Sign-up

ID

VAR-201006-0231


CVE

CVE-2010-1379


TITLE

Apple Mac OS X Service operation in printer settings (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2010-001658

DESCRIPTION

Printer Setup in Apple Mac OS X 10.6 before 10.6.4 does not properly interpret character encoding, which allows remote attackers to cause a denial of service (printing failure) by deploying a printing device that has a Unicode character in its printing-service name. (DoS) There is a vulnerability that becomes a condition.Print service name by third party Unicode Denial of service via deployment of devices using characters (DoS) There is a possibility of being put into a state. The update addresses new vulnerabilities that affect the CUPS, DesktopServices, Folder Manager, Help Viewer, iChat, ImageIO, Network Authorization, Open Directory, Printer Setup, Printing, Ruby, SMB File Server, and Wiki Server components of Mac OS X. The advisory also contains security updates for 13 previously reported issues. This BID is being retired. Attackers can exploit this issue to create a denial-of-service condition

Trust: 2.25

sources: NVD: CVE-2010-1379 // JVNDB: JVNDB-2010-001658 // BID: 40871 // BID: 40888 // VULHUB: VHN-43984

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:eqversion:10.6.3

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.6.2

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.6.2

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.6.1

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.6.3

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.6.1

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.6.0

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.6.0

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:v10.6 to v10.6.3

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.6 to v10.6.3

Trust: 0.8

vendor:applemodel:mac os serverscope:eqversion:x10.6.3

Trust: 0.6

vendor:applemodel:mac os serverscope:eqversion:x10.6.2

Trust: 0.6

vendor:applemodel:mac os serverscope:eqversion:x10.6.1

Trust: 0.6

vendor:applemodel:mac os serverscope:eqversion:x10.6

Trust: 0.6

vendor:applemodel:mac osscope:eqversion:x10.6.3

Trust: 0.6

vendor:applemodel:mac osscope:eqversion:x10.6.2

Trust: 0.6

vendor:applemodel:mac osscope:eqversion:x10.6.1

Trust: 0.6

vendor:applemodel:mac osscope:eqversion:x10.6

Trust: 0.6

vendor:applemodel:mac os serverscope:neversion:x10.6.4

Trust: 0.6

vendor:applemodel:mac osscope:neversion:x10.6.4

Trust: 0.6

vendor:applemodel:mac os serverscope:eqversion:x10.5.8

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.7

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.6

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.5

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.8

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.7

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5

Trust: 0.3

sources: BID: 40871 // BID: 40888 // JVNDB: JVNDB-2010-001658 // CNNVD: CNNVD-201006-290 // NVD: CVE-2010-1379

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2010-1379
value: MEDIUM

Trust: 1.0

NVD: CVE-2010-1379
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201006-290
value: MEDIUM

Trust: 0.6

VULHUB: VHN-43984
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2010-1379
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-43984
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-43984 // JVNDB: JVNDB-2010-001658 // CNNVD: CNNVD-201006-290 // NVD: CVE-2010-1379

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-43984 // JVNDB: JVNDB-2010-001658 // NVD: CVE-2010-1379

THREAT TYPE

network

Trust: 0.6

sources: BID: 40871 // BID: 40888

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201006-290

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2010-001658

PATCH
title:HT4188url:http://support.apple.com/kb/HT4188
Trust: 0.8
title:HT4188url:http://support.apple.com/kb/HT4188?viewlocale=ja_JP
Trust: 0.8
title:Mac OS X v10.6.4 Update (Combo)url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=3705
Trust: 0.6
title:Mac OS X Server v10.6.4 Update Mac mini (Mid 2010)url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=3709
Trust: 0.6
title:Mac OS X v10.6.4 Updateurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=3704
Trust: 0.6
title:Mac OS X Server v10.6.4 Update (Combo)url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=3708
Trust: 0.6
title:Security Update 2010-004 (Leopard-Client)url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=3703
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2010-001658 // 
            
            
            
            CNNVD: CNNVD-201006-290

EXTERNAL IDS
db:NVDid:CVE-2010-1379
Trust: 2.8
db:VUPENid:ADV-2010-1481
Trust: 2.5
db:SECUNIAid:40220
Trust: 2.5
db:SECTRACKid:1024103
Trust: 2.5
db:BIDid:40871
Trust: 2.0
db:JVNDBid:JVNDB-2010-001658
Trust: 0.8
db:CNNVDid:CNNVD-201006-290
Trust: 0.7
db:APPLEid:APPLE-SA-2010-06-15-1
Trust: 0.6
db:BIDid:40888
Trust: 0.4
db:VULHUBid:VHN-43984
Trust: 0.1
sources:
            
            
            VULHUB: VHN-43984 // 
            
            
            
            BID: 40871 // 
            
            
            
            BID: 40888 // 
            
            
            
            JVNDB: JVNDB-2010-001658 // 
            
            
            
            CNNVD: CNNVD-201006-290 // 
            
            
            
            NVD: CVE-2010-1379

REFERENCES
url:http://secunia.com/advisories/40220
Trust: 2.5
url:http://www.vupen.com/english/advisories/2010/1481
Trust: 2.5
url:http://lists.apple.com/archives/security-announce/2010//jun/msg00001.html
Trust: 1.7
url:http://www.securityfocus.com/bid/40871
Trust: 1.7
url:http://support.apple.com/kb/ht4188
Trust: 1.7
url:http://securitytracker.com/id?1024103
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1379
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-1379
Trust: 0.8
url:http://www.securitytracker.com/id?1024103
Trust: 0.8
url:http://www.apple.com/macosx/
Trust: 0.6
sources:
            
            
            VULHUB: VHN-43984 // 
            
            
            
            BID: 40871 // 
            
            
            
            BID: 40888 // 
            
            
            
            JVNDB: JVNDB-2010-001658 // 
            
            
            
            CNNVD: CNNVD-201006-290 // 
            
            
            
            NVD: CVE-2010-1379

CREDITS
Apple; Adrian 'pagvac' Pastor of GNUCITIZEN, and Tim Starling; Tim Waugh; Luca Carettoni; Michi Ruepp of pianobakery.com; Clint Ruoho of Laconic Security; Kevin Finisterre of digitalmunition.com; MIT Kerberos Team; Joel Johnson, Debian, Brian Almeida; Emm
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201006-290

SOURCES
db:VULHUBid:VHN-43984
db:BIDid:40871
db:BIDid:40888
db:JVNDBid:JVNDB-2010-001658
db:CNNVDid:CNNVD-201006-290
db:NVDid:CVE-2010-1379

LAST UPDATE DATE
2025-04-11T21:17:23.363000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-43984date:2010-06-18T00:00:00
db:BIDid:40871date:2010-06-16T21:59:00
db:BIDid:40888date:2010-06-15T00:00:00
db:JVNDBid:JVNDB-2010-001658date:2010-07-12T00:00:00
db:CNNVDid:CNNVD-201006-290date:2010-06-21T00:00:00
db:NVDid:CVE-2010-1379date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:VULHUBid:VHN-43984date:2010-06-17T00:00:00
db:BIDid:40871date:2010-06-15T00:00:00
db:BIDid:40888date:2010-06-15T00:00:00
db:JVNDBid:JVNDB-2010-001658date:2010-07-12T00:00:00
db:CNNVDid:CNNVD-201006-290date:2010-06-21T00:00:00
db:NVDid:CVE-2010-1379date:2010-06-17T16:30:01.670