Sign-up

ID

VAR-200807-0286


CVE

CVE-2008-2309


TITLE

Apple Mac OS X of CoreTypes Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2008-001476

DESCRIPTION

Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.5.4 allows user-assisted remote attackers to execute arbitrary code via a (1) .xht or (2) .xhtm file, which does not trigger a "potentially unsafe" warning message in (a) the Download Validation feature in Mac OS X 10.4 or (b) the Quarantine feature in Mac OS X 10.5. Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers. This update adds .xht and .xhtm files to the system's list of content types that are marked as unsafe under certain circumstances, such as when downloaded from a web page. Although these content types are not automatically loaded, manually opening them can lead to malicious payloads being executed. ---------------------------------------------------------------------- Want a new job? http://secunia.com/secunia_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/ International Partner Manager - Project Sales in the IT-Security Industry: http://corporate.secunia.com/about_secunia/64/ ---------------------------------------------------------------------- TITLE: Apple Mac OS X Security Update Fixes Multiple Vulnerabilities SECUNIA ADVISORY ID: SA30802 VERIFY ADVISORY: http://secunia.com/advisories/30802/ CRITICAL: Highly critical IMPACT: Security Bypass, Cross Site Scripting, Spoofing, Exposure of sensitive information, Privilege escalation, DoS, System access WHERE: >From remote OPERATING SYSTEM: Apple Macintosh OS X http://secunia.com/product/96/ DESCRIPTION: Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities and a weakness. 1) An unspecified error in the Alias Manager when handling AFP volume mount information in an alias data structure can be exploited to cause a memory corruption and potentially execute arbitrary code. 2) A weakness is caused due to users not being warned before opening certain potentially unsafe content types, e.g. .xht and .xhtm files. 3) A format string error in c++filt can be exploited to exploited to execute arbitrary code when a specially crafted string is passed to the application. 4) An vulnerability in Dock can be exploited by malicious people with physical access to a system to bypass the screen lock when Expos\xe9 hot corners are set. 5) A race condition error exists in Launch Services in the download validation of symbolic links. This can be exploited to execute arbitrary code when a user visits a malicious web site. Successful exploitation requires that the "Open 'safe' files" option is enabled in Safari. 6) A vulnerability in Net-SNMP can be exploited by malicious people to spoof authenticated SNMPv3 packets. For more information: SA30574 7) Some vulnerabilities in Ruby can be exploited by malicious people to disclose sensitive information, cause a DoS (Denial of Service), or potentially compromise a vulnerable system. For more information: SA29232 SA29794 NOTE: Reportedly, the directory traversal issue does not affect Mac OS X. 8) A vulnerability in SMB File Server can be exploited by malicious people to compromise a vulnerable system. For more information: SA30228 9) It is possible to store malicious files within the User Template directory. This can be exploited to execute arbitrary code with permissions of a new user when his home directory is created using the User Template directory. 10) Some vulnerabilities in Tomcat can be exploited by malicious users to disclose sensitive information and by malicious people to disclose sensitive information or to conduct cross-site scripting attacks. For more information: SA25678 SA26466 SA27398 SA28878 11) A vulnerability in WebKit can be exploited by malicious people to compromise a user's system. or apply Security Update 2008-004. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2008-2309 // JVNDB: JVNDB-2008-001476 // BID: 30018 // VULHUB: VHN-32434 // PACKETSTORM: 67844

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:eqversion:10.4.2

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.4.5

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.4.10

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.4.6

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.4.11

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.4.4

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.4.8

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.4.1

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.4.7

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.4.3

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.5.2

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.4.2

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.4.4

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.5

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.5.2

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.5.3

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.4.9

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.5.1

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.5.3

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.4.11

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.4.7

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.4.1

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.4.3

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.4.6

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.4.9

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.5.1

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.4.5

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.4.10

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.4.8

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.5

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:v10.5.4

Trust: 0.8

vendor:applemodel:mac os x serverscope:ltversion:v10.5.4

Trust: 0.8

vendor:applemodel:mac os serverscope:eqversion:x10.5.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.11

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.10

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.9

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.8

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.7

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.6

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.5

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.11

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.10

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.9

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.8

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.7

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5

Trust: 0.3

vendor:applemodel:mac os serverscope:neversion:x10.5.4

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.5.4

Trust: 0.3

sources: BID: 30018 // JVNDB: JVNDB-2008-001476 // CNNVD: CNNVD-200807-002 // NVD: CVE-2008-2309

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2008-2309
value: MEDIUM

Trust: 1.0

NVD: CVE-2008-2309
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200807-002
value: MEDIUM

Trust: 0.6

VULHUB: VHN-32434
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2008-2309
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-32434
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-32434 // JVNDB: JVNDB-2008-001476 // CNNVD: CNNVD-200807-002 // NVD: CVE-2008-2309

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-32434 // JVNDB: JVNDB-2008-001476 // NVD: CVE-2008-2309

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200807-002

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-200807-002

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2008-001476

PATCH
title:Security Update 2008-004url:http://support.apple.com/kb/HT2163
Trust: 0.8
title:Security Update 2008-004url:http://support.apple.com/kb/HT2163?viewlocale=ja_JP&locale=ja_JP
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2008-001476

EXTERNAL IDS
db:NVDid:CVE-2008-2309
Trust: 2.8
db:BIDid:30018
Trust: 2.8
db:SECUNIAid:30802
Trust: 2.6
db:SECTRACKid:1020391
Trust: 2.5
db:VUPENid:ADV-2008-1981
Trust: 1.7
db:JVNDBid:JVNDB-2008-001476
Trust: 0.8
db:CNNVDid:CNNVD-200807-002
Trust: 0.7
db:XFid:43493
Trust: 0.6
db:APPLEid:APPLE-SA-2008-06-30
Trust: 0.6
db:VULHUBid:VHN-32434
Trust: 0.1
db:PACKETSTORMid:67844
Trust: 0.1
sources:
            
            
            VULHUB: VHN-32434 // 
            
            
            
            BID: 30018 // 
            
            
            
            JVNDB: JVNDB-2008-001476 // 
            
            
            
            PACKETSTORM: 67844 // 
            
            
            
            CNNVD: CNNVD-200807-002 // 
            
            
            
            NVD: CVE-2008-2309

REFERENCES
url:http://www.securityfocus.com/bid/30018
Trust: 2.5
url:http://securitytracker.com/id?1020391
Trust: 2.5
url:http://secunia.com/advisories/30802
Trust: 2.5
url:http://support.apple.com/kb/ht2163
Trust: 2.1
url:http://lists.apple.com/archives/security-announce/2008//jun/msg00002.html
Trust: 1.7
url:http://www.vupen.com/english/advisories/2008/1981/references
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/43493
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-2309
Trust: 0.8
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-2309
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/43493
Trust: 0.6
url:http://www.frsirt.com/english/advisories/2008/1981/references
Trust: 0.6
url:http://www.apple.com/macosx/
Trust: 0.3
url:http://corporate.secunia.com/about_secunia/64/
Trust: 0.1
url:http://www.apple.com/support/downloads/securityupdate2008004serverppc.html
Trust: 0.1
url:http://secunia.com/hardcore_disassembler_and_reverse_engineer/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/secunia_security_specialist/
Trust: 0.1
url:http://www.apple.com/support/downloads/securityupdate2008004intel.html
Trust: 0.1
url:http://secunia.com/advisories/30574/
Trust: 0.1
url:http://secunia.com/advisories/29794/
Trust: 0.1
url:http://www.apple.com/support/downloads/securityupdate2008004ppc.html
Trust: 0.1
url:http://www.apple.com/support/downloads/macosx1054update.html
Trust: 0.1
url:http://secunia.com/advisories/27398/
Trust: 0.1
url:http://secunia.com/about_secunia_advisories/
Trust: 0.1
url:http://www.apple.com/support/downloads/macosxservercombo1054.html
Trust: 0.1
url:http://www.apple.com/support/downloads/securityupdate2008004serverintel.html
Trust: 0.1
url:http://www.apple.com/support/downloads/macosx1054comboupdate.html
Trust: 0.1
url:http://www.apple.com/support/downloads/macosxserver1054.html
Trust: 0.1
url:http://secunia.com/advisories/30802/
Trust: 0.1
url:http://secunia.com/advisories/29232/
Trust: 0.1
url:http://secunia.com/advisories/25678/
Trust: 0.1
url:http://secunia.com/advisories/28878/
Trust: 0.1
url:http://secunia.com/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/advisories/30775/
Trust: 0.1
url:http://secunia.com/advisories/26466/
Trust: 0.1
url:http://secunia.com/product/96/
Trust: 0.1
url:http://secunia.com/advisories/30228/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-32434 // 
            
            
            
            BID: 30018 // 
            
            
            
            JVNDB: JVNDB-2008-001476 // 
            
            
            
            PACKETSTORM: 67844 // 
            
            
            
            CNNVD: CNNVD-200807-002 // 
            
            
            
            NVD: CVE-2008-2309

CREDITS
Brian MastenbrookAndrew CassellAndrew Mortensen
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200807-002

SOURCES
db:VULHUBid:VHN-32434
db:BIDid:30018
db:JVNDBid:JVNDB-2008-001476
db:PACKETSTORMid:67844
db:CNNVDid:CNNVD-200807-002
db:NVDid:CVE-2008-2309

LAST UPDATE DATE
2025-04-10T21:09:39.946000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-32434date:2017-08-08T00:00:00
db:BIDid:30018date:2008-07-02T20:00:00
db:JVNDBid:JVNDB-2008-001476date:2008-07-15T00:00:00
db:CNNVDid:CNNVD-200807-002date:2008-09-11T00:00:00
db:NVDid:CVE-2008-2309date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE
db:VULHUBid:VHN-32434date:2008-07-01T00:00:00
db:BIDid:30018date:2008-06-30T00:00:00
db:JVNDBid:JVNDB-2008-001476date:2008-07-15T00:00:00
db:PACKETSTORMid:67844date:2008-07-02T17:42:37
db:CNNVDid:CNNVD-200807-002date:2008-06-30T00:00:00
db:NVDid:CVE-2008-2309date:2008-07-01T18:41:00