Vulnerabilities > CVE-2007-2400 - Race Condition vulnerability in Apple Iphone OS and Safari
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Race condition in Apple Safari 3 Beta before 3.0.2 on Mac OS X, Windows XP, Windows Vista, and iPhone before 1.0.1, allows remote attackers to bypass the JavaScript security model and modify pages outside of the security domain and conduct cross-site scripting (XSS) attacks via vectors related to page updating and HTTP redirects.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 5 | |
| OS | 2 | |
| Application | 2 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Leveraging Race Conditions This attack targets a race condition occurring when multiple processes access and manipulate the same resource concurrently and the outcome of the execution depends on the particular order in which the access takes place. The attacker can leverage a race condition by "running the race", modifying the resource and modifying the normal execution flow. For instance a race condition can occur while accessing a file, the attacker can trick the system by replacing the original file with his version and cause the system to read the malicious file.
- Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. The typical example is the file access. The attacker can leverage a file access race condition by "running the race", meaning that he would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the attacker could do something such as replace the file and cause an escalation of privilege.
Seebug
| bulletinFamily | exploit |
| description | CVE(CAN) ID: CVE-2007-2399,CVE-2007-2400,CVE-2007-2401,CVE-2007-3742,CVE-2007-3944 iPhone是蒴果公司开发的智能手机。 iPhone的实现上存在多个安全漏洞,可导致恶意操作浏览器或信息泄露。 具体漏洞条目如下: * CVE-2007-2400 Safari处理JavsScript的实现上存在漏洞,远程攻击者可能利用此漏洞绕过同源策略非授权操作其他网页。 * CVE-2007-3944 Safari的JavaScript引擎使用的PCRE库实现上存在堆溢出漏洞,远程攻击者可能利用此漏洞通过诱使用户访问恶意网页控制用户系统。 * CVE-2007-2401 WebCore软件包的XMLHttpRequest处理HTTP请求头时存在漏洞,导致跨站脚本执行。 * CVE-2007-3742 WebKit软件包实现上存在漏洞,可能导致浏览器中的域名欺骗。 * CVE-2007-2399 WebKit软件包在生成网页时处理无效的类型转换存在漏洞,远程攻击者可能利用此漏洞导致软件崩溃或执行任意指令。 Apple iPhone 1.0.1 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href="http://docs.info.apple.com/article.html?artnum=306173" target="_blank">http://docs.info.apple.com/article.html?artnum=306173</a> |
| id | SSV:2063 |
| last seen | 2017-11-19 |
| modified | 2007-08-02 |
| published | 2007-08-02 |
| reporter | Root |
| title | Apple iPhone多个安全漏洞 |
References
- http://lists.apple.com/archives/Security-announce/2007/Jun/msg00004.html
- http://www.securityfocus.com/bid/24599
- http://www.securitytracker.com/id?1018282
- http://docs.info.apple.com/article.html?artnum=306173
- http://www.kb.cert.org/vuls/id/289988
- http://secunia.com/advisories/26287
- http://osvdb.org/36452
- http://www.vupen.com/english/advisories/2007/2731
- http://www.vupen.com/english/advisories/2007/2316