ID

VAR-200805-0590

CVE

CVE-2008-1580

TITLE

Apple Mac OS X of Safari of CFNetwork In Web Vulnerability that leaks important information to the site

DESCRIPTION

CFNetwork in Safari in Apple Mac OS X before 10.5.3 automatically sends an SSL client certificate in response to a web server's certificate request, which allows remote web sites to obtain sensitive information (Subject data) from personally identifiable certificates, and use arbitrary certificates to track user activities across domains, a related issue to CVE-2007-4879. Web A vulnerability that leaks to the site exists.Malicious Web Your site may receive important information and track user behavior across domains. Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2008-003 and Mac OS X/Mac OS X Server 10.5.3. The security update addresses a total of 19 new vulnerabilities that affect the AFP Server, AppKit, Apple Pixlet Video, ATS, CFNetwork, CoreFoundation, CoreGraphics, CoreTypes, CUPS, Help Viewer, iCal, International Components for Unicode, Image Capture, ImageIO, Kernel, Mail, Single Sign-On, and Wiki Server components of Mac OS X. NOTE: This BID is being retired; the following individual records have been created to better document the issues: 29480 Apple Mac OS X CoreGraphics PDF Handling Code Execution Vulnerability 29481 Apple Mac OS X CoreTypes Unsafe Content Warning Weakness 29483 Apple Mac OS X Help Viewer 'help:topic' URI Buffer Overflow Vulnerability 29484 Apple Mac OS X CUPS Debug Logging Information Disclosure Vulnerability 29486 Apple Mac OS X iCal '.ics' File Handling Remote Code Execution Vulnerability 29487 Apple Mac OS X AppKit Malformed File Remote Code Execution Vulnerability 29488 Apple Mac OS X International Components for Unicode Information Disclosure Vulnerability 29489 Apple Mac OS X Pixlet Video Multiple Unspecified Memory Corruption Vulnerabilities 29490 Apple Mac OS X AFP Server File Sharing Unauthorized File Access Vulnerability 29491 Apple Mac OS X CoreFoundation CFData Object Handling Code Execution Vulnerability 29492 Apple Mac OS X Apple Type Services PDF Handling Code Execution Vulnerability 29493 Apple Mac OS X CFNetwork SSL Client Certificate Handling Information Disclosure Vulnerability 29500 Apple Mac OS X Mail Memory Corruption Vulnerability 29501 Apple Mac OS X Image Capture Webserver Directory Traversal Vulnerability 29511 Apple Mac OS X Wiki Server User Name Enumeration Weakness 29513 Apple Mac OS X ImageIO BMP/GIF Image Information Disclosure Vulnerability 29514 Apple Mac OS X ImageIO JPEG2000 Handling Remote Code Execution Vulnerability 29520 Apple Mac OS X Single Sign-On 'sso_util' Local Information Disclosure Vulnerability 29521 Apple Mac OS X Image Capture Local Arbitrary File Overwrite Vulnerability. An attacker could leverage this vulnerability to obtain potentially sensitive information that may aid in further attacks. I. Further details are available in the US-CERT Vulnerability Notes Database. II. III. These and other updates are available via Software Update or via Apple Downloads. IV. Please send email to <cert@cert.org> with "TA08-150A Feedback VU#566875" in the subject. _________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. _________________________________________________________________ Produced 2008 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History May 29 2008: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBSD8M8XIHljM+H4irAQL8gggAhPXOm6pPXxrZpjiJYHmlhwCCIclyj9vo Yvs/cicI8vJ3vB4xkUd51/iFoze6D3mFnSxwVAgrixysdkaCxBUyWqmRumEDTXfx 403FR2yIFpSFr7+9VXXWpmq6E0aHVjrKPOArq5uysuIPOHiEbKUisT2gBXUlPrtN RjUg/w/9/IEryPxv/nVzHMcLDde2OLyoo+tiSCOqJK/sC/VUM/d1zkdIDOfu0zom vmqM10hDyA7VR2rgkKvSbqXOWHua0t4eHaNMP0h3N51yLmFhMHxBGj9zWXj9dpHI DcQ9gnQKm7YocOfLC4IPV0BWuPoAkNOEAPeRapPgmJ60icjOpn/MTQ== =QvSr -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- Secunia Network Software Inspector 2.0 (NSI) - Public Beta The Public Beta has ended. Thanks to all that participated. 1) An error in AFP server allows connected users or guests to access files and directories that are not within a shared directory. 2) Some vulnerabilities in Apache can be exploited by malicious people to conduct cross-site scripting attacks or to cause a DoS (Denial of Service). 3) An unspecified error in AppKit can potentially be exploited to execute arbitrary code when a user opens a specially crafted document file with an editor that uses AppKit (e.g. TextEdit). 4) Multiple unspecified errors exist in the processing of Pixlet video files. These can be exploited to cause memory corruption and potentially allow for execution of arbitrary code when a user opens a specially crafted movie file. 5) An unspecified error exists in Apple Type Services when processing embedded fonts in PDF files. This can be exploited to cause a memory corruption when a PDF file containing a specially crafted embedded font is printed. Successful exploitation may allow execution of arbitrary code. 7) An integer overflow exists in CoreFoundation when handling CFData objects. This can be exploited to cause a heap-based buffer overflow if an application calls "CFDataReplaceBytes" with an invalid "length" argument. 8) An error due to an uninitialised variable in CoreGraphics can potentially be exploited to execute arbitrary code when a specially crafted PDF is opened. 9) A weakness is caused due to users not being warned before opening certain potentially unsafe content types. 10) An error when printing to password-protected printers with debug logging enabled may lead to the disclosure of sensitive information. 11) Some vulnerabilities in Adobe Flash Player can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, or to potentially compromise a user's system. For more information: SA28083 12) An integer underflow error in Help Viewer when handling help:topic URLs can be exploited to cause a buffer overflow when a specially crafted help:topic URL is accessed. Successful exploitation may allow execution of arbitrary code. 13) A conversion error exists in ICU when handling certain character encodings. This can potentially be exploited bypass content filters and may lead to cross-site scripting and disclosure of sensitive information. 14) Input passed to unspecified parameters in Image Capture's embedded web server is not properly sanitised before being used. This can be exploited to disclose the content of local files via directory traversal attacks. 15) An error in the handling of temporary files in Image Capture can be exploited by malicious, local users to manipulate files with the privilege of a user running Image Capture. 16) A boundary error in the BMP and GIF image decoding engine in ImageIO can be exploited to disclose content in memory. 17) Some vulnerabilities in ImageIO can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerabilities are caused due to the use of vulnerable libpng code. For more information: SA27093 SA27130 18) An integer overflow error in ImageIO within the processing of JPEG2000 images can be exploited to cause a heap-based buffer overflow when a specially crafted JPEG2000 image is viewed. Successful exploitation of this vulnerability may allow execution of arbitrary code. 19) An error in Mail is caused due to an uninitialised variable and can lead to disclosure of sensitive information and potentially execution of arbitrary code when mail is sent through an SMTP server over IPv6. For more information: SA28323 21) The sso_util command-line tool requires that passwords be passed to it in its arguments, which can be exploited by malicious, local users to disclose the passwords. 22) An error in Wiki Server can be exploited to determine valid local user names when nonexistent blogs are accessed. ORIGINAL ADVISORY: http://support.apple.com/kb/HT1897 OTHER REFERENCES: SA18008: http://secunia.com/advisories/18008/ SA18307: http://secunia.com/advisories/18307/ SA26273: http://secunia.com/advisories/26273/ SA26636: http://secunia.com/advisories/26636/ SA27093: http://secunia.com/advisories/27093/ SA27130: http://secunia.com/advisories/27130/ SA28081: http://secunia.com/advisories/28081/ SA28083: http://secunia.com/advisories/28083/ SA28323: http://secunia.com/advisories/28323/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

network

TYPE

information disclosure

CONFIGURATIONS

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Melissa O'NeillPaul HaddadRodrigo CarvalhoGynvael Coldwind

SOURCES

LAST UPDATE DATE

2025-04-10T19:43:47.425000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE