347/
SA24187: http://secunia.com/advisories/24187/
SA24548: http://secunia.com/advisories/24548/
SA24891: http://secunia.com/advisories/24891/
SA25292: http://secunia.com/advisories/25292/
SA26038: http://secunia.com/advisories/26038/
SA26530: http://secunia.com/advisories/26530/
SA26636: http://secunia.com/advisories/26636/
SA27040: http://secunia.com/advisories/27040/
SA27093: http://secunia.com/advisories/27093/
SA27130: http://secunia.com/advisories/27130/
SA27648: http://secunia.com/advisories/27648/
SA27508: http://secunia.com/advisories/27508/
SA27906: http://secunia.com/advisories/27906/
SA28046: http://secunia.com/advisories/28046/
SA28117: http://secunia.com/advisories/28117/
SAS28318: http://secunia.com/advisories/28318/
SA28532: http://secunia.com/advisories/28532/
SA28907: http://secunia.com/advisories/28907/
SA29428: http://secunia.com/advisories/29428/
SA29431: http://secunia.com/advisories/29431/
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200803-0233",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.4.11"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.4.11"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.4.11"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.4.11"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.4.11"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.4.10"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.4.9"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.4.8"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.4.7"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.4.6"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.4.5"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.4.4"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.4.3"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.4.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.4.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.4.11"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.4.10"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.4.9"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.4.8"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.4.7"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.4.6"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.4.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.4.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.4.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.4.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.4.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.4"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.8"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.0.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.9"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.4"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.6"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.6"
},
{
"model": "directory pro",
"scope": "eq",
"trust": 0.3,
"vendor": "cosmicperl",
"version": "10.0.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.7"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.03"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.8"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1.3"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.7"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.3"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1.5"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.3"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.8"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.0.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.9"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.6"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.6"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.7"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.0.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.0.3"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.7"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.8"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1.4"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1.3"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.5"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.4"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.3"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1.5"
}
],
"sources": [
{
"db": "BID",
"id": "28345"
},
{
"db": "BID",
"id": "28304"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001208"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-289"
},
{
"db": "NVD",
"id": "CVE-2008-0990"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:apple:mac_os_x",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:mac_os_x_server",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-001208"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ragnar SundbladregenrechtDaniel JalkutBrian MastenbrookClint RuohoMike Ash",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200803-289"
}
],
"trust": 0.6
},
"cve": "CVE-2008-0990",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"id": "CVE-2008-0990",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"id": "VHN-31115",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2008-0990",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2008-0990",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200803-289",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-31115",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-31115"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001208"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-289"
},
{
"db": "NVD",
"id": "CVE-2008-0990"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "notifyd in Apple Mac OS X 10.4.11 does not verify that Mach port death notifications have originated from the kernel, which allows local users to cause a denial of service via spoofed death notifications that prevent other applications from receiving notifications. (DoS) There is a vulnerability that becomes a condition.Disguised disabling notifications by a malicious local user can prevent other applications from receiving notifications. \nAttackers can leverage this issue to cause denial-of-service conditions. \nThese issues affect Mac OS X and various applications, including AFP Client, AFP Server, AppKit, Application Firewall, CoreFoundation, CoreServices, CUPS, Foundation, Help Viewer, Image Raw, libc, mDNSResponder, notifyd, pax archive utility, Podcast Producer, Preview, Printing, System Configuration, UDF, and Wiki Server. \nAttackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers. \nNOTE: This BID is being retired. The following individual records have been created to fully document all the vulnerabilities that were described in this BID:\n28320 Apple Mac OS X AFP Client \u0027afp://\u0027 URI Remote Code Execution Vulnerability CVE-2008-0044. ----------------------------------------------------------------------\n\nA new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI\nhas been released. The new version includes many new and advanced\nfeatures, which makes it even easier to stay patched. \n\n1) Multiple boundary errors in AFP client when processing \"afp://\"\nURLs can be exploited to cause stack-based buffer overflows when a\nuser connects to a malicious AFP server. \n\nSuccessful exploitation may allow execution of arbitrary code. \n\n2) An error exists in AFP Server when checking Kerberos principal\nrealm names. This can be exploited to make unauthorized connections\nto the server when cross-realm authentication with AFP Server is\nused. \n\n3) Multiple vulnerabilities in Apache can be exploited by malicious\npeople to conduct cross-site scripting attacks, cause a DoS (Denial\nof Service), or potentially compromise a vulnerable system. \n\nFor more information:\nSA18008\nSA21197\nSA26636\nSA27906\nSA28046\n\n4) A boundary error within the handling of file names in the\nNSDocument API in AppKit can be exploited to cause a stack-based\nbuffer overflow. \n\n6) Multiple integer overflow errors exist in the parser for a legacy\nserialization format. This can be exploited to cause a heap-based\nbuffer overflow when a specially crafted serialized property list is\nparsed. \n\nSuccessful exploitation may allow execution of arbitrary code. \n\n7) An error in CFNetwork can be exploited to spoof secure websites\nvia 502 Bad Gateway errors from a malicious HTTPS proxy server. \n\n8) Multiple vulnerabilities in ClamAV can be exploited by malicious\npeople to cause a DoS (Denial of Service) or to compromise a\nvulnerable system. \n\nFor more information:\nSA23347\nSA24187\nSA24891\nSA26038\nSA26530\nSA28117\nSA28907\n\n9) An integer overflow error exists in CoreFoundation when handling\ntime zone data. \n\n10) The problem is that files with names ending in \".ief\" can be\nautomatically opened in AppleWorks if \"Open \u0027Safe\u0027 files\" is enabled\nin Safari. \n\nFor more information:\nSA29431\n\n12) Multiple input validation errors exist in CUPS, which can be\nexploited to execute arbitrary code with system privileges. \n\n13) A boundary error in curl can be exploited to compromise a user\u0027s\nsystem. \n\nFor more information:\nSA17907\n\n14) A vulnerability in emacs can be exploited by malicious people to\ncompromise a user\u0027s system. \n\nFor more information:\nSA27508\n\n15) A vulnerability in \"file\" can be exploited by malicious people to\ncompromise a vulnerable system. \n\nFor more information:\nSA24548\n\n16) An input validation error exists in the NSSelectorFromString API,\nwhich can potentially be exploited to execute arbitrary code via a\nmalformed selector name. \n\n17) A race condition error in NSFileManager can potentially be\nexploited to gain escalated privileges. \n\n18) A boundary error in NSFileManager can potentially be exploited to\ncause a stack-based buffer overflow via an overly long pathname with a\nspecially crafted structure. \n\n19) A race condition error exists in the cache management of\nNSURLConnection. This can be exploited to cause a DoS or execute\narbitrary code in applications using the library (e.g. Safari). \n\n20) A race condition error exists in NSXML. This can be exploited to\nexecute arbitrary code by enticing a user to process an XML file in\nan application which uses NSXML. \n\n21) An error in Help Viewer can be exploited to insert arbitrary HTML\nor JavaScript into the generated topic list page via a specially\ncrafted \"help:topic_list\" URL and may redirect to a Help Viewer\n\"help:runscript\" link that runs Applescript. \n\n22) A boundary error exists in Image Raw within the handling of Adobe\nDigital Negative (DNG) image files. This can be exploited to cause a\nstack-based buffer overflow by enticing a user to open a maliciously\ncrafted image file. \n\n23) Multiple vulnerabilities in Kerberos can be exploited to cause a\nDoS or to compromise a vulnerable system. \n\nFor more information:\nSA29428\n\n24) An off-by-one error the \"strnstr()\" in libc can be exploited to\ncause a DoS. \n\n25) A format string error exists in mDNSResponderHelper, which can be\nexploited by a malicious, local user to cause a DoS or execute\narbitrary code with privileges of mDNSResponderHelper by setting the\nlocal hostname to a specially crafted string. \n\n27) An array indexing error in the pax command line tool can be\nexploited to execute arbitrary code. \n\n28) Multiple vulnerabilities in php can be exploited to bypass\ncertain security restrictions. \n\nFor more information:\nSA27648\nSA28318\n\n29) A security issue is caused due to the Podcast Capture application\nproviding passwords to a subtask through the arguments. \n\n30) Printing and Preview handle PDF files with weak encryption. \n\n31) An error in Printing in the handling of authenticated print\nqueues can lead to credentials being saved to disk. \n\n33) A null-pointer dereference error exists in the handling of\nUniversal Disc Format (UDF) file systems, which can be exploited to\ncause a system shutdown by enticing a user to open a maliciously\ncrafted disk image. \n\n35) Some vulnerabilities in X11 can be exploited by malicious, local\nusers to gain escalated privileges. \n\nFor more information:\nSA27040\nSA28532\n\n36) Some vulnerabilities in libpng can be exploited by malicious\npeople to cause a DoS (Denial of Service). \n\nFor more information:\nSA22900\nSA25292\nSA27093\nSA27130\n\nSOLUTION:\nApply Security Update 2008-002. \n\nSecurity Update 2008-002 v1.0 (PPC):\nhttp://www.apple.com/support/downloads/securityupdate2008002v10ppc.html\n\nSecurity Update 2008-002 v1.0 (Universal):\nhttp://www.apple.com/support/downloads/securityupdate2008002v10universal.html\n\nSecurity Update 2008-002 v1.0 (Leopard):\nhttp://www.apple.com/support/downloads/securityupdate2008002v10leopard.html\n\nSecurity Update 2008-002 v1.0 Server (Leopard):\nhttp://www.apple.com/support/downloads/securityupdate2008002v10serverleopard.html\n\nSecurity Update 2008-002 v1.0 Server (PPC):\nhttp://www.apple.com/support/downloads/securityupdate2008002v10serverppc.html\n\nSecurity Update 2008-002 v1.0 Server (Universal):\nhttp://www.apple.com/support/downloads/securityupdate2008002v10serveruniversal.html\n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits:\n1) Ragnar Sundblad of KTH - Royal Institute of Technology, Stockholm\n11) regenrecht via iDefense\n19) Daniel Jalkut, Red Sweater Software\n22) Brian Mastenbrook\n24) Mike Ash, Rogue Amoeba Software\n29) Maximilian Reiss, Chair for Applied Software Engineering, TUM\n33) Paul Wagland of Redwood Software, and Wayne Linder of Iomega\n\n34) Rodrigo Carvalho CORE Security Technologies\n\nORIGINAL ADVISORY:\nApple:\nhttp://docs.info.apple.com/article.html?artnum=307562\n\nCORE-2008-0123:\nhttp://www.coresecurity.com/?action=item\u0026id=2189\n\nOTHER REFERENCES:\nSA17907:\nhttp://secunia.com/advisories/17907/\n\nSA18008:\nhttp://secunia.com/advisories/18008/\n\nSA21187:\nhttp://secunia.com/advisories/21197/\n\nSA22900:\nhttp://secunia.com/advisories/22900/\n\nSA23347:\nhttp://secunia.com/advisories/23347/\n\nSA24187:\nhttp://secunia.com/advisories/24187/\n\nSA24548:\nhttp://secunia.com/advisories/24548/\n\nSA24891:\nhttp://secunia.com/advisories/24891/\n\nSA25292:\nhttp://secunia.com/advisories/25292/\n\nSA26038:\nhttp://secunia.com/advisories/26038/\n\nSA26530:\nhttp://secunia.com/advisories/26530/\n\nSA26636:\nhttp://secunia.com/advisories/26636/\n\nSA27040:\nhttp://secunia.com/advisories/27040/\n\nSA27093:\nhttp://secunia.com/advisories/27093/\n\nSA27130:\nhttp://secunia.com/advisories/27130/\n\nSA27648:\nhttp://secunia.com/advisories/27648/\n\nSA27508:\nhttp://secunia.com/advisories/27508/\n\nSA27906:\nhttp://secunia.com/advisories/27906/\n\nSA28046:\nhttp://secunia.com/advisories/28046/\n\nSA28117:\nhttp://secunia.com/advisories/28117/\n\nSAS28318:\nhttp://secunia.com/advisories/28318/\n\nSA28532:\nhttp://secunia.com/advisories/28532/\n\nSA28907:\nhttp://secunia.com/advisories/28907/\n\nSA29428:\nhttp://secunia.com/advisories/29428/\n\nSA29431:\nhttp://secunia.com/advisories/29431/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2008-0990"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001208"
},
{
"db": "BID",
"id": "28345"
},
{
"db": "BID",
"id": "28304"
},
{
"db": "VULHUB",
"id": "VHN-31115"
},
{
"db": "PACKETSTORM",
"id": "64747"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2008-0990",
"trust": 2.8
},
{
"db": "BID",
"id": "28345",
"trust": 2.8
},
{
"db": "BID",
"id": "28304",
"trust": 2.8
},
{
"db": "SECUNIA",
"id": "29420",
"trust": 2.6
},
{
"db": "SECTRACK",
"id": "1019663",
"trust": 2.5
},
{
"db": "USCERT",
"id": "TA08-079A",
"trust": 2.5
},
{
"db": "VUPEN",
"id": "ADV-2008-0924",
"trust": 1.7
},
{
"db": "USCERT",
"id": "SA08-079A",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001208",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200803-289",
"trust": 0.7
},
{
"db": "CERT/CC",
"id": "TA08-079A",
"trust": 0.6
},
{
"db": "APPLE",
"id": "APPLE-SA-2008-03-18",
"trust": 0.6
},
{
"db": "XF",
"id": "41289",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-31115",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "64747",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-31115"
},
{
"db": "BID",
"id": "28345"
},
{
"db": "BID",
"id": "28304"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001208"
},
{
"db": "PACKETSTORM",
"id": "64747"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-289"
},
{
"db": "NVD",
"id": "CVE-2008-0990"
}
]
},
"id": "VAR-200803-0233",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-31115"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:10:24.717000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security Update 2008-002",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT1249?viewlocale=en_US"
},
{
"title": "Security Update 2008-002",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT1249?viewlocale=ja_JP"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-001208"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-31115"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001208"
},
{
"db": "NVD",
"id": "CVE-2008-0990"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/28304"
},
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/28345"
},
{
"trust": 2.5,
"url": "http://www.us-cert.gov/cas/techalerts/ta08-079a.html"
},
{
"trust": 2.5,
"url": "http://www.securitytracker.com/id?1019663"
},
{
"trust": 2.5,
"url": "http://secunia.com/advisories/29420"
},
{
"trust": 1.8,
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2008/mar/msg00001.html"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41289"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0990"
},
{
"trust": 0.8,
"url": "http://www.frsirt.com/english/advisories/2008/0924"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta08-079a/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/trta08-079a/index.html"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-0990"
},
{
"trust": 0.8,
"url": "http://www.us-cert.gov/cas/alerts/sa08-079a.html"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/41289"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2008/0924/references"
},
{
"trust": 0.3,
"url": "http://software.cisco.com/download/navigator.html?mdfid=283613663"
},
{
"trust": 0.3,
"url": "http://www.apple.com/macosx/"
},
{
"trust": 0.3,
"url": "http://docs.info.apple.com/article.html?artnum=307430"
},
{
"trust": 0.1,
"url": "http://www.coresecurity.com/?action=item\u0026id=2189"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/28046/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/27648/"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/securityupdate2008002v10serveruniversal.html"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/securityupdate2008002v10ppc.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/24891/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/27093/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/29431/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/27906/"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/securityupdate2008002v10universal.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/22900/"
},
{
"trust": 0.1,
"url": "https://psi.secunia.com/?page=changelog"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/21197/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/23347/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/29420/"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/securityupdate2008002v10leopard.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/26038/"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/securityupdate2008002v10serverppc.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/27130/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/28532/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/29428/"
},
{
"trust": 0.1,
"url": "https://psi.secunia.com/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/24187/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/24548/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/26636/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/25292/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/18008/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/27040/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/27508/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/28117/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/28907/"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/securityupdate2008002v10serverleopard.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/96/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/17907/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/26530/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/28318/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-31115"
},
{
"db": "BID",
"id": "28345"
},
{
"db": "BID",
"id": "28304"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001208"
},
{
"db": "PACKETSTORM",
"id": "64747"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-289"
},
{
"db": "NVD",
"id": "CVE-2008-0990"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-31115"
},
{
"db": "BID",
"id": "28345"
},
{
"db": "BID",
"id": "28304"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001208"
},
{
"db": "PACKETSTORM",
"id": "64747"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-289"
},
{
"db": "NVD",
"id": "CVE-2008-0990"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-03-18T00:00:00",
"db": "VULHUB",
"id": "VHN-31115"
},
{
"date": "2008-03-18T00:00:00",
"db": "BID",
"id": "28345"
},
{
"date": "2008-03-18T00:00:00",
"db": "BID",
"id": "28304"
},
{
"date": "2008-04-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-001208"
},
{
"date": "2008-03-20T20:39:31",
"db": "PACKETSTORM",
"id": "64747"
},
{
"date": "2008-03-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200803-289"
},
{
"date": "2008-03-18T23:44:00",
"db": "NVD",
"id": "CVE-2008-0990"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-08T00:00:00",
"db": "VULHUB",
"id": "VHN-31115"
},
{
"date": "2008-03-20T21:10:00",
"db": "BID",
"id": "28345"
},
{
"date": "2008-03-22T01:10:00",
"db": "BID",
"id": "28304"
},
{
"date": "2008-04-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-001208"
},
{
"date": "2008-10-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200803-289"
},
{
"date": "2024-11-21T00:43:23.370000",
"db": "NVD",
"id": "CVE-2008-0990"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "28345"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-289"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple Mac OS X of notifyd Service disruption in (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-001208"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200803-289"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.