Sign-up

ID

VAR-200906-0279


CVE

CVE-2009-1717


TITLE

Apple Mac OS X of Terminal Integer overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2009-003430

DESCRIPTION

Integer overflow in Terminal in Apple Mac OS X 10.5 before 10.5.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted size value in a CSI[4 xterm resize escape sequence that triggers a heap-based buffer overflow. Apple Mac OS X is prone to an integer-overflow vulnerability affecting the Terminal application. An attacker can exploit this issue to execute arbitrary code in the context of the user running the vulnerable application. An attacker can exploit this vulnerability by tricking a user into using Terminal to connect to a remote system (such as opening a telnet: URL), causing a denial of service or executing arbitrary commands. For further product information on the TippingPoint IPS, visit: http://www.tippingpoint.com -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Terminal. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the handling of 'CSI[4' xterm window resizing escape code. When a very low negative value for (x, y) size is set, an integer overflow occurs resulting in a memory corruption. -- Vendor Response: Apple has issued an update to correct this vulnerability. More details can be found at: http://support.apple.com/kb/HT3549 -- Disclosure Timeline: 2009-05-06 - Vulnerability reported to vendor 2009-06-02 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * James King, TippingPoint DVLabs

Trust: 2.07

sources: NVD: CVE-2009-1717 // JVNDB: JVNDB-2009-003430 // BID: 35182 // VULHUB: VHN-39163 // PACKETSTORM: 78027

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:eqversion:10.5.4

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.5.5

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.5.6

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.5.2

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.5.1

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.5.4

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.5.5

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.5.0

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.5.6

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.5.3

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.5.1

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.5.0

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.5.2

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.5.3

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.5

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.5

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.5

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.5.7

Trust: 0.8

vendor:applemodel:mac os serverscope:eqversion:x10.5.6

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.5

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5

Trust: 0.3

vendor:applemodel:mac os serverscope:neversion:x10.5.7

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.5.7

Trust: 0.3

sources: BID: 35182 // JVNDB: JVNDB-2009-003430 // CNNVD: CNNVD-200906-072 // NVD: CVE-2009-1717

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2009-1717
value: MEDIUM

Trust: 1.0

NVD: CVE-2009-1717
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200906-072
value: MEDIUM

Trust: 0.6

VULHUB: VHN-39163
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2009-1717
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-39163
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-39163 // JVNDB: JVNDB-2009-003430 // CNNVD: CNNVD-200906-072 // NVD: CVE-2009-1717

PROBLEMTYPE DATA

problemtype:CWE-189

Trust: 1.9

sources: VULHUB: VHN-39163 // JVNDB: JVNDB-2009-003430 // NVD: CVE-2009-1717

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 78027 // CNNVD: CNNVD-200906-072

TYPE

digital error

Trust: 0.6

sources: CNNVD: CNNVD-200906-072

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2009-003430

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-39163

PATCH
title:HT3549url:http://support.apple.com/kb/HT3549
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2009-003430

EXTERNAL IDS
db:NVDid:CVE-2009-1717
Trust: 2.9
db:BIDid:35182
Trust: 2.0
db:SECTRACKid:1022322
Trust: 1.7
db:JVNDBid:JVNDB-2009-003430
Trust: 0.8
db:XFid:50982
Trust: 0.6
db:BUGTRAQid:20090602 TPTI-09-04: APPLE TERMINAL XTERM RESIZE ESCAPE SEQUENCE MEMORY CORRUPTION VULNERABILITY
Trust: 0.6
db:CNNVDid:CNNVD-200906-072
Trust: 0.6
db:PACKETSTORMid:78027
Trust: 0.2
db:VULHUBid:VHN-39163
Trust: 0.1
sources:
            
            
            VULHUB: VHN-39163 // 
            
            
            
            BID: 35182 // 
            
            
            
            JVNDB: JVNDB-2009-003430 // 
            
            
            
            PACKETSTORM: 78027 // 
            
            
            
            CNNVD: CNNVD-200906-072 // 
            
            
            
            NVD: CVE-2009-1717

REFERENCES
url:http://support.apple.com/kb/ht3549
Trust: 2.1
url:http://dvlabs.tippingpoint.com/advisory/tpti-09-04
Trust: 2.1
url:http://www.securityfocus.com/bid/35182
Trust: 1.7
url:http://securitytracker.com/id?1022322
Trust: 1.7
url:http://www.securityfocus.com/archive/1/504031/100/0/threaded
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/50982
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1717
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-1717
Trust: 0.8
url:http://www.securityfocus.com/archive/1/archive/1/504031/100/0/threaded
Trust: 0.6
url:http://xforce.iss.net/xforce/xfdb/50982
Trust: 0.6
url:http://www.apple.com/macosx/
Trust: 0.3
url:https://nvd.nist.gov/vuln/detail/cve-2009-1717
Trust: 0.1
url:http://www.tippingpoint.com
Trust: 0.1
sources:
            
            
            VULHUB: VHN-39163 // 
            
            
            
            BID: 35182 // 
            
            
            
            JVNDB: JVNDB-2009-003430 // 
            
            
            
            PACKETSTORM: 78027 // 
            
            
            
            CNNVD: CNNVD-200906-072 // 
            
            
            
            NVD: CVE-2009-1717

CREDITS
James King
Trust: 0.7
sources:
            
            
            PACKETSTORM: 78027 // 
            
            
            
            CNNVD: CNNVD-200906-072

SOURCES
db:VULHUBid:VHN-39163
db:BIDid:35182
db:JVNDBid:JVNDB-2009-003430
db:PACKETSTORMid:78027
db:CNNVDid:CNNVD-200906-072
db:NVDid:CVE-2009-1717

LAST UPDATE DATE
2025-04-10T23:05:08.283000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-39163date:2018-10-10T00:00:00
db:BIDid:35182date:2009-06-02T22:49:00
db:JVNDBid:JVNDB-2009-003430date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200906-072date:2009-06-29T00:00:00
db:NVDid:CVE-2009-1717date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE
db:VULHUBid:VHN-39163date:2009-06-05T00:00:00
db:BIDid:35182date:2009-06-02T00:00:00
db:JVNDBid:JVNDB-2009-003430date:2012-06-26T00:00:00
db:PACKETSTORMid:78027date:2009-06-03T03:56:15
db:CNNVDid:CNNVD-200906-072date:2009-06-05T00:00:00
db:NVDid:CVE-2009-1717date:2009-06-05T16:00:00.297