Details of VAR-200809-0210

ID

VAR-200809-0210

CVE

CVE-2008-3638

TITLE

Apple Mac OS X Running on Java of file:// URL Vulnerability in arbitrary program execution in access

Trust: 0.8

sources: JVNDB: JVNDB-2008-001739

DESCRIPTION

Java on Apple Mac OS X 10.5.4 and 10.5.5 does not prevent applets from accessing file:// URLs, which allows remote attackers to execute arbitrary programs. An attacker can exploit this issue by enticing an unsuspecting victim to visit a malicious webpage containing crafted Java applets. Successfully exploiting this issue will allow attackers to run arbitrary code by launching arbitrary executables within the context of the affected application. This issue affects Mac OS X 10.5.5 (and prior versions) and Mac OS X Server 10.5.5 (and prior versions). ---------------------------------------------------------------------- Do you need accurate and reliable IDS / IPS / AV detection rules? Get in-depth vulnerability details: http://secunia.com/binary_analysis/sample_analysis/ ---------------------------------------------------------------------- TITLE: Mac OS X Java Multiple Vulnerabilities SECUNIA ADVISORY ID: SA32018 VERIFY ADVISORY: http://secunia.com/advisories/32018/ CRITICAL: Highly critical IMPACT: Security Bypass, Exposure of system information, Exposure of sensitive information, DoS, System access WHERE: >From remote OPERATING SYSTEM: Apple Macintosh OS X http://secunia.com/advisories/product/96/ DESCRIPTION: Some vulnerabilities have been reported and acknowledged in Java for Mac OS X, which can be exploited by malicious people to cause a DoS (Denial of Service), to bypass certain security restrictions, disclose system information or potentially sensitive information, or to compromise a vulnerable system. 1) An error leading to the use of an uninitialized variable exists in the hash-based Message Authentication Code (HMAC) provider. 2) An error in the Java plug-in within the handling of "file://" URLs can be exploited to launch local files when a user visits a web page containing a specially crafted java applet. 3) Some vulnerabilities in Java 1.4.2_16 and Java 1.5.0_13 can be exploited by malicious people to cause a DoS (Denial of Service), to bypass certain security restrictions, disclose system information or potentially sensitive information, or to compromise a vulnerable system. 2) The vendor credits Nitesh Dhanjani and Billy Rios. ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT3179 http://support.apple.com/kb/HT3178 OTHER REFERENCES: SA28115 http://secunia.com/advisories/28115/ SA29239: http://secunia.com/advisories/29239/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2008-3638 // JVNDB: JVNDB-2008-001739 // BID: 31380 // VULHUB: VHN-33763 // PACKETSTORM: 70342

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x server	scope:	eq	version:	10.5.5	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.5.4	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.5.5	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.5.4	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	v10.5.4 to v10.5.5	Trust: 0.8
vendor:	apple	model:	mac os x server	scope:	eq	version:	v10.5.4 to v10.5.5	Trust: 0.8
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5.5	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5.4	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5.3	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5.2	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5.1	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5	Trust: 0.3

sources: BID: 31380 // JVNDB: JVNDB-2008-001739 // CNNVD: CNNVD-200809-364 // NVD: CVE-2008-3638

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2008-3638
value:	HIGH
Trust: 1.0
NVD:	CVE-2008-3638
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200809-364
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-33763
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2008-3638
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-33763
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-33763 // JVNDB: JVNDB-2008-001739 // CNNVD: CNNVD-200809-364 // NVD: CVE-2008-3638

PROBLEMTYPE DATA

problemtype:

CWE-94

Trust: 1.9

sources: VULHUB: VHN-33763 // JVNDB: JVNDB-2008-001739 // NVD: CVE-2008-3638

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200809-364

TYPE

code injection

Trust: 0.6

sources: CNNVD: CNNVD-200809-364

CONFIGURATIONS

sources: JVNDB: JVNDB-2008-001739

PATCH

title:	Mac OS X 10.5 Update 2	url:	http://support.apple.com/kb/HT3179	Trust: 0.8
title:	Mac OS X 10.5 Update 2	url:	http://support.apple.com/kb/HT3179?viewlocale=ja_JP	Trust: 0.8

sources: JVNDB: JVNDB-2008-001739

EXTERNAL IDS

db:	NVD	id:	CVE-2008-3638	Trust: 2.8
db:	BID	id:	31380	Trust: 2.8
db:	SECUNIA	id:	32018	Trust: 2.6
db:	SECTRACK	id:	1020944	Trust: 1.1
db:	JVNDB	id:	JVNDB-2008-001739	Trust: 0.8
db:	APPLE	id:	APPLE-SA-2008-09-24	Trust: 0.6
db:	CNNVD	id:	CNNVD-200809-364	Trust: 0.6
db:	VULHUB	id:	VHN-33763	Trust: 0.1
db:	PACKETSTORM	id:	70342	Trust: 0.1

sources: VULHUB: VHN-33763 // BID: 31380 // JVNDB: JVNDB-2008-001739 // PACKETSTORM: 70342 // CNNVD: CNNVD-200809-364 // NVD: CVE-2008-3638

REFERENCES

url:	http://www.securityfocus.com/bid/31380	Trust: 2.5
url:	http://secunia.com/advisories/32018	Trust: 2.5
url:	http://support.apple.com/kb/ht3179	Trust: 1.8
url:	http://lists.apple.com/archives/security-announce//2008/sep/msg00007.html	Trust: 1.7
url:	http://www.securitytracker.com/id?1020944	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/45397	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3638	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-3638	Trust: 0.8
url:	http://www.apple.com/macosx/	Trust: 0.3
url:	http://secunia.com/advisories/32018/	Trust: 0.1
url:	http://secunia.com/binary_analysis/sample_analysis/	Trust: 0.1
url:	http://secunia.com/advisories/28115/	Trust: 0.1
url:	http://secunia.com/advisories/secunia_security_advisories/	Trust: 0.1
url:	http://www.apple.com/support/downloads/javaformacosx105update2.html	Trust: 0.1
url:	http://secunia.com/advisories/29239/	Trust: 0.1
url:	http://secunia.com/advisories/product/96/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://support.apple.com/kb/ht3178	Trust: 0.1
url:	http://www.apple.com/support/downloads/javaformacosx104release7.html	Trust: 0.1
url:	http://secunia.com/advisories/about_secunia_advisories/	Trust: 0.1

sources: VULHUB: VHN-33763 // BID: 31380 // JVNDB: JVNDB-2008-001739 // PACKETSTORM: 70342 // CNNVD: CNNVD-200809-364 // NVD: CVE-2008-3638

CREDITS

Nitesh Dhanjani and Billy Rios

Trust: 0.9

sources: BID: 31380 // CNNVD: CNNVD-200809-364

SOURCES

db:	VULHUB	id:	VHN-33763
db:	BID	id:	31380
db:	JVNDB	id:	JVNDB-2008-001739
db:	PACKETSTORM	id:	70342
db:	CNNVD	id:	CNNVD-200809-364
db:	NVD	id:	CVE-2008-3638

LAST UPDATE DATE

2025-04-10T20:24:19.141000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-33763	date:	2017-08-08T00:00:00
db:	BID	id:	31380	date:	2008-09-25T16:19:00
db:	JVNDB	id:	JVNDB-2008-001739	date:	2008-10-15T00:00:00
db:	CNNVD	id:	CNNVD-200809-364	date:	2008-09-29T00:00:00
db:	NVD	id:	CVE-2008-3638	date:	2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-33763	date:	2008-09-26T00:00:00
db:	BID	id:	31380	date:	2008-09-25T00:00:00
db:	JVNDB	id:	JVNDB-2008-001739	date:	2008-10-15T00:00:00
db:	PACKETSTORM	id:	70342	date:	2008-09-25T23:06:17
db:	CNNVD	id:	CNNVD-200809-364	date:	2008-09-26T00:00:00
db:	NVD	id:	CVE-2008-3638	date:	2008-09-26T16:21:44.003