Sign-up

ID

VAR-200911-0276


CVE

CVE-2009-2828


TITLE

Apple Mac OS X of DirectoryService Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2009-002329

DESCRIPTION

The server in DirectoryService in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors. Apple Mac OS X is prone to a memory-corruption vulnerability that affects the DirectoryService component. Successfully exploiting this issue may allow attackers to execute arbitrary code within the context of the application. Failed exploit attempts will likely result in a denial-of-service condition. NOTE: This issue was previously covered in BID 36956 (Apple Mac OS X 2009-006 Multiple Security Vulnerabilities), but has been assigned its own record to better document it

Trust: 2.25

sources: NVD: CVE-2009-2828 // JVNDB: JVNDB-2009-002329 // BID: 36972 // BID: 36956 // VULHUB: VHN-40274

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:eqversion:10.5.8

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.5.8

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:v10.5.8

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.5.8

Trust: 0.8

vendor:applemodel:mac os serverscope:eqversion:x10.5.8

Trust: 0.6

vendor:applemodel:mac os serverscope:eqversion:x10.5.7

Trust: 0.6

vendor:applemodel:mac os serverscope:eqversion:x10.5.6

Trust: 0.6

vendor:applemodel:mac os serverscope:eqversion:x10.5.5

Trust: 0.6

vendor:applemodel:mac os serverscope:eqversion:x10.5.4

Trust: 0.6

vendor:applemodel:mac os serverscope:eqversion:x10.5.3

Trust: 0.6

vendor:applemodel:mac os serverscope:eqversion:x10.5.2

Trust: 0.6

vendor:applemodel:mac os serverscope:eqversion:x10.5.1

Trust: 0.6

vendor:applemodel:mac os serverscope:eqversion:x10.5

Trust: 0.6

vendor:applemodel:mac osscope:eqversion:x10.5.8

Trust: 0.6

vendor:applemodel:mac osscope:eqversion:x10.5.7

Trust: 0.6

vendor:applemodel:mac osscope:eqversion:x10.5.6

Trust: 0.6

vendor:applemodel:mac osscope:eqversion:x10.5.5

Trust: 0.6

vendor:applemodel:mac osscope:eqversion:x10.5.4

Trust: 0.6

vendor:applemodel:mac osscope:eqversion:x10.5.3

Trust: 0.6

vendor:applemodel:mac osscope:eqversion:x10.5.2

Trust: 0.6

vendor:applemodel:mac osscope:eqversion:x10.5.1

Trust: 0.6

vendor:applemodel:mac osscope:eqversion:x10.5

Trust: 0.6

vendor:applemodel:mac os serverscope:eqversion:x10.6.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6

Trust: 0.3

vendor:applemodel:mac os serverscope:neversion:x10.6.2

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.6.2

Trust: 0.3

sources: BID: 36972 // BID: 36956 // JVNDB: JVNDB-2009-002329 // CNNVD: CNNVD-200911-103 // NVD: CVE-2009-2828

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2009-2828
value: HIGH

Trust: 1.0

NVD: CVE-2009-2828
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200911-103
value: HIGH

Trust: 0.6

VULHUB: VHN-40274
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2009-2828
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-40274
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-40274 // JVNDB: JVNDB-2009-002329 // CNNVD: CNNVD-200911-103 // NVD: CVE-2009-2828

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.9

sources: VULHUB: VHN-40274 // JVNDB: JVNDB-2009-002329 // NVD: CVE-2009-2828

THREAT TYPE

network

Trust: 0.6

sources: BID: 36972 // BID: 36956

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-200911-103

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2009-002329

PATCH
title:HT3937url:http://support.apple.com/kb/HT3937
Trust: 0.8
title:HT3937url:http://support.apple.com/kb/HT3937?viewlocale=ja_JP
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2009-002329

EXTERNAL IDS
db:NVDid:CVE-2009-2828
Trust: 2.8
db:VUPENid:ADV-2009-3184
Trust: 2.5
db:BIDid:36956
Trust: 2.0
db:JVNDBid:JVNDB-2009-002329
Trust: 0.8
db:CNNVDid:CNNVD-200911-103
Trust: 0.7
db:APPLEid:APPLE-SA-2009-11-09-1
Trust: 0.6
db:BIDid:36972
Trust: 0.4
db:VULHUBid:VHN-40274
Trust: 0.1
sources:
            
            
            VULHUB: VHN-40274 // 
            
            
            
            BID: 36972 // 
            
            
            
            BID: 36956 // 
            
            
            
            JVNDB: JVNDB-2009-002329 // 
            
            
            
            CNNVD: CNNVD-200911-103 // 
            
            
            
            NVD: CVE-2009-2828

REFERENCES
url:http://www.vupen.com/english/advisories/2009/3184
Trust: 2.5
url:http://lists.apple.com/archives/security-announce/2009/nov/msg00000.html
Trust: 1.7
url:http://www.securityfocus.com/bid/36956
Trust: 1.7
url:http://support.apple.com/kb/ht3937
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2828
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-2828
Trust: 0.8
url:http://www.apple.com/macosx/
Trust: 0.6
sources:
            
            
            VULHUB: VHN-40274 // 
            
            
            
            BID: 36972 // 
            
            
            
            BID: 36956 // 
            
            
            
            JVNDB: JVNDB-2009-002329 // 
            
            
            
            CNNVD: CNNVD-200911-103 // 
            
            
            
            NVD: CVE-2009-2828

CREDITS
Brian MastenbrookRegis DuchesneNicolas Joly
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200911-103

SOURCES
db:VULHUBid:VHN-40274
db:BIDid:36972
db:BIDid:36956
db:JVNDBid:JVNDB-2009-002329
db:CNNVDid:CNNVD-200911-103
db:NVDid:CVE-2009-2828

LAST UPDATE DATE
2025-04-10T21:24:03.852000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-40274date:2009-11-17T00:00:00
db:BIDid:36972date:2009-11-10T20:46:00
db:BIDid:36956date:2009-11-11T20:56:00
db:JVNDBid:JVNDB-2009-002329date:2009-12-16T00:00:00
db:CNNVDid:CNNVD-200911-103date:2009-11-10T00:00:00
db:NVDid:CVE-2009-2828date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE
db:VULHUBid:VHN-40274date:2009-11-10T00:00:00
db:BIDid:36972date:2009-11-09T00:00:00
db:BIDid:36956date:2009-11-09T00:00:00
db:JVNDBid:JVNDB-2009-002329date:2009-12-16T00:00:00
db:CNNVDid:CNNVD-200911-103date:2009-11-10T00:00:00
db:NVDid:CVE-2009-2828date:2009-11-10T19:30:01.360