var-200808-0005
Vulnerability from variot
Integer overflow in CoreGraphics in Apple Mac OS X 10.4.11, 10.5.2, and 10.5.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PDF file with a long Type 1 font, which triggers a heap-based buffer overflow. Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2008-005. The security update addresses a total of six new vulnerabilities that affect the CarbonCore, CoreGraphics, Data Detectors Engine, Disk Utility, OpenLDAP, and QuickLook components of Mac OS X. The advisory also contains security updates for 11 previously reported issues. NOTE: This BID is being retired; the following individual records have been created to better document these issues: 30487 Apple Mac OS X CarbonCore Stack Based Buffer Overflow 30488 Apple Mac OS X CoreGraphics Multiple Memory Corruption Vulnerabilities 30489 Apple Mac OS X CoreGraphics Heap Based Buffer Overflow Vulnerability 30490 Apple Mac OS X Data Detectors Engine Denial Of Service Vulnerability 30492 Apple Mac OS X Disk Utility Privilege Escalation Vulnerability 30493 Apple Mac OS X QuickLook Multiple Memory Corruption Vulnerabilities. Attackers can exploit this issue to execute arbitrary code in the context of the affected application. Failed attempts will likely cause denial-of-service conditions.
1) A vulnerability in BIND can be exploited to poison the DNS cache.
For more information: SA30973
2) A boundary error exists in CarbonCore when handling filenames. This can be exploited to cause a stack-based buffer overflow via overly long filenames.
3) Multiple errors exist in CoreGraphics when processing received arguments. These can be exploited to trigger a memory corruption by e.g. tricking a user into visiting a specially crafted website. This can be exploited to cause a heap-based buffer overflow via a specially crafted PDF file.
5) Multiple errors in QuickLook when downloading Microsoft Office files can be exploited to cause a memory corruption.
6) An error exists in the Data Detectors engine when viewing a specially crafted message. This can be exploited to consume overly large resources and trigger an application using the engine to terminate.
7) The problem is that the "Repair Permissions" tool included in Disk Utility sets the "setuid" bit on "/usr/bin/emacs". This can be exploited to execute arbitrary commands with system privileges.
8) An error in OpenLDAP when parsing ASN.1 BER encoded packets can be exploited to cause a DoS.
For more information: SA30853
9) A boundary error exists in the OpenSSL "SSL_get_shared_ciphers()" function.
For more information see vulnerability #4 in: SA22130
10) Some vulnerabilities in PHP can be exploited malicious users to bypass certain security restrictions, and potentially by malicious people to cause a DoS (Denial of Service) or to compromise a vulnerable system.
For more information: SA30048
11) Two vulnerabilities in rsync can be exploited by malicious users to bypass certain security restrictions.
For more information: SA27863
SOLUTION: Apply Security Update 2008-005.
Security Update 2008-005 Server (PPC): http://www.apple.com/support/downloads/securityupdate2008005serverppc.html
Security Update 2008-005 Server (Intel): http://www.apple.com/support/downloads/securityupdate2008005serverintel.html
Security Update 2008-005 (PPC): http://www.apple.com/support/downloads/securityupdate2008005ppc.html
Security Update 2008-005 (Intel): http://www.apple.com/support/downloads/securityupdate2008005intel.html
Security Update 2008-005 (Leopard): http://www.apple.com/support/downloads/securityupdate2008005leopard.html
PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Dan Kaminsky of IOActive 2) Thomas Raffetseder of the International Secure Systems Lab and Sergio 'shadown' Alvarez of n.runs AG. 3) Michal Zalewski, Google 4) Pariente Kobi, reported via iDefense 7) Anton Rang and Brian Timares
ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT2647
OTHER REFERENCES: SA22130: http://secunia.com/advisories/22130/
SA27863: http://secunia.com/advisories/27863/
SA30048: http://secunia.com/advisories/30048/
SA30973: http://secunia.com/advisories/30973/
SA30853: http://secunia.com/advisories/30853/
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. iDefense Security Advisory 07.31.08 http://labs.idefense.com/intelligence/vulnerabilities/ Jul 31, 2008
I. For more information, see the vendor's site found at the following link URL.
http://www.apple.com/macosx/
II.
This vulnerability exists due to the way PDF files containing Type 1 fonts are handled. When processing a font with an overly large length, integer overflow could occur.
III. An attacker could exploit this issue via multiple attack vectors. The most appealing vector for attack is Safari. An attacker could host a malformed PDF file on a website and entice a targeted user to open a URL. Upon opening the URL in Safari the PDF file will be automatically parsed and exploitation will occur. While this is the most appealing attack vector, the file can also be attached to an e-mail. Any application which uses the Apple libraries for file open dialogs will crash upon previewing the malformed PDF document.
IV. Previous versions may also be affected.
V. WORKAROUND
iDefense is currently unaware of any workarounds for this issue.
VI. More information is available at the following URL.
http://support.apple.com/kb/HT2647
VII. CVE INFORMATION
The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2008-2322 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org/), which standardizes names for security problems.
VIII. DISCLOSURE TIMELINE
07/09/2008 Initial vendor notification 07/10/2008 Initial vendor response 07/31/2008 Public disclosure
IX. CREDIT
This vulnerability was reported to iDefense by Pariente Kobi.
Get paid for vulnerability research http://labs.idefense.com/methodology/vulnerability/vcp.php
Free tools, research and upcoming events http://labs.idefense.com/
X. LEGAL NOTICES
Copyright \xa9 2008 iDefense, Inc.
Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDefense. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please e-mail customerservice@idefense.com for permission.
Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200808-0005",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "coregraphics",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "*"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.4.11"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.5.4"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.4.11"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.5.4"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.5.4"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.5.3"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.5.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.5.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.4.11"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.4.10"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.4.9"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.4.8"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.4.7"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.4.6"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.4.5"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.4.4"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.4.3"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.4.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.4.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.4"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.5.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.5.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.5.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.5.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.4.11"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.4.10"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.4.9"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.4.8"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.4.7"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.4.6"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.4.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.4.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.4.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.4.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.4.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.5"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "10.5.4"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "10.4.11"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "10.5.4"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "10.4.11"
}
],
"sources": [
{
"db": "BID",
"id": "30483"
},
{
"db": "BID",
"id": "30489"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001599"
},
{
"db": "CNNVD",
"id": "CNNVD-200808-026"
},
{
"db": "NVD",
"id": "CVE-2008-2322"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:apple:mac_os_x",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:mac_os_x_server",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-001599"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Pariente Kobi",
"sources": [
{
"db": "BID",
"id": "30489"
},
{
"db": "CNNVD",
"id": "CNNVD-200808-026"
}
],
"trust": 0.9
},
"cve": "CVE-2008-2322",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2008-2322",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2008-2322",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-32447",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2008-2322",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2008-2322",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200808-026",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-32447",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2008-2322",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-32447"
},
{
"db": "VULMON",
"id": "CVE-2008-2322"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001599"
},
{
"db": "CNNVD",
"id": "CNNVD-200808-026"
},
{
"db": "NVD",
"id": "CVE-2008-2322"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Integer overflow in CoreGraphics in Apple Mac OS X 10.4.11, 10.5.2, and 10.5.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PDF file with a long Type 1 font, which triggers a heap-based buffer overflow. Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2008-005. \nThe security update addresses a total of six new vulnerabilities that affect the CarbonCore, CoreGraphics, Data Detectors Engine, Disk Utility, OpenLDAP, and QuickLook components of Mac OS X. The advisory also contains security updates for 11 previously reported issues. \nNOTE: This BID is being retired; the following individual records have been created to better document these issues:\n30487 Apple Mac OS X CarbonCore Stack Based Buffer Overflow\n30488 Apple Mac OS X CoreGraphics Multiple Memory Corruption Vulnerabilities\n30489 Apple Mac OS X CoreGraphics Heap Based Buffer Overflow Vulnerability\n30490 Apple Mac OS X Data Detectors Engine Denial Of Service Vulnerability\n30492 Apple Mac OS X Disk Utility Privilege Escalation Vulnerability\n30493 Apple Mac OS X QuickLook Multiple Memory Corruption Vulnerabilities. \nAttackers can exploit this issue to execute arbitrary code in the context of the affected application. Failed attempts will likely cause denial-of-service conditions. \n\n1) A vulnerability in BIND can be exploited to poison the DNS cache. \n\nFor more information:\nSA30973\n\n2) A boundary error exists in CarbonCore when handling filenames. \nThis can be exploited to cause a stack-based buffer overflow via\noverly long filenames. \n\n3) Multiple errors exist in CoreGraphics when processing received\narguments. These can be exploited to trigger a memory corruption by\ne.g. tricking a user into visiting a specially crafted website. This can be exploited to cause a heap-based buffer overflow via\na specially crafted PDF file. \n\n5) Multiple errors in QuickLook when downloading Microsoft Office\nfiles can be exploited to cause a memory corruption. \n\n6) An error exists in the Data Detectors engine when viewing a\nspecially crafted message. This can be exploited to consume overly\nlarge resources and trigger an application using the engine to\nterminate. \n\n7) The problem is that the \"Repair Permissions\" tool included in Disk\nUtility sets the \"setuid\" bit on \"/usr/bin/emacs\". This can be\nexploited to execute arbitrary commands with system privileges. \n\n8) An error in OpenLDAP when parsing ASN.1 BER encoded packets can be\nexploited to cause a DoS. \n\nFor more information:\nSA30853\n\n9) A boundary error exists in the OpenSSL \"SSL_get_shared_ciphers()\"\nfunction. \n\nFor more information see vulnerability #4 in:\nSA22130\n\n10) Some vulnerabilities in PHP can be exploited malicious users to\nbypass certain security restrictions, and potentially by malicious\npeople to cause a DoS (Denial of Service) or to compromise a\nvulnerable system. \n\nFor more information:\nSA30048\n\n11) Two vulnerabilities in rsync can be exploited by malicious users\nto bypass certain security restrictions. \n\nFor more information:\nSA27863\n\nSOLUTION:\nApply Security Update 2008-005. \n\nSecurity Update 2008-005 Server (PPC):\nhttp://www.apple.com/support/downloads/securityupdate2008005serverppc.html\n\nSecurity Update 2008-005 Server (Intel):\nhttp://www.apple.com/support/downloads/securityupdate2008005serverintel.html\n\nSecurity Update 2008-005 (PPC):\nhttp://www.apple.com/support/downloads/securityupdate2008005ppc.html\n\nSecurity Update 2008-005 (Intel):\nhttp://www.apple.com/support/downloads/securityupdate2008005intel.html\n\nSecurity Update 2008-005 (Leopard):\nhttp://www.apple.com/support/downloads/securityupdate2008005leopard.html\n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits:\n1) Dan Kaminsky of IOActive\n2) Thomas Raffetseder of the International Secure Systems Lab and\nSergio \u0027shadown\u0027 Alvarez of n.runs AG. \n3) Michal Zalewski, Google\n4) Pariente Kobi, reported via iDefense\n7) Anton Rang and Brian Timares\n\nORIGINAL ADVISORY:\nApple:\nhttp://support.apple.com/kb/HT2647\n\nOTHER REFERENCES:\nSA22130:\nhttp://secunia.com/advisories/22130/\n\nSA27863:\nhttp://secunia.com/advisories/27863/\n\nSA30048:\nhttp://secunia.com/advisories/30048/\n\nSA30973:\nhttp://secunia.com/advisories/30973/\n\nSA30853:\nhttp://secunia.com/advisories/30853/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. iDefense Security Advisory 07.31.08\nhttp://labs.idefense.com/intelligence/vulnerabilities/\nJul 31, 2008\n\nI. For more information, see the vendor\u0027s site\nfound at the following link URL. \n\nhttp://www.apple.com/macosx/\n\nII. \n\nThis vulnerability exists due to the way PDF files containing Type 1\nfonts are handled. When processing a font with an overly large length,\ninteger overflow could occur. \n\nIII. \nAn attacker could exploit this issue via multiple attack vectors. The\nmost appealing vector for attack is Safari. An attacker could host a\nmalformed PDF file on a website and entice a targeted user to open a\nURL. Upon opening the URL in Safari the PDF file will be automatically\nparsed and exploitation will occur. While this is the most appealing\nattack vector, the file can also be attached to an e-mail. Any\napplication which uses the Apple libraries for file open dialogs will\ncrash upon previewing the malformed PDF document. \n\nIV. Previous versions may also be affected. \n\nV. WORKAROUND\n\niDefense is currently unaware of any workarounds for this issue. \n\nVI. More information is available at the following URL. \n\nhttp://support.apple.com/kb/HT2647\n\nVII. CVE INFORMATION\n\nThe Common Vulnerabilities and Exposures (CVE) project has assigned the\nname CVE-2008-2322 to this issue. This is a candidate for inclusion in\nthe CVE list (http://cve.mitre.org/), which standardizes names for\nsecurity problems. \n\nVIII. DISCLOSURE TIMELINE\n\n07/09/2008 Initial vendor notification\n07/10/2008 Initial vendor response\n07/31/2008 Public disclosure\n\nIX. CREDIT\n\nThis vulnerability was reported to iDefense by Pariente Kobi. \n\nGet paid for vulnerability research\nhttp://labs.idefense.com/methodology/vulnerability/vcp.php\n\nFree tools, research and upcoming events\nhttp://labs.idefense.com/\n\nX. LEGAL NOTICES\n\nCopyright \\xa9 2008 iDefense, Inc. \n\nPermission is granted for the redistribution of this alert\nelectronically. It may not be edited in any way without the express\nwritten consent of iDefense. If you wish to reprint the whole or any\npart of this alert in any other medium other than electronically,\nplease e-mail customerservice@idefense.com for permission. \n\nDisclaimer: The information in the advisory is believed to be accurate\nat the time of publishing based on currently available information. Use\nof the information constitutes acceptance for use in an AS IS condition. \n There are no warranties with regard to this information. Neither the\nauthor nor the publisher accepts any liability for any direct,\nindirect, or consequential loss or damage arising from use of, or\nreliance on, this information",
"sources": [
{
"db": "NVD",
"id": "CVE-2008-2322"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001599"
},
{
"db": "BID",
"id": "30483"
},
{
"db": "BID",
"id": "30489"
},
{
"db": "VULHUB",
"id": "VHN-32447"
},
{
"db": "VULMON",
"id": "CVE-2008-2322"
},
{
"db": "PACKETSTORM",
"id": "68761"
},
{
"db": "PACKETSTORM",
"id": "68756"
}
],
"trust": 2.52
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-32447",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-32447"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2008-2322",
"trust": 3.3
},
{
"db": "BID",
"id": "30489",
"trust": 2.9
},
{
"db": "SECUNIA",
"id": "31326",
"trust": 2.7
},
{
"db": "BID",
"id": "30483",
"trust": 2.1
},
{
"db": "VUPEN",
"id": "ADV-2008-2268",
"trust": 1.8
},
{
"db": "SECTRACK",
"id": "1020604",
"trust": 1.8
},
{
"db": "XF",
"id": "44128",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001599",
"trust": 0.8
},
{
"db": "IDEFENSE",
"id": "20080731 APPLE MAC OS X COREGRAPHICS PDF TYPE1 FONT INTEGER OVERFLOW VULNERABILITY",
"trust": 0.6
},
{
"db": "APPLE",
"id": "APPLE-SA-2008-07-31",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200808-026",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "68756",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-32447",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2008-2322",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "68761",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-32447"
},
{
"db": "VULMON",
"id": "CVE-2008-2322"
},
{
"db": "BID",
"id": "30483"
},
{
"db": "BID",
"id": "30489"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001599"
},
{
"db": "PACKETSTORM",
"id": "68761"
},
{
"db": "PACKETSTORM",
"id": "68756"
},
{
"db": "CNNVD",
"id": "CNNVD-200808-026"
},
{
"db": "NVD",
"id": "CVE-2008-2322"
}
]
},
"id": "VAR-200808-0005",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-32447"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T20:21:54.630000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security Update 2008-005",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT2647"
},
{
"title": "Security Update 2008-005",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT2647?viewlocale=ja_JP"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/0xCyberY/CVE-T4PDF "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2008-2322"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001599"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-189",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-32447"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001599"
},
{
"db": "NVD",
"id": "CVE-2008-2322"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "http://www.securityfocus.com/bid/30489"
},
{
"trust": 2.6,
"url": "http://secunia.com/advisories/31326"
},
{
"trust": 2.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=730"
},
{
"trust": 1.8,
"url": "http://lists.apple.com/archives/security-announce//2008/jul/msg00003.html"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/30483"
},
{
"trust": 1.8,
"url": "http://www.securitytracker.com/id?1020604"
},
{
"trust": 1.4,
"url": "http://www.frsirt.com/english/advisories/2008/2268"
},
{
"trust": 1.4,
"url": "http://xforce.iss.net/xforce/xfdb/44128"
},
{
"trust": 1.2,
"url": "http://www.vupen.com/english/advisories/2008/2268"
},
{
"trust": 1.2,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44128"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-2322"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-2322"
},
{
"trust": 0.7,
"url": "http://www.apple.com/macosx/"
},
{
"trust": 0.3,
"url": "/archive/1/495041"
},
{
"trust": 0.2,
"url": "http://support.apple.com/kb/ht2647"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/189.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/0xcybery/cve-t4pdf"
},
{
"trust": 0.1,
"url": "http://corporate.secunia.com/about_secunia/64/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/27863/"
},
{
"trust": 0.1,
"url": "http://secunia.com/hardcore_disassembler_and_reverse_engineer/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_specialist/"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/securityupdate2008005leopard.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/securityupdate2008005serverintel.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/22130/"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/30048/"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/securityupdate2008005intel.html"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/securityupdate2008005serverppc.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/30853/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/30973/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/31326/"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/securityupdate2008005ppc.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/96/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-2322"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/),"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/methodology/vulnerability/vcp.php"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-32447"
},
{
"db": "VULMON",
"id": "CVE-2008-2322"
},
{
"db": "BID",
"id": "30483"
},
{
"db": "BID",
"id": "30489"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001599"
},
{
"db": "PACKETSTORM",
"id": "68761"
},
{
"db": "PACKETSTORM",
"id": "68756"
},
{
"db": "CNNVD",
"id": "CNNVD-200808-026"
},
{
"db": "NVD",
"id": "CVE-2008-2322"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-32447"
},
{
"db": "VULMON",
"id": "CVE-2008-2322"
},
{
"db": "BID",
"id": "30483"
},
{
"db": "BID",
"id": "30489"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001599"
},
{
"db": "PACKETSTORM",
"id": "68761"
},
{
"db": "PACKETSTORM",
"id": "68756"
},
{
"db": "CNNVD",
"id": "CNNVD-200808-026"
},
{
"db": "NVD",
"id": "CVE-2008-2322"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-08-04T00:00:00",
"db": "VULHUB",
"id": "VHN-32447"
},
{
"date": "2008-08-04T00:00:00",
"db": "VULMON",
"id": "CVE-2008-2322"
},
{
"date": "2008-07-31T00:00:00",
"db": "BID",
"id": "30483"
},
{
"date": "2008-07-31T00:00:00",
"db": "BID",
"id": "30489"
},
{
"date": "2008-09-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-001599"
},
{
"date": "2008-08-01T22:41:42",
"db": "PACKETSTORM",
"id": "68761"
},
{
"date": "2008-08-01T21:52:41",
"db": "PACKETSTORM",
"id": "68756"
},
{
"date": "2008-07-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200808-026"
},
{
"date": "2008-08-04T01:41:00",
"db": "NVD",
"id": "CVE-2008-2322"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-08T00:00:00",
"db": "VULHUB",
"id": "VHN-32447"
},
{
"date": "2017-08-08T00:00:00",
"db": "VULMON",
"id": "CVE-2008-2322"
},
{
"date": "2008-08-01T17:57:00",
"db": "BID",
"id": "30483"
},
{
"date": "2008-08-01T19:37:00",
"db": "BID",
"id": "30489"
},
{
"date": "2008-09-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-001599"
},
{
"date": "2008-09-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200808-026"
},
{
"date": "2024-11-21T00:46:36.773000",
"db": "NVD",
"id": "CVE-2008-2322"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "68756"
},
{
"db": "CNNVD",
"id": "CNNVD-200808-026"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple Mac OS X of CoreGraphics Integer overflow vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-001599"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "digital error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200808-026"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.