Details of VAR-200911-0268

ID

VAR-200911-0268

CVE

CVE-2009-2839

TITLE

Apple Mac OS X Vulnerability in arbitrary code execution in screen sharing

Trust: 0.8

sources: JVNDB: JVNDB-2009-002342

DESCRIPTION

Screen Sharing in Apple Mac OS X 10.5.8 allows remote VNC servers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors. An attacker can exploit these issues to execute arbitrary code in the context of the vulnerable process. Failed exploit attempts are likely to result in denial-of-service conditions. NOTE: These issues were previously covered in BID 36956 (Apple Mac OS X 2009-006 Multiple Security Vulnerabilities), but have been assigned their own record to better document them

Trust: 2.25

sources: NVD: CVE-2009-2839 // JVNDB: JVNDB-2009-002342 // BID: 36964 // BID: 36956 // VULHUB: VHN-40285

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	eq	version:	10.5.8	Trust: 1.6
vendor:	apple	model:	mac os x server	scope:	eq	version:	10.5.8	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	v10.5.8	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	v10.6	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	v10.6.1	Trust: 0.8
vendor:	apple	model:	mac os x server	scope:	eq	version:	v10.5.8	Trust: 0.8
vendor:	apple	model:	mac os x server	scope:	eq	version:	v10.6	Trust: 0.8
vendor:	apple	model:	mac os x server	scope:	eq	version:	v10.6.1	Trust: 0.8
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.6.1	Trust: 0.6
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5.8	Trust: 0.6
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5.7	Trust: 0.6
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5.6	Trust: 0.6
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5.5	Trust: 0.6
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5.4	Trust: 0.6
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5.3	Trust: 0.6
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5.2	Trust: 0.6
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5.1	Trust: 0.6
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.6.1	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.8	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.7	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.6	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.5	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.4	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.3	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.2	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.1	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5	Trust: 0.6
vendor:	apple	model:	mac os server	scope:	ne	version:	x10.6.2	Trust: 0.6
vendor:	apple	model:	mac os	scope:	ne	version:	x10.6.2	Trust: 0.6
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.6	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.6	Trust: 0.3

sources: BID: 36964 // BID: 36956 // JVNDB: JVNDB-2009-002342 // CNNVD: CNNVD-200911-114 // NVD: CVE-2009-2839

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2009-2839
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2009-2839
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-200911-114
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-40285
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2009-2839
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-40285
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-40285 // JVNDB: JVNDB-2009-002342 // CNNVD: CNNVD-200911-114 // NVD: CVE-2009-2839

PROBLEMTYPE DATA

problemtype:

CWE-399

Trust: 1.9

sources: VULHUB: VHN-40285 // JVNDB: JVNDB-2009-002342 // NVD: CVE-2009-2839

THREAT TYPE

network

Trust: 0.6

sources: BID: 36964 // BID: 36956

TYPE

Unknown

Trust: 0.6

sources: BID: 36964 // BID: 36956

CONFIGURATIONS

sources: JVNDB: JVNDB-2009-002342

PATCH

title:	HT3937	url:	http://support.apple.com/kb/HT3937	Trust: 0.8
title:	HT3937	url:	http://support.apple.com/kb/HT3937?viewlocale=ja_JP	Trust: 0.8

sources: JVNDB: JVNDB-2009-002342

EXTERNAL IDS

db:	NVD	id:	CVE-2009-2839	Trust: 2.8
db:	VUPEN	id:	ADV-2009-3184	Trust: 2.5
db:	BID	id:	36956	Trust: 2.0
db:	OSVDB	id:	59997	Trust: 1.1
db:	JVNDB	id:	JVNDB-2009-002342	Trust: 0.8
db:	CNNVD	id:	CNNVD-200911-114	Trust: 0.7
db:	APPLE	id:	APPLE-SA-2009-11-09-1	Trust: 0.6
db:	BID	id:	36964	Trust: 0.4
db:	VULHUB	id:	VHN-40285	Trust: 0.1

sources: VULHUB: VHN-40285 // BID: 36964 // BID: 36956 // JVNDB: JVNDB-2009-002342 // CNNVD: CNNVD-200911-114 // NVD: CVE-2009-2839

REFERENCES

url:	http://www.vupen.com/english/advisories/2009/3184	Trust: 2.5
url:	http://lists.apple.com/archives/security-announce/2009/nov/msg00000.html	Trust: 1.7
url:	http://www.securityfocus.com/bid/36956	Trust: 1.7
url:	http://support.apple.com/kb/ht3937	Trust: 1.7
url:	http://osvdb.org/59997	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2839	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-2839	Trust: 0.8
url:	http://software.cisco.com/download/navigator.html?mdfid=283613663	Trust: 0.3
url:	http://www.apple.com/macosx/	Trust: 0.3

sources: VULHUB: VHN-40285 // BID: 36964 // BID: 36956 // JVNDB: JVNDB-2009-002342 // CNNVD: CNNVD-200911-114 // NVD: CVE-2009-2839

CREDITS

Brian MastenbrookRegis DuchesneNicolas Joly

Trust: 0.6

sources: CNNVD: CNNVD-200911-114

SOURCES

db:	VULHUB	id:	VHN-40285
db:	BID	id:	36964
db:	BID	id:	36956
db:	JVNDB	id:	JVNDB-2009-002342
db:	CNNVD	id:	CNNVD-200911-114
db:	NVD	id:	CVE-2009-2839

LAST UPDATE DATE

2025-04-10T21:56:02.287000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-40285	date:	2009-12-19T00:00:00
db:	BID	id:	36964	date:	2009-11-10T16:47:00
db:	BID	id:	36956	date:	2009-11-11T20:56:00
db:	JVNDB	id:	JVNDB-2009-002342	date:	2009-12-18T00:00:00
db:	CNNVD	id:	CNNVD-200911-114	date:	2009-11-10T00:00:00
db:	NVD	id:	CVE-2009-2839	date:	2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-40285	date:	2009-11-10T00:00:00
db:	BID	id:	36964	date:	2009-11-09T00:00:00
db:	BID	id:	36956	date:	2009-11-09T00:00:00
db:	JVNDB	id:	JVNDB-2009-002342	date:	2009-12-18T00:00:00
db:	CNNVD	id:	CNNVD-200911-114	date:	2009-11-10T00:00:00
db:	NVD	id:	CVE-2009-2839	date:	2009-11-10T19:30:01.640