var-200803-0242
Vulnerability from variot
Directory traversal vulnerability in ContentServer.py in the Wiki Server in Apple Mac OS X 10.5.2 (aka Leopard) allows remote authenticated users to write arbitrary files via ".." sequences in file attachments. Exploiting this issue allows an attacker to access arbitrary files outside of the application's document root directory. This can expose sensitive information that could help the attacker launch further attacks. Note that attackers must be registered wiki users to exploit this issue. Wiki Server from Mac OS X Server 10.5 is vulnerable. ----------------------------------------------------------------------
A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched.
Download and test it today: https://psi.secunia.com/
Read more about this new version: https://psi.secunia.com/?page=changelog
TITLE: Mac OS X Security Update Fixes Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA29420
VERIFY ADVISORY: http://secunia.com/advisories/29420/
CRITICAL: Highly critical
IMPACT: Unknown, Security Bypass, Cross Site Scripting, Spoofing, Exposure of sensitive information, Privilege escalation, DoS, System access
WHERE:
From remote
OPERATING SYSTEM: Apple Macintosh OS X http://secunia.com/product/96/
DESCRIPTION: Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities.
1) Multiple boundary errors in AFP client when processing "afp://" URLs can be exploited to cause stack-based buffer overflows when a user connects to a malicious AFP server.
Successful exploitation may allow execution of arbitrary code.
2) An error exists in AFP Server when checking Kerberos principal realm names. This can be exploited to make unauthorized connections to the server when cross-realm authentication with AFP Server is used.
3) Multiple vulnerabilities in Apache can be exploited by malicious people to conduct cross-site scripting attacks, cause a DoS (Denial of Service), or potentially compromise a vulnerable system.
For more information: SA18008 SA21197 SA26636 SA27906 SA28046
4) A boundary error within the handling of file names in the NSDocument API in AppKit can be exploited to cause a stack-based buffer overflow.
5) An error in NSApplication in AppKit can potentially be exploited to execute code with escalated privileges by sending a maliciously crafted messages to privileged applications in the same bootstrap namespace.
6) Multiple integer overflow errors exist in the parser for a legacy serialization format. This can be exploited to cause a heap-based buffer overflow when a specially crafted serialized property list is parsed.
Successful exploitation may allow execution of arbitrary code.
7) An error in CFNetwork can be exploited to spoof secure websites via 502 Bad Gateway errors from a malicious HTTPS proxy server.
8) Multiple vulnerabilities in ClamAV can be exploited by malicious people to cause a DoS (Denial of Service) or to compromise a vulnerable system.
For more information: SA23347 SA24187 SA24891 SA26038 SA26530 SA28117 SA28907
9) An integer overflow error exists in CoreFoundation when handling time zone data. This can be exploited by a malicious, local user to execute arbitrary code with system privileges.
10) The problem is that files with names ending in ".ief" can be automatically opened in AppleWorks if "Open 'Safe' files" is enabled in Safari.
11) A vulnerability in CUPS can be exploited to execute arbitrary code with system privileges.
For more information: SA29431
12) Multiple input validation errors exist in CUPS, which can be exploited to execute arbitrary code with system privileges.
13) A boundary error in curl can be exploited to compromise a user's system.
For more information: SA17907
14) A vulnerability in emacs can be exploited by malicious people to compromise a user's system.
For more information: SA27508
15) A vulnerability in "file" can be exploited by malicious people to compromise a vulnerable system.
For more information: SA24548
16) An input validation error exists in the NSSelectorFromString API, which can potentially be exploited to execute arbitrary code via a malformed selector name.
17) A race condition error in NSFileManager can potentially be exploited to gain escalated privileges.
18) A boundary error in NSFileManager can potentially be exploited to cause a stack-based buffer overflow via an overly long pathname with a specially crafted structure.
19) A race condition error exists in the cache management of NSURLConnection. This can be exploited to cause a DoS or execute arbitrary code in applications using the library (e.g. Safari).
20) A race condition error exists in NSXML. This can be exploited to execute arbitrary code by enticing a user to process an XML file in an application which uses NSXML.
21) An error in Help Viewer can be exploited to insert arbitrary HTML or JavaScript into the generated topic list page via a specially crafted "help:topic_list" URL and may redirect to a Help Viewer "help:runscript" link that runs Applescript.
22) A boundary error exists in Image Raw within the handling of Adobe Digital Negative (DNG) image files. This can be exploited to cause a stack-based buffer overflow by enticing a user to open a maliciously crafted image file.
23) Multiple vulnerabilities in Kerberos can be exploited to cause a DoS or to compromise a vulnerable system.
For more information: SA29428
24) An off-by-one error the "strnstr()" in libc can be exploited to cause a DoS.
25) A format string error exists in mDNSResponderHelper, which can be exploited by a malicious, local user to cause a DoS or execute arbitrary code with privileges of mDNSResponderHelper by setting the local hostname to a specially crafted string.
26) An error in notifyd can be exploited by a malicious, local user to deny access to notifications by sending fake Mach port death notifications to notifyd.
27) An array indexing error in the pax command line tool can be exploited to execute arbitrary code.
28) Multiple vulnerabilities in php can be exploited to bypass certain security restrictions.
For more information: SA27648 SA28318
29) A security issue is caused due to the Podcast Capture application providing passwords to a subtask through the arguments.
30) Printing and Preview handle PDF files with weak encryption.
31) An error in Printing in the handling of authenticated print queues can lead to credentials being saved to disk.
32) An error in NetCfgTool can be exploited by a malicious, local user to execute arbitrary code with escalated privileges via a specially crafted message.
33) A null-pointer dereference error exists in the handling of Universal Disc Format (UDF) file systems, which can be exploited to cause a system shutdown by enticing a user to open a maliciously crafted disk image. This can be exploited by malicious users to upload arbitrary files with privileges of the wiki server execute arbitrary code.
35) Some vulnerabilities in X11 can be exploited by malicious, local users to gain escalated privileges.
For more information: SA27040 SA28532
36) Some vulnerabilities in libpng can be exploited by malicious people to cause a DoS (Denial of Service).
For more information: SA22900 SA25292 SA27093 SA27130
SOLUTION: Apply Security Update 2008-002.
Security Update 2008-002 v1.0 (PPC): http://www.apple.com/support/downloads/securityupdate2008002v10ppc.html
Security Update 2008-002 v1.0 (Universal): http://www.apple.com/support/downloads/securityupdate2008002v10universal.html
Security Update 2008-002 v1.0 (Leopard): http://www.apple.com/support/downloads/securityupdate2008002v10leopard.html
Security Update 2008-002 v1.0 Server (Leopard): http://www.apple.com/support/downloads/securityupdate2008002v10serverleopard.html
Security Update 2008-002 v1.0 Server (PPC): http://www.apple.com/support/downloads/securityupdate2008002v10serverppc.html
Security Update 2008-002 v1.0 Server (Universal): http://www.apple.com/support/downloads/securityupdate2008002v10serveruniversal.html
PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Ragnar Sundblad of KTH - Royal Institute of Technology, Stockholm 11) regenrecht via iDefense 19) Daniel Jalkut, Red Sweater Software 22) Brian Mastenbrook 24) Mike Ash, Rogue Amoeba Software 29) Maximilian Reiss, Chair for Applied Software Engineering, TUM 33) Paul Wagland of Redwood Software, and Wayne Linder of Iomega
34) Rodrigo Carvalho CORE Security Technologies
ORIGINAL ADVISORY: Apple: http://docs.info.apple.com/article.html?artnum=307562
CORE-2008-0123: http://www.coresecurity.com/?action=item&id=2189
OTHER REFERENCES: SA17907: http://secunia.com/advisories/17907/
SA18008: http://secunia.com/advisories/18008/
SA21187: http://secunia.com/advisories/21197/
SA22900: http://secunia.com/advisories/22900/
SA23347: http://secunia.com/advisories/23347/
SA24187: http://secunia.com/advisories/24187/
SA24548: http://secunia.com/advisories/24548/
SA24891: http://secunia.com/advisories/24891/
SA25292: http://secunia.com/advisories/25292/
SA26038: http://secunia.com/advisories/26038/
SA26530: http://secunia.com/advisories/26530/
SA26636: http://secunia.com/advisories/26636/
SA27040: http://secunia.com/advisories/27040/
SA27093: http://secunia.com/advisories/27093/
SA27130: http://secunia.com/advisories/27130/
SA27648: http://secunia.com/advisories/27648/
SA27508: http://secunia.com/advisories/27508/
SA27906: http://secunia.com/advisories/27906/
SA28046: http://secunia.com/advisories/28046/
SA28117: http://secunia.com/advisories/28117/
SAS28318: http://secunia.com/advisories/28318/
SA28532: http://secunia.com/advisories/28532/
SA28907: http://secunia.com/advisories/28907/
SA29428: http://secunia.com/advisories/29428/
SA29431: http://secunia.com/advisories/29431/
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200803-0242",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mac os x server",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.5.2"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.5.2"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.5.2"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.5.2"
},
{
"model": "wiki server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.5"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.2"
}
],
"sources": [
{
"db": "BID",
"id": "28278"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001199"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-297"
},
{
"db": "NVD",
"id": "CVE-2008-1000"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:apple:mac_os_x",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:mac_os_x_server",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-001199"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rodrigo Carvalho",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200803-297"
}
],
"trust": 0.6
},
"cve": "CVE-2008-1000",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.8,
"id": "CVE-2008-1000",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.8,
"id": "VHN-31125",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2008-1000",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2008-1000",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200803-297",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-31125",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-31125"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001199"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-297"
},
{
"db": "NVD",
"id": "CVE-2008-1000"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Directory traversal vulnerability in ContentServer.py in the Wiki Server in Apple Mac OS X 10.5.2 (aka Leopard) allows remote authenticated users to write arbitrary files via \"..\" sequences in file attachments. \nExploiting this issue allows an attacker to access arbitrary files outside of the application\u0027s document root directory. This can expose sensitive information that could help the attacker launch further attacks. \nNote that attackers must be registered wiki users to exploit this issue. \nWiki Server from Mac OS X Server 10.5 is vulnerable. ----------------------------------------------------------------------\n\nA new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI\nhas been released. The new version includes many new and advanced\nfeatures, which makes it even easier to stay patched. \n\nDownload and test it today:\nhttps://psi.secunia.com/\n\nRead more about this new version:\nhttps://psi.secunia.com/?page=changelog\n\n----------------------------------------------------------------------\n\nTITLE:\nMac OS X Security Update Fixes Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA29420\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/29420/\n\nCRITICAL:\nHighly critical\n\nIMPACT:\nUnknown, Security Bypass, Cross Site Scripting, Spoofing, Exposure of\nsensitive information, Privilege escalation, DoS, System access\n\nWHERE:\n\u003eFrom remote\n\nOPERATING SYSTEM:\nApple Macintosh OS X\nhttp://secunia.com/product/96/\n\nDESCRIPTION:\nApple has issued a security update for Mac OS X, which fixes multiple\nvulnerabilities. \n\n1) Multiple boundary errors in AFP client when processing \"afp://\"\nURLs can be exploited to cause stack-based buffer overflows when a\nuser connects to a malicious AFP server. \n\nSuccessful exploitation may allow execution of arbitrary code. \n\n2) An error exists in AFP Server when checking Kerberos principal\nrealm names. This can be exploited to make unauthorized connections\nto the server when cross-realm authentication with AFP Server is\nused. \n\n3) Multiple vulnerabilities in Apache can be exploited by malicious\npeople to conduct cross-site scripting attacks, cause a DoS (Denial\nof Service), or potentially compromise a vulnerable system. \n\nFor more information:\nSA18008\nSA21197\nSA26636\nSA27906\nSA28046\n\n4) A boundary error within the handling of file names in the\nNSDocument API in AppKit can be exploited to cause a stack-based\nbuffer overflow. \n\n5) An error in NSApplication in AppKit can potentially be exploited\nto execute code with escalated privileges by sending a maliciously\ncrafted messages to privileged applications in the same bootstrap\nnamespace. \n\n6) Multiple integer overflow errors exist in the parser for a legacy\nserialization format. This can be exploited to cause a heap-based\nbuffer overflow when a specially crafted serialized property list is\nparsed. \n\nSuccessful exploitation may allow execution of arbitrary code. \n\n7) An error in CFNetwork can be exploited to spoof secure websites\nvia 502 Bad Gateway errors from a malicious HTTPS proxy server. \n\n8) Multiple vulnerabilities in ClamAV can be exploited by malicious\npeople to cause a DoS (Denial of Service) or to compromise a\nvulnerable system. \n\nFor more information:\nSA23347\nSA24187\nSA24891\nSA26038\nSA26530\nSA28117\nSA28907\n\n9) An integer overflow error exists in CoreFoundation when handling\ntime zone data. This can be exploited by a malicious, local user to\nexecute arbitrary code with system privileges. \n\n10) The problem is that files with names ending in \".ief\" can be\nautomatically opened in AppleWorks if \"Open \u0027Safe\u0027 files\" is enabled\nin Safari. \n\n11) A vulnerability in CUPS can be exploited to execute arbitrary\ncode with system privileges. \n\nFor more information:\nSA29431\n\n12) Multiple input validation errors exist in CUPS, which can be\nexploited to execute arbitrary code with system privileges. \n\n13) A boundary error in curl can be exploited to compromise a user\u0027s\nsystem. \n\nFor more information:\nSA17907\n\n14) A vulnerability in emacs can be exploited by malicious people to\ncompromise a user\u0027s system. \n\nFor more information:\nSA27508\n\n15) A vulnerability in \"file\" can be exploited by malicious people to\ncompromise a vulnerable system. \n\nFor more information:\nSA24548\n\n16) An input validation error exists in the NSSelectorFromString API,\nwhich can potentially be exploited to execute arbitrary code via a\nmalformed selector name. \n\n17) A race condition error in NSFileManager can potentially be\nexploited to gain escalated privileges. \n\n18) A boundary error in NSFileManager can potentially be exploited to\ncause a stack-based buffer overflow via an overly long pathname with a\nspecially crafted structure. \n\n19) A race condition error exists in the cache management of\nNSURLConnection. This can be exploited to cause a DoS or execute\narbitrary code in applications using the library (e.g. Safari). \n\n20) A race condition error exists in NSXML. This can be exploited to\nexecute arbitrary code by enticing a user to process an XML file in\nan application which uses NSXML. \n\n21) An error in Help Viewer can be exploited to insert arbitrary HTML\nor JavaScript into the generated topic list page via a specially\ncrafted \"help:topic_list\" URL and may redirect to a Help Viewer\n\"help:runscript\" link that runs Applescript. \n\n22) A boundary error exists in Image Raw within the handling of Adobe\nDigital Negative (DNG) image files. This can be exploited to cause a\nstack-based buffer overflow by enticing a user to open a maliciously\ncrafted image file. \n\n23) Multiple vulnerabilities in Kerberos can be exploited to cause a\nDoS or to compromise a vulnerable system. \n\nFor more information:\nSA29428\n\n24) An off-by-one error the \"strnstr()\" in libc can be exploited to\ncause a DoS. \n\n25) A format string error exists in mDNSResponderHelper, which can be\nexploited by a malicious, local user to cause a DoS or execute\narbitrary code with privileges of mDNSResponderHelper by setting the\nlocal hostname to a specially crafted string. \n\n26) An error in notifyd can be exploited by a malicious, local user\nto deny access to notifications by sending fake Mach port death\nnotifications to notifyd. \n\n27) An array indexing error in the pax command line tool can be\nexploited to execute arbitrary code. \n\n28) Multiple vulnerabilities in php can be exploited to bypass\ncertain security restrictions. \n\nFor more information:\nSA27648\nSA28318\n\n29) A security issue is caused due to the Podcast Capture application\nproviding passwords to a subtask through the arguments. \n\n30) Printing and Preview handle PDF files with weak encryption. \n\n31) An error in Printing in the handling of authenticated print\nqueues can lead to credentials being saved to disk. \n\n32) An error in NetCfgTool can be exploited by a malicious, local\nuser to execute arbitrary code with escalated privileges via a\nspecially crafted message. \n\n33) A null-pointer dereference error exists in the handling of\nUniversal Disc Format (UDF) file systems, which can be exploited to\ncause a system shutdown by enticing a user to open a maliciously\ncrafted disk image. This can be exploited by malicious users to upload arbitrary\nfiles with privileges of the wiki server execute arbitrary code. \n\n35) Some vulnerabilities in X11 can be exploited by malicious, local\nusers to gain escalated privileges. \n\nFor more information:\nSA27040\nSA28532\n\n36) Some vulnerabilities in libpng can be exploited by malicious\npeople to cause a DoS (Denial of Service). \n\nFor more information:\nSA22900\nSA25292\nSA27093\nSA27130\n\nSOLUTION:\nApply Security Update 2008-002. \n\nSecurity Update 2008-002 v1.0 (PPC):\nhttp://www.apple.com/support/downloads/securityupdate2008002v10ppc.html\n\nSecurity Update 2008-002 v1.0 (Universal):\nhttp://www.apple.com/support/downloads/securityupdate2008002v10universal.html\n\nSecurity Update 2008-002 v1.0 (Leopard):\nhttp://www.apple.com/support/downloads/securityupdate2008002v10leopard.html\n\nSecurity Update 2008-002 v1.0 Server (Leopard):\nhttp://www.apple.com/support/downloads/securityupdate2008002v10serverleopard.html\n\nSecurity Update 2008-002 v1.0 Server (PPC):\nhttp://www.apple.com/support/downloads/securityupdate2008002v10serverppc.html\n\nSecurity Update 2008-002 v1.0 Server (Universal):\nhttp://www.apple.com/support/downloads/securityupdate2008002v10serveruniversal.html\n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits:\n1) Ragnar Sundblad of KTH - Royal Institute of Technology, Stockholm\n11) regenrecht via iDefense\n19) Daniel Jalkut, Red Sweater Software\n22) Brian Mastenbrook\n24) Mike Ash, Rogue Amoeba Software\n29) Maximilian Reiss, Chair for Applied Software Engineering, TUM\n33) Paul Wagland of Redwood Software, and Wayne Linder of Iomega\n\n34) Rodrigo Carvalho CORE Security Technologies\n\nORIGINAL ADVISORY:\nApple:\nhttp://docs.info.apple.com/article.html?artnum=307562\n\nCORE-2008-0123:\nhttp://www.coresecurity.com/?action=item\u0026id=2189\n\nOTHER REFERENCES:\nSA17907:\nhttp://secunia.com/advisories/17907/\n\nSA18008:\nhttp://secunia.com/advisories/18008/\n\nSA21187:\nhttp://secunia.com/advisories/21197/\n\nSA22900:\nhttp://secunia.com/advisories/22900/\n\nSA23347:\nhttp://secunia.com/advisories/23347/\n\nSA24187:\nhttp://secunia.com/advisories/24187/\n\nSA24548:\nhttp://secunia.com/advisories/24548/\n\nSA24891:\nhttp://secunia.com/advisories/24891/\n\nSA25292:\nhttp://secunia.com/advisories/25292/\n\nSA26038:\nhttp://secunia.com/advisories/26038/\n\nSA26530:\nhttp://secunia.com/advisories/26530/\n\nSA26636:\nhttp://secunia.com/advisories/26636/\n\nSA27040:\nhttp://secunia.com/advisories/27040/\n\nSA27093:\nhttp://secunia.com/advisories/27093/\n\nSA27130:\nhttp://secunia.com/advisories/27130/\n\nSA27648:\nhttp://secunia.com/advisories/27648/\n\nSA27508:\nhttp://secunia.com/advisories/27508/\n\nSA27906:\nhttp://secunia.com/advisories/27906/\n\nSA28046:\nhttp://secunia.com/advisories/28046/\n\nSA28117:\nhttp://secunia.com/advisories/28117/\n\nSAS28318:\nhttp://secunia.com/advisories/28318/\n\nSA28532:\nhttp://secunia.com/advisories/28532/\n\nSA28907:\nhttp://secunia.com/advisories/28907/\n\nSA29428:\nhttp://secunia.com/advisories/29428/\n\nSA29431:\nhttp://secunia.com/advisories/29431/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2008-1000"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001199"
},
{
"db": "BID",
"id": "28278"
},
{
"db": "VULHUB",
"id": "VHN-31125"
},
{
"db": "PACKETSTORM",
"id": "64747"
}
],
"trust": 2.07
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-31125",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-31125"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2008-1000",
"trust": 2.8
},
{
"db": "BID",
"id": "28278",
"trust": 2.8
},
{
"db": "SECUNIA",
"id": "29420",
"trust": 2.6
},
{
"db": "SECTRACK",
"id": "1019660",
"trust": 2.5
},
{
"db": "VUPEN",
"id": "ADV-2008-0924",
"trust": 1.7
},
{
"db": "USCERT",
"id": "TA08-079A",
"trust": 0.8
},
{
"db": "USCERT",
"id": "SA08-079A",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001199",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200803-297",
"trust": 0.7
},
{
"db": "APPLE",
"id": "APPLE-SA-2008-03-18",
"trust": 0.6
},
{
"db": "XF",
"id": "41278",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20080318 CORE-2008-0123: LEOPARD SERVER REMOTE PATH TRAVERSAL",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "64689",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "31412",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-31125",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "64747",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-31125"
},
{
"db": "BID",
"id": "28278"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001199"
},
{
"db": "PACKETSTORM",
"id": "64747"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-297"
},
{
"db": "NVD",
"id": "CVE-2008-1000"
}
]
},
"id": "VAR-200803-0242",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-31125"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T20:29:55.663000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security Update 2008-002",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT1249?viewlocale=en_US"
},
{
"title": "Security Update 2008-002",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT1249?viewlocale=ja_JP"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-001199"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-31125"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001199"
},
{
"db": "NVD",
"id": "CVE-2008-1000"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/28278"
},
{
"trust": 2.5,
"url": "http://www.securitytracker.com/id?1019660"
},
{
"trust": 2.5,
"url": "http://secunia.com/advisories/29420"
},
{
"trust": 1.8,
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2008/mar/msg00001.html"
},
{
"trust": 1.6,
"url": "http://www.coresecurity.com/index.php5?module=contentmod\u0026action=item\u0026id=2189"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/489786/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41278"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1000"
},
{
"trust": 0.8,
"url": "http://www.frsirt.com/english/advisories/2008/0924"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta08-079a/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/trta08-079a/index.html"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-1000"
},
{
"trust": 0.8,
"url": "http://www.us-cert.gov/cas/alerts/sa08-079a.html"
},
{
"trust": 0.8,
"url": "http://www.us-cert.gov/cas/techalerts/ta08-079a.html"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/41278"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/489786/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2008/0924/references"
},
{
"trust": 0.4,
"url": "http://www.coresecurity.com/?action=item\u0026id=2189"
},
{
"trust": 0.3,
"url": "http://www.apple.com/server/macosx/"
},
{
"trust": 0.3,
"url": "http://www.apple.com/server/macosx/features/wikis.html"
},
{
"trust": 0.3,
"url": "/archive/1/489786"
},
{
"trust": 0.1,
"url": "http://www.coresecurity.com/index.php5?module=contentmod\u0026amp;action=item\u0026amp;id=2189"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/28046/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/27648/"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/securityupdate2008002v10serveruniversal.html"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/securityupdate2008002v10ppc.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/24891/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/27093/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/29431/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/27906/"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/securityupdate2008002v10universal.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/22900/"
},
{
"trust": 0.1,
"url": "https://psi.secunia.com/?page=changelog"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/21197/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/23347/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/29420/"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/securityupdate2008002v10leopard.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/26038/"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/securityupdate2008002v10serverppc.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/27130/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/28532/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/29428/"
},
{
"trust": 0.1,
"url": "https://psi.secunia.com/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/24187/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/24548/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/26636/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/25292/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/18008/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/27040/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/27508/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/28117/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/28907/"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/securityupdate2008002v10serverleopard.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/96/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/17907/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/26530/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/28318/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-31125"
},
{
"db": "BID",
"id": "28278"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001199"
},
{
"db": "PACKETSTORM",
"id": "64747"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-297"
},
{
"db": "NVD",
"id": "CVE-2008-1000"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-31125"
},
{
"db": "BID",
"id": "28278"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001199"
},
{
"db": "PACKETSTORM",
"id": "64747"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-297"
},
{
"db": "NVD",
"id": "CVE-2008-1000"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-03-18T00:00:00",
"db": "VULHUB",
"id": "VHN-31125"
},
{
"date": "2008-03-18T00:00:00",
"db": "BID",
"id": "28278"
},
{
"date": "2008-04-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-001199"
},
{
"date": "2008-03-20T20:39:31",
"db": "PACKETSTORM",
"id": "64747"
},
{
"date": "2008-03-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200803-297"
},
{
"date": "2008-03-18T23:44:00",
"db": "NVD",
"id": "CVE-2008-1000"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-15T00:00:00",
"db": "VULHUB",
"id": "VHN-31125"
},
{
"date": "2008-03-19T02:40:00",
"db": "BID",
"id": "28278"
},
{
"date": "2008-04-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-001199"
},
{
"date": "2008-10-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200803-297"
},
{
"date": "2024-11-21T00:43:25.423000",
"db": "NVD",
"id": "CVE-2008-1000"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200803-297"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mac OS X of Wiki Server directory and rubber vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-001199"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200803-297"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.