Details of VAR-200807-0312

ID

VAR-200807-0312

CVE

CVE-2008-3170

TITLE

Apple Safari In HTTP Session hijack vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2008-002210

DESCRIPTION

Apple Safari allows web sites to set cookies for country-specific top-level domains, such as co.uk and com.au, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session, aka "Cross-Site Cooking," a related issue to CVE-2004-0746, CVE-2004-0866, and CVE-2004-0867. Apple Safari is prone to a vulnerability that allows attackers to set cookies for certain domain extensions. The browser does not have any security provisions to prevent cookies from being set for extensions with embedded dots. Attackers can leverage this issue to set cookies in a manner that could aid in other web-based attacks. Safari 3.1.2 is vulnerable; other versions may also be affected. Safari is the web browser bundled by default in the Apple family machine operating system. ---------------------------------------------------------------------- Want a new job? http://secunia.com/secunia_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/ International Partner Manager - Project Sales in the IT-Security Industry: http://corporate.secunia.com/about_secunia/64/ ---------------------------------------------------------------------- TITLE: Apple Safari Cross-Domain Cookie Injection Vulnerability SECUNIA ADVISORY ID: SA31128 VERIFY ADVISORY: http://secunia.com/advisories/31128/ CRITICAL: Less critical IMPACT: Security Bypass WHERE: >From remote SOFTWARE: Safari 3.x http://secunia.com/product/17989/ Safari for Windows 3.x http://secunia.com/product/17978/ DESCRIPTION: A vulnerability has been discovered in Apple Safari, which can be exploited by malicious people to bypass certain security restrictions. This can e.g. be exploited to fix a session by setting a known session ID in a cookie, which the browser sends to all web sites operating under an affected domain (e.g. co.uk, com.au). The vulnerability is confirmed in Apple Safari for Windows 3.1.2. SOLUTION: Do not browse untrusted web sites or follow untrusted links. PROVIDED AND/OR DISCOVERED BY: kuza55 ORIGINAL ADVISORY: http://kuza55.blogspot.com/2008/07/some-random-safari-notes.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA08-350A Apple Updates for Multiple Vulnerabilities Original release date: December 15, 2008 Last revised: -- Source: US-CERT Systems Affected * Apple Mac OS X versions prior to and including 10.4.11 (Tiger) and 10.5.5 (Leopard) * Apple Mac OS X Server versions prior to and including 10.4.11 (Tiger) and 10.5.5 (Leopard) Overview Apple has released Security Update 2008-008 and Mac OS X version 10.5.6 to correct multiple vulnerabilities affecting Apple Mac OS X and Mac OS X Server. Attackers could exploit these vulnerabilities to execute arbitrary code, gain access to sensitive information, or cause a denial of service. I. Description Apple Security Update 2008-008 and Apple Mac OS X version 10.5.6 address a number of vulnerabilities affecting Apple Mac OS X and Mac OS X Server versions prior to and including 10.4.11 and 10.5.5. The update also addresses vulnerabilities in other vendors' products that ship with Apple Mac OS X or Mac OS X Server. II. Impact The impacts of these vulnerabilities vary. Potential consequences include arbitrary code execution, sensitive information disclosure, denial of service, or privilege escalation. III. Solution Install Apple Security Update 2008-008 or Apple Mac OS X version 10.5.6. These and other updates are available via Software Update or via Apple Downloads. IV. References * Securing Your Web Browser - <http://www.us-cert.gov/reading_room/securing_browser/> * About the security content of Security Update 2008-008 / Mac OS X v10.5.6 - <https://support.apple.com/kb/HT3338> * Mac OS X: Updating your software - <https://support.apple.com/kb/HT1338?viewlocale=en_US> * Apple Downloads - <http://support.apple.com/downloads/> ____________________________________________________________________ The most recent version of this document can be found at: <http://www.us-cert.gov/cas/techalerts/TA08-350A.html> ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to <cert@cert.org> with "TA08-350A Feedback VU#901332" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2008 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History December 15, 2008: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBSUbT5nIHljM+H4irAQLfMggAvH7VNoR3th5dBLhuq/f43ka1G5cecyAK g4gucF6+frxTfsVz2FGbawFdD/sAxAb/CnASFIkbuHItPwI526uy8MjXOmi/kYm2 ESZgD8U0OBtb2mqQRfhURz9sF97yVFhvHAZS3VOOCH85d1R6dr4ncxIWMGn2cgon Cjlll1WTx2BuMZO/AFn2UM7OooV9VVXtMht9D48X7i9bCWoU2W0mFSCHr+bJPE3d fI8v9+kyCQnjB3R9J+eGxmFClXl9PeMxOvsjPh/bQ8PpmAYMCH1Qp7vaSjjqSlVE ljRuyK8e6TIirse/RoK0YOwqBWudpgyJZvsV89ft9v55+a0l+2UlJw== =yvkk -----END PGP SIGNATURE-----

Trust: 2.16

sources: NVD: CVE-2008-3170 // JVNDB: JVNDB-2008-002210 // BID: 30192 // VULHUB: VHN-33295 // PACKETSTORM: 68437 // PACKETSTORM: 73037

AFFECTED PRODUCTS

vendor:	apple	model:	safari	scope:	eq	version:	*	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	v10.4.11	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	v10.5 to v10.5.5	Trust: 0.8
vendor:	apple	model:	mac os x server	scope:	eq	version:	v10.4.11	Trust: 0.8
vendor:	apple	model:	mac os x server	scope:	eq	version:	v10.5 to v10.5.5	Trust: 0.8
vendor:	apple	model:	safari	scope:	-	version:	-	Trust: 0.6
vendor:	apple	model:	safari for windows	scope:	eq	version:	3.1.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	3.1.2	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5.5	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5.4	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5.3	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5.2	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5.1	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.4.11	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.11	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	ne	version:	x10.5.6	Trust: 0.3
vendor:	apple	model:	mac os	scope:	ne	version:	x10.5.6	Trust: 0.3

sources: BID: 30192 // JVNDB: JVNDB-2008-002210 // CNNVD: CNNVD-200807-230 // NVD: CVE-2008-3170

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2008-3170
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2008-3170
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-200807-230
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-33295
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2008-3170
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-33295
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-33295 // JVNDB: JVNDB-2008-002210 // CNNVD: CNNVD-200807-230 // NVD: CVE-2008-3170

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-33295 // JVNDB: JVNDB-2008-002210 // NVD: CVE-2008-3170

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200807-230

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-200807-230

CONFIGURATIONS

sources: JVNDB: JVNDB-2008-002210

PATCH

title:	HT3338	url:	http://support.apple.com/kb/HT3338	Trust: 0.8
title:	HT3338	url:	http://support.apple.com/kb/HT3338?viewlocale=ja_JP	Trust: 0.8
title:	TA08-350A	url:	http://software.fujitsu.com/jp/security/vulnerabilities/ta08-350a.html	Trust: 0.8

sources: JVNDB: JVNDB-2008-002210

EXTERNAL IDS

db:	BID	id:	30192	Trust: 2.8
db:	NVD	id:	CVE-2008-3170	Trust: 2.8
db:	SECUNIA	id:	31128	Trust: 2.6
db:	USCERT	id:	TA08-350A	Trust: 2.6
db:	VUPEN	id:	ADV-2008-3444	Trust: 2.5
db:	SECTRACK	id:	1020539	Trust: 2.5
db:	XF	id:	43839	Trust: 1.4
db:	USCERT	id:	SA08-350A	Trust: 0.8
db:	JVNDB	id:	JVNDB-2008-002210	Trust: 0.8
db:	CNNVD	id:	CNNVD-200807-230	Trust: 0.7
db:	MISC	id:	HTTP://KUZA55.BLOGSPOT.COM/2008/07/SOME-RANDOM-SAFARI-NOTES.HTML	Trust: 0.6
db:	CERT/CC	id:	TA08-350A	Trust: 0.6
db:	APPLE	id:	APPLE-SA-2008-12-15	Trust: 0.6
db:	VULHUB	id:	VHN-33295	Trust: 0.1
db:	PACKETSTORM	id:	68437	Trust: 0.1
db:	PACKETSTORM	id:	73037	Trust: 0.1

sources: VULHUB: VHN-33295 // BID: 30192 // JVNDB: JVNDB-2008-002210 // PACKETSTORM: 68437 // PACKETSTORM: 73037 // CNNVD: CNNVD-200807-230 // NVD: CVE-2008-3170

REFERENCES

url:	http://www.securityfocus.com/bid/30192	Trust: 2.5
url:	http://www.us-cert.gov/cas/techalerts/ta08-350a.html	Trust: 2.5
url:	http://secunia.com/advisories/31128	Trust: 2.5
url:	http://kuza55.blogspot.com/2008/07/some-random-safari-notes.html	Trust: 2.1
url:	http://www.vupen.com/english/advisories/2008/3444	Trust: 1.9
url:	http://lists.apple.com/archives/security-announce//2008//dec/msg00000.html	Trust: 1.7
url:	http://support.apple.com/kb/ht3338	Trust: 1.7
url:	http://www.securitytracker.com/id?1020539	Trust: 1.7
url:	http://xforce.iss.net/xforce/xfdb/43839	Trust: 1.4
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/43839	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3170	Trust: 0.8
url:	http://jvn.jp/cert/jvnta08-350a/	Trust: 0.8
url:	http://jvn.jp/tr/trta08-350a	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-3170	Trust: 0.8
url:	http://securitytracker.com/id?1020539	Trust: 0.8
url:	http://www.us-cert.gov/cas/alerts/sa08-350a.html	Trust: 0.8
url:	http://www.frsirt.com/english/advisories/2008/3444	Trust: 0.6
url:	http://www.apple.com/safari/	Trust: 0.3
url:	http://kuza55.blogspot.com/2008/02/understanding-cookie-security.html	Trust: 0.3
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/hardcore_disassembler_and_reverse_engineer/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/secunia_security_specialist/	Trust: 0.1
url:	http://secunia.com/advisories/31128/	Trust: 0.1
url:	http://corporate.secunia.com/about_secunia/64/	Trust: 0.1
url:	http://secunia.com/product/17978/	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1
url:	http://secunia.com/product/17989/	Trust: 0.1
url:	https://support.apple.com/kb/ht3338>	Trust: 0.1
url:	https://support.apple.com/kb/ht1338?viewlocale=en_us>	Trust: 0.1
url:	http://www.us-cert.gov/legal.html>	Trust: 0.1
url:	http://www.us-cert.gov/cas/techalerts/ta08-350a.html>	Trust: 0.1
url:	http://support.apple.com/downloads/>	Trust: 0.1
url:	http://www.us-cert.gov/cas/signup.html>.	Trust: 0.1
url:	http://www.us-cert.gov/reading_room/securing_browser/>	Trust: 0.1

sources: VULHUB: VHN-33295 // BID: 30192 // JVNDB: JVNDB-2008-002210 // PACKETSTORM: 68437 // PACKETSTORM: 73037 // CNNVD: CNNVD-200807-230 // NVD: CVE-2008-3170

CREDITS

kuza55

Trust: 0.6

sources: CNNVD: CNNVD-200807-230

SOURCES

db:	VULHUB	id:	VHN-33295
db:	BID	id:	30192
db:	JVNDB	id:	JVNDB-2008-002210
db:	PACKETSTORM	id:	68437
db:	PACKETSTORM	id:	73037
db:	CNNVD	id:	CNNVD-200807-230
db:	NVD	id:	CVE-2008-3170

LAST UPDATE DATE

2025-04-10T21:41:32.543000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-33295	date:	2017-08-08T00:00:00
db:	BID	id:	30192	date:	2008-12-17T20:11:00
db:	JVNDB	id:	JVNDB-2008-002210	date:	2009-01-26T00:00:00
db:	CNNVD	id:	CNNVD-200807-230	date:	2009-01-06T00:00:00
db:	NVD	id:	CVE-2008-3170	date:	2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-33295	date:	2008-07-14T00:00:00
db:	BID	id:	30192	date:	2008-07-12T00:00:00
db:	JVNDB	id:	JVNDB-2008-002210	date:	2009-01-26T00:00:00
db:	PACKETSTORM	id:	68437	date:	2008-07-23T22:36:39
db:	PACKETSTORM	id:	73037	date:	2008-12-16T00:25:46
db:	CNNVD	id:	CNNVD-200807-230	date:	2008-07-14T00:00:00
db:	NVD	id:	CVE-2008-3170	date:	2008-07-14T23:41:00