var-200809-0573
Vulnerability from variot
Use-after-free vulnerability in WebKit in Apple iPod touch 1.1 through 2.0.2, and iPhone 1.0 through 2.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a web page with crafted Cascading Style Sheets (CSS) import statements. Apple iPod touch and iPhone are prone to multiple remote vulnerabilities: 1. A vulnerability that may allow users to spoof websites. 2. An information-disclosure vulnerability. 3. A remote code-execution vulnerability. Successfully exploiting these issues may allow attackers to execute arbitrary code, crash the affected application, obtain sensitive information, or direct unsuspecting victims to a spoofed site; other attacks are also possible. These issues affect versions prior to iPod touch 2.1 and iPhone 2.1.
1) An error in the application sandbox causes it to not properly enforce access restrictions between third-party applications. This can be exploited by one application to read another application's files.
2) Multiple errors exist in the included version of FreeType, which potentially can be exploited by malicious people to execute arbitrary code when accessing specially crafted font data.
For more information: SA30600
3) mDNSResponder does not provide sufficient randomization, which can be exploited to poison the DNS cache.
For more information: SA30973
4) Generation of predictable TCP initial sequence numbers can be exploited to spoof TCP connections or hijack sessions. 3) The vendor credits Dan Kaminsky, IOActive.
For more information: SA31823
An error in the handling of emergency calls has also been reported. This can be exploited to bypass the Passcode Lock feature and allows users with physical access to an iPhone to launch applications without the passcode. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability intelligence source on the market.
Implement it through Secunia.
For more information visit: http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com
TITLE: Apple Safari Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA35379
VERIFY ADVISORY: http://secunia.com/advisories/35379/
DESCRIPTION: Some vulnerabilities have been reported in Apple Safari, which can be exploited by malicious people to disclose sensitive information or compromise a user's system.
1) An error in the handling of TrueType fonts can be exploited to corrupt memory when a user visits a web site embedding a specially crafted font.
Successful exploitation may allow execution of arbitrary code.
2) Some vulnerabilities in FreeType can potentially be exploited to compromise a user's system.
For more information: SA34723
3) Some vulnerabilities in libpng can potentially be exploited to compromise a user's system.
For more information: SA33970
4) An error in the processing of external entities in XML files can be exploited to read files from the user's system when a users visits a specially crafted web page.
Other vulnerabilities have also been reported of which some may also affect Safari version 3.x.
SOLUTION: Upgrade to Safari version 4, which fixes the vulnerabilities.
PROVIDED AND/OR DISCOVERED BY: 1-3) Tavis Ormandy 4) Chris Evans of Google Inc.
ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT3613
Chris Evans: http://scary.beasts.org/security/CESA-2009-006.html
OTHER REFERENCES: SA33970: http://secunia.com/advisories/33970/
SA34723: http://secunia.com/advisories/34723/
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. =========================================================== Ubuntu Security Notice USN-676-1 November 24, 2008 webkit vulnerability CVE-2008-3632 ===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 8.10
This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the following package versions:
Ubuntu 8.10: libwebkit-1.0-1 1.0.1-2ubuntu0.1
After a standard system upgrade you need to restart any applications that use WebKit, such as Epiphany-webkit and Midori, to effect the necessary changes
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200809-0573",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ipod touch",
"scope": "eq",
"trust": 1.9,
"vendor": "apple",
"version": "2.0"
},
{
"model": "ipod touch",
"scope": "eq",
"trust": 1.9,
"vendor": "apple",
"version": "1.1"
},
{
"model": "iphone",
"scope": "eq",
"trust": 1.9,
"vendor": "apple",
"version": "2.0.2"
},
{
"model": "iphone",
"scope": "eq",
"trust": 1.9,
"vendor": "apple",
"version": "2.0.1"
},
{
"model": "iphone",
"scope": "eq",
"trust": 1.9,
"vendor": "apple",
"version": "1.1.4"
},
{
"model": "iphone",
"scope": "eq",
"trust": 1.9,
"vendor": "apple",
"version": "1.1.3"
},
{
"model": "iphone",
"scope": "eq",
"trust": 1.9,
"vendor": "apple",
"version": "2.0"
},
{
"model": "iphone",
"scope": "eq",
"trust": 1.9,
"vendor": "apple",
"version": "1.1"
},
{
"model": "ipod touch",
"scope": "eq",
"trust": 1.3,
"vendor": "apple",
"version": "2.0.2"
},
{
"model": "ipod touch",
"scope": "eq",
"trust": 1.3,
"vendor": "apple",
"version": "2.0.1"
},
{
"model": "ipod touch",
"scope": "eq",
"trust": 1.3,
"vendor": "apple",
"version": "1.1.4"
},
{
"model": "ipod touch",
"scope": "eq",
"trust": 1.3,
"vendor": "apple",
"version": "1.1.3"
},
{
"model": "ipod touch",
"scope": "eq",
"trust": 1.3,
"vendor": "apple",
"version": "1.1.2"
},
{
"model": "ipod touch",
"scope": "eq",
"trust": 1.3,
"vendor": "apple",
"version": "1.1.1"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "1.1.1"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "1.1.2"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.9,
"vendor": "apple",
"version": "1.1.2"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.9,
"vendor": "apple",
"version": "1.1.1"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.4.11"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.5.7"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.4.11"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.5.7"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v1.0 to v2.0.2"
},
{
"model": "ipod touch",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v1.1 to v2.0.2"
},
{
"model": "safari",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "4.0"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.10"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.10"
},
{
"model": "linux lpia",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.10"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.10"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.10"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.3"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.2"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1.2"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1.1"
},
{
"model": "safari beta for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.0.4"
},
{
"model": "safari beta for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.0.3"
},
{
"model": "safari beta",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.0.3"
},
{
"model": "safari beta for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.0.2"
},
{
"model": "safari beta",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.0.2"
},
{
"model": "safari beta for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.0.1"
},
{
"model": "safari beta",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.0.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0.4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.3.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.3.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.2.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.2.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.2.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.0"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1"
},
{
"model": "safari beta for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3"
},
{
"model": "safari beta",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3"
},
{
"model": "ipod touch",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.0.2"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.0.1"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "safari for windows",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "4"
},
{
"model": "safari",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "4"
},
{
"model": "ipod touch",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "2.1"
},
{
"model": "iphone",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "2.1"
}
],
"sources": [
{
"db": "BID",
"id": "31092"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001691"
},
{
"db": "CNNVD",
"id": "CNNVD-200809-127"
},
{
"db": "NVD",
"id": "CVE-2008-3632"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:apple:mac_os_x",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:mac_os_x_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:apple:iphone",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:apple:ipod_touch",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:apple:safari",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-001691"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Nicolas SeriotBryce Cogswell",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200809-127"
}
],
"trust": 0.6
},
"cve": "CVE-2008-3632",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2008-3632",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-33757",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2008-3632",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2008-3632",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200809-127",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-33757",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-33757"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001691"
},
{
"db": "CNNVD",
"id": "CNNVD-200809-127"
},
{
"db": "NVD",
"id": "CVE-2008-3632"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Use-after-free vulnerability in WebKit in Apple iPod touch 1.1 through 2.0.2, and iPhone 1.0 through 2.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a web page with crafted Cascading Style Sheets (CSS) import statements. Apple iPod touch and iPhone are prone to multiple remote vulnerabilities:\n1. A vulnerability that may allow users to spoof websites. \n2. An information-disclosure vulnerability. \n3. A remote code-execution vulnerability. \nSuccessfully exploiting these issues may allow attackers to execute arbitrary code, crash the affected application, obtain sensitive information, or direct unsuspecting victims to a spoofed site; other attacks are also possible. \nThese issues affect versions prior to iPod touch 2.1 and iPhone 2.1. \n\n1) An error in the application sandbox causes it to not properly\nenforce access restrictions between third-party applications. This\ncan be exploited by one application to read another application\u0027s\nfiles. \n\n2) Multiple errors exist in the included version of FreeType, which\npotentially can be exploited by malicious people to execute arbitrary\ncode when accessing specially crafted font data. \n\nFor more information:\nSA30600\n\n3) mDNSResponder does not provide sufficient randomization, which can\nbe exploited to poison the DNS cache. \n\nFor more information:\nSA30973\n\n4) Generation of predictable TCP initial sequence numbers can be\nexploited to spoof TCP connections or hijack sessions. \n3) The vendor credits Dan Kaminsky, IOActive. \n\nFor more information:\nSA31823\n\nAn error in the handling of emergency calls has also been reported. \nThis can be exploited to bypass the Passcode Lock feature and allows\nusers with physical access to an iPhone to launch applications\nwithout the passcode. ----------------------------------------------------------------------\n\nDo you have VARM strategy implemented?\n\n(Vulnerability Assessment Remediation Management) \n\nIf not, then implement it through the most reliable vulnerability\nintelligence source on the market. \n\nImplement it through Secunia. \n\nFor more information visit:\nhttp://secunia.com/advisories/business_solutions/\n\nAlternatively request a call from a Secunia representative today to\ndiscuss how we can help you with our capabilities contact us at:\nsales@secunia.com\n\n----------------------------------------------------------------------\n\nTITLE:\nApple Safari Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA35379\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/35379/\n\nDESCRIPTION:\nSome vulnerabilities have been reported in Apple Safari, which can be\nexploited by malicious people to disclose sensitive information or\ncompromise a user\u0027s system. \n\n1) An error in the handling of TrueType fonts can be exploited to\ncorrupt memory when a user visits a web site embedding a specially\ncrafted font. \n\nSuccessful exploitation may allow execution of arbitrary code. \n\n2) Some vulnerabilities in FreeType can potentially be exploited to\ncompromise a user\u0027s system. \n\nFor more information:\nSA34723\n\n3) Some vulnerabilities in libpng can potentially be exploited to\ncompromise a user\u0027s system. \n\nFor more information:\nSA33970\n\n4) An error in the processing of external entities in XML files can\nbe exploited to read files from the user\u0027s system when a users visits\na specially crafted web page. \n\nOther vulnerabilities have also been reported of which some may also\naffect Safari version 3.x. \n\nSOLUTION:\nUpgrade to Safari version 4, which fixes the vulnerabilities. \n\nPROVIDED AND/OR DISCOVERED BY:\n1-3) Tavis Ormandy\n4) Chris Evans of Google Inc. \n\nORIGINAL ADVISORY:\nApple:\nhttp://support.apple.com/kb/HT3613\n\nChris Evans:\nhttp://scary.beasts.org/security/CESA-2009-006.html\n\nOTHER REFERENCES:\nSA33970:\nhttp://secunia.com/advisories/33970/\n\nSA34723:\nhttp://secunia.com/advisories/34723/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. ===========================================================\nUbuntu Security Notice USN-676-1 November 24, 2008\nwebkit vulnerability\nCVE-2008-3632\n===========================================================\n\nA security issue affects the following Ubuntu releases:\n\nUbuntu 8.10\n\nThis advisory also applies to the corresponding versions of\nKubuntu, Edubuntu, and Xubuntu. \n\nThe problem can be corrected by upgrading your system to the\nfollowing package versions:\n\nUbuntu 8.10:\n libwebkit-1.0-1 1.0.1-2ubuntu0.1\n\nAfter a standard system upgrade you need to restart any applications that\nuse WebKit, such as Epiphany-webkit and Midori, to effect the necessary\nchanges",
"sources": [
{
"db": "NVD",
"id": "CVE-2008-3632"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001691"
},
{
"db": "BID",
"id": "31092"
},
{
"db": "VULHUB",
"id": "VHN-33757"
},
{
"db": "PACKETSTORM",
"id": "72304"
},
{
"db": "PACKETSTORM",
"id": "69846"
},
{
"db": "PACKETSTORM",
"id": "70006"
},
{
"db": "PACKETSTORM",
"id": "70466"
},
{
"db": "PACKETSTORM",
"id": "78192"
},
{
"db": "PACKETSTORM",
"id": "72219"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2008-3632",
"trust": 2.9
},
{
"db": "BID",
"id": "31092",
"trust": 2.8
},
{
"db": "SECUNIA",
"id": "31823",
"trust": 2.6
},
{
"db": "SECUNIA",
"id": "31900",
"trust": 2.6
},
{
"db": "SECUNIA",
"id": "32860",
"trust": 1.8
},
{
"db": "SECUNIA",
"id": "35379",
"trust": 1.8
},
{
"db": "SECUNIA",
"id": "32099",
"trust": 1.8
},
{
"db": "VUPEN",
"id": "ADV-2009-1522",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2008-2558",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2008-2525",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1020847",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001691",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200809-127",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "72219",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-33757",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "72304",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "69846",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "70006",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "70466",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "78192",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-33757"
},
{
"db": "BID",
"id": "31092"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001691"
},
{
"db": "PACKETSTORM",
"id": "72304"
},
{
"db": "PACKETSTORM",
"id": "69846"
},
{
"db": "PACKETSTORM",
"id": "70006"
},
{
"db": "PACKETSTORM",
"id": "70466"
},
{
"db": "PACKETSTORM",
"id": "78192"
},
{
"db": "PACKETSTORM",
"id": "72219"
},
{
"db": "CNNVD",
"id": "CNNVD-200809-127"
},
{
"db": "NVD",
"id": "CVE-2008-3632"
}
]
},
"id": "VAR-200809-0573",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-33757"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T19:32:55.985000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT3129",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT3129"
},
{
"title": "HT3613",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT3613"
},
{
"title": "HT3026",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT3026"
},
{
"title": "HT3026",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT3026?locale=ja_JP"
},
{
"title": "HT3129",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT3129?locale=ja_JP"
},
{
"title": "HT3613",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT3613?viewlocale=ja_JP"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-001691"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-399",
"trust": 1.1
},
{
"problemtype": "CWE-20",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-33757"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001691"
},
{
"db": "NVD",
"id": "CVE-2008-3632"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/31092"
},
{
"trust": 2.5,
"url": "http://secunia.com/advisories/31823"
},
{
"trust": 2.5,
"url": "http://secunia.com/advisories/31900"
},
{
"trust": 1.8,
"url": "http://support.apple.com/kb/ht3026"
},
{
"trust": 1.8,
"url": "http://support.apple.com/kb/ht3129"
},
{
"trust": 1.8,
"url": "http://support.apple.com/kb/ht3613"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce//2008/sep/msg00003.html"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce//2008/sep/msg00004.html"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1020847"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/32099"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/32860"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/35379"
},
{
"trust": 1.7,
"url": "http://www.ubuntu.com/usn/usn-676-1"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2008/2525"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2008/2558"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2009/1522"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3632"
},
{
"trust": 0.8,
"url": "http://www.frsirt.com/english/advisories/2008/2558"
},
{
"trust": 0.8,
"url": "http://www.frsirt.com/english/advisories/2008/2525"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-3632"
},
{
"trust": 0.5,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.5,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.5,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.3,
"url": "http://www.apple.com/ipodtouch/"
},
{
"trust": 0.3,
"url": "http://secunia.com/advisories/31823/"
},
{
"trust": 0.2,
"url": "http://security.ubuntu.com/ubuntu/pool/main/w/webkit/webkit_1.0.1-2ubuntu0.1.dsc"
},
{
"trust": 0.2,
"url": "http://ports.ubuntu.com/pool/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-2ubuntu0.1_sparc.deb"
},
{
"trust": 0.2,
"url": "http://security.ubuntu.com/ubuntu/pool/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-2ubuntu0.1_amd64.deb"
},
{
"trust": 0.2,
"url": "http://security.ubuntu.com/ubuntu/pool/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-2ubuntu0.1_i386.deb"
},
{
"trust": 0.2,
"url": "http://ports.ubuntu.com/pool/main/w/webkit/libwebkit-1.0-1_1.0.1-2ubuntu0.1_powerpc.deb"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/business_solutions/"
},
{
"trust": 0.2,
"url": "http://ports.ubuntu.com/pool/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-2ubuntu0.1_lpia.deb"
},
{
"trust": 0.2,
"url": "http://security.ubuntu.com/ubuntu/pool/main/w/webkit/webkit_1.0.1-2ubuntu0.1.diff.gz"
},
{
"trust": 0.2,
"url": "http://ports.ubuntu.com/pool/main/w/webkit/libwebkit-1.0-1_1.0.1-2ubuntu0.1_lpia.deb"
},
{
"trust": 0.2,
"url": "http://security.ubuntu.com/ubuntu/pool/main/w/webkit/libwebkit-dev_1.0.1-2ubuntu0.1_all.deb"
},
{
"trust": 0.2,
"url": "http://ports.ubuntu.com/pool/main/w/webkit/libwebkit-1.0-1_1.0.1-2ubuntu0.1_sparc.deb"
},
{
"trust": 0.2,
"url": "http://security.ubuntu.com/ubuntu/pool/main/w/webkit/webkit_1.0.1.orig.tar.gz"
},
{
"trust": 0.2,
"url": "http://ports.ubuntu.com/pool/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-2ubuntu0.1_powerpc.deb"
},
{
"trust": 0.2,
"url": "http://security.ubuntu.com/ubuntu/pool/main/w/webkit/libwebkit-1.0-1_1.0.1-2ubuntu0.1_i386.deb"
},
{
"trust": 0.2,
"url": "http://security.ubuntu.com/ubuntu/pool/main/w/webkit/libwebkit-1.0-1_1.0.1-2ubuntu0.1_amd64.deb"
},
{
"trust": 0.2,
"url": "http://secunia.com/binary_analysis/sample_analysis/"
},
{
"trust": 0.1,
"url": "https://lists.ubuntu.com/archives/ubuntu-security-announce/2008-november/000786.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/product/20299/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/32860/"
},
{
"trust": 0.1,
"url": "http://secunia.com/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/30973/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/product/16074/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/30600/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/31900/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/product/15128/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/product/4664/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/product/13375/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/30957/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/31330/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/product/4118/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/32099/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/30627/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/product/19180/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/product/12192/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/product/16124/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/35379/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/33970/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/34723/"
},
{
"trust": 0.1,
"url": "http://scary.beasts.org/security/cesa-2009-006.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-3632"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-33757"
},
{
"db": "BID",
"id": "31092"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001691"
},
{
"db": "PACKETSTORM",
"id": "72304"
},
{
"db": "PACKETSTORM",
"id": "69846"
},
{
"db": "PACKETSTORM",
"id": "70006"
},
{
"db": "PACKETSTORM",
"id": "70466"
},
{
"db": "PACKETSTORM",
"id": "78192"
},
{
"db": "PACKETSTORM",
"id": "72219"
},
{
"db": "CNNVD",
"id": "CNNVD-200809-127"
},
{
"db": "NVD",
"id": "CVE-2008-3632"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-33757"
},
{
"db": "BID",
"id": "31092"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001691"
},
{
"db": "PACKETSTORM",
"id": "72304"
},
{
"db": "PACKETSTORM",
"id": "69846"
},
{
"db": "PACKETSTORM",
"id": "70006"
},
{
"db": "PACKETSTORM",
"id": "70466"
},
{
"db": "PACKETSTORM",
"id": "78192"
},
{
"db": "PACKETSTORM",
"id": "72219"
},
{
"db": "CNNVD",
"id": "CNNVD-200809-127"
},
{
"db": "NVD",
"id": "CVE-2008-3632"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-09-11T00:00:00",
"db": "VULHUB",
"id": "VHN-33757"
},
{
"date": "2008-09-09T00:00:00",
"db": "BID",
"id": "31092"
},
{
"date": "2008-09-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-001691"
},
{
"date": "2008-11-25T17:53:04",
"db": "PACKETSTORM",
"id": "72304"
},
{
"date": "2008-09-11T04:44:10",
"db": "PACKETSTORM",
"id": "69846"
},
{
"date": "2008-09-16T00:07:21",
"db": "PACKETSTORM",
"id": "70006"
},
{
"date": "2008-09-30T23:23:28",
"db": "PACKETSTORM",
"id": "70466"
},
{
"date": "2009-06-10T12:30:42",
"db": "PACKETSTORM",
"id": "78192"
},
{
"date": "2008-11-24T19:26:05",
"db": "PACKETSTORM",
"id": "72219"
},
{
"date": "2008-09-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200809-127"
},
{
"date": "2008-09-11T01:13:09.960000",
"db": "NVD",
"id": "CVE-2008-3632"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-10-31T00:00:00",
"db": "VULHUB",
"id": "VHN-33757"
},
{
"date": "2009-06-09T16:59:00",
"db": "BID",
"id": "31092"
},
{
"date": "2009-07-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-001691"
},
{
"date": "2022-08-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200809-127"
},
{
"date": "2024-11-21T00:49:44.290000",
"db": "NVD",
"id": "CVE-2008-3632"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200809-127"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple iPod touch and iPhone of WebKit In Cascading Style sheet (CSS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-001691"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200809-127"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…