Vulnerabilities > CVE-2008-1372 - Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Bzip Bzip2

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
bzip
CWE-119
nessus
NVD
Published: 2008-03-18
Updated: 2018-10-11

Summary

bzlib.c in bzip2 before 1.0.5 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted file that triggers a buffer over-read, as demonstrated by the PROTOS GENOME test suite for Archive Formats.

Vulnerable Configurations

Part Description Count
Application
Bzip
12

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
  • Client-side Injection-induced Buffer Overflow
    This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
  • Filter Failure through Buffer Overflow
    In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
  • MIME Conversion
    An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.

Nessus

  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2008-075.NASL
    descriptionBzip2 versions before 1.0.5 are vulnerable to a denial of service attack via malicious compressed data. The updated packages have been patched to prevent the issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id37613
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/37613
    titleMandriva Linux Security Advisory : bzip2 (MDVSA-2008:075)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20080916_BZIP2_ON_SL3_X.NASL
    descriptionA buffer over-read flaw was discovered in the bzip2 decompression routine. This issue could cause an application linked against the libbz2 library to crash when decompressing malformed archives. (CVE-2008-1372)
    last seen2020-06-01
    modified2020-06-02
    plugin id60474
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60474
    titleScientific Linux Security Update : bzip2 on SL3.x, SL4.x, SL5.x i386/x86_64
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_10_5_8.NASL
    descriptionThe remote host is running a version of Mac OS X 10.5.x that is prior to 10.5.8. Mac OS X 10.5.8 contains security fixes for the following products : - bzip2 - CFNetwork - ColorSync - CoreTypes - Dock - Image RAW - ImageIO - Kernel - launchd - Login Window - MobileMe - Networking - XQuery
    last seen2020-06-01
    modified2020-06-02
    plugin id40502
    published2009-08-05
    reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40502
    titleMac OS X 10.5.x < 10.5.8 Multiple Vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE9_12119.NASL
    descriptionSpecially crafted files could crash the bzip2-decoder. (CVE-2008-1372)
    last seen2020-06-01
    modified2020-06-02
    plugin id41204
    published2009-09-24
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41204
    titleSuSE9 Security Update : bzip2 (YOU Patch Number 12119)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_BZIP2-5112.NASL
    descriptionSpecially crafted files could crash the bzip2-decoder (CVE-2008-1372).
    last seen2020-06-01
    modified2020-06-02
    plugin id32211
    published2008-05-11
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/32211
    titleopenSUSE 10 Security Update : bzip2 (bzip2-5112)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2008-2970.NASL
    descriptionThis update fixes bzip2 denial of service (crash) on malformed archives - CVE-2008-1372, #438118. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id31820
    published2008-04-11
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/31820
    titleFedora 8 : bzip2-1.0.4-13.fc8 (2008-2970)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2008-098-02.NASL
    descriptionNew bzip2 packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, and -current to fix a DoS issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id31803
    published2008-04-11
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/31803
    titleSlackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 8.1 / 9.0 / 9.1 / current : bzip2 (SSA:2008-098-02)
  • NASL familyF5 Networks Local Security Checks
    NASL idF5_BIGIP_SOL9592.NASL
    descriptionThe remote BIG-IP device is missing a patch required by a security advisory.
    last seen2020-06-01
    modified2020-06-02
    plugin id78227
    published2014-10-10
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78227
    titleF5 Networks BIG-IP : bzip2 vulnerability (SOL9592)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2008-0893.NASL
    descriptionUpdated bzip2 packages that fix a security issue are now available for Red Hat Enterprise Linux 2.1, 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Bzip2 is a freely available, high-quality data compressor. It provides both stand-alone compression and decompression utilities, as well as a shared library for use with other programs. A buffer over-read flaw was discovered in the bzip2 decompression routine. This issue could cause an application linked against the libbz2 library to crash when decompressing malformed archives. (CVE-2008-1372) Users of bzip2 should upgrade to these updated packages, which contain a backported patch to resolve this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id34229
    published2008-09-17
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/34229
    titleRHEL 2.1 / 3 / 4 / 5 : bzip2 (RHSA-2008:0893)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-590-1.NASL
    descriptionIt was discovered that bzip2 did not correctly handle certain malformed archives. If a user or automated system were tricked into processing a specially crafted bzip2 archive, applications linked against libbz2 could be made to crash, possibly leading to a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id31677
    published2008-03-26
    reporterUbuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/31677
    titleUbuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : bzip2 vulnerability (USN-590-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2008-3037.NASL
    descriptionThis update fixes bzip2 denial of service (crash) on malformed archives - CVE-2008-1372, #438118. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id31828
    published2008-04-11
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/31828
    titleFedora 7 : bzip2-1.0.4-11.fc7 (2008-3037)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SECUPD2009-003.NASL
    descriptionThe remote host is running a version of Mac OS X 10.4 that does not have Security Update 2009-003 applied. This security update contains fixes for the following products : - bzip2 - ColorSync - ImageIO - Login Window
    last seen2020-06-01
    modified2020-06-02
    plugin id40501
    published2009-08-05
    reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40501
    titleMac OS X Multiple Vulnerabilities (Security Update 2009-003)
  • NASL familyVMware ESX Local Security Checks
    NASL idVMWARE_VMSA-2008-0019.NASL
    descriptiona. Critical Memory corruption vulnerability A memory corruption condition may occur in the virtual machine hardware. A malicious request sent from the guest operating system to the virtual hardware may cause the virtual hardware to write to uncontrolled physical memory. VMware would like to thank Andrew Honig of the Department of Defense for reporting this issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-4917 to this issue. b. Updated Service Console package bzip2 bzip2 versions before 1.0.5 can crash if certain flaws in compressed data lead to reading beyond the end of a buffer. This might cause an application linked to the libbz2 library to crash when decompressing malformed archives. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-1372 to this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id40386
    published2009-07-27
    reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40386
    titleVMSA-2008-0019 : VMware Hosted products and patches for ESX and ESXi resolve a critical security issue and update bzip2
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_063399FCF6D611DCBCEE001C2514716C.NASL
    descriptionSecurityFocus reports : The
    last seen2020-06-01
    modified2020-06-02
    plugin id31633
    published2008-03-21
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/31633
    titleFreeBSD : bzip2 -- crash with certain malformed archive files (063399fc-f6d6-11dc-bcee-001c2514716c)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2008-0893.NASL
    descriptionUpdated bzip2 packages that fix a security issue are now available for Red Hat Enterprise Linux 2.1, 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Bzip2 is a freely available, high-quality data compressor. It provides both stand-alone compression and decompression utilities, as well as a shared library for use with other programs. A buffer over-read flaw was discovered in the bzip2 decompression routine. This issue could cause an application linked against the libbz2 library to crash when decompressing malformed archives. (CVE-2008-1372) Users of bzip2 should upgrade to these updated packages, which contain a backported patch to resolve this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id34222
    published2008-09-17
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/34222
    titleCentOS 3 / 4 / 5 : bzip2 (CESA-2008:0893)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2008-0893.NASL
    descriptionFrom Red Hat Security Advisory 2008:0893 : Updated bzip2 packages that fix a security issue are now available for Red Hat Enterprise Linux 2.1, 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Bzip2 is a freely available, high-quality data compressor. It provides both stand-alone compression and decompression utilities, as well as a shared library for use with other programs. A buffer over-read flaw was discovered in the bzip2 decompression routine. This issue could cause an application linked against the libbz2 library to crash when decompressing malformed archives. (CVE-2008-1372) Users of bzip2 should upgrade to these updated packages, which contain a backported patch to resolve this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id67750
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67750
    titleOracle Linux 3 / 4 / 5 : bzip2 (ELSA-2008-0893)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200804-02.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200804-02 (bzip2: Denial of Service) The Oulu University discovered that bzip2 does not properly check offsets provided by the bzip2 file, leading to a buffer overread. Impact : Remote attackers can entice a user or automated system to open a specially crafted file that triggers a buffer overread, causing a Denial of Service. libbz2 and programs linking against it are also affected. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id31753
    published2008-04-04
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/31753
    titleGLSA-200804-02 : bzip2: Denial of Service
  • NASL familySuSE Local Security Checks
    NASL idSUSE_BZIP2-5114.NASL
    descriptionSpecially crafted files could crash the bzip2-decoder. (CVE-2008-1372)
    last seen2020-06-01
    modified2020-06-02
    plugin id32212
    published2008-05-11
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/32212
    titleSuSE 10 Security Update : bzip2 (ZYPP Patch Number 5114)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200903-40.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200903-40 (Analog: Denial of Service) Diego E. Petteno reported that the Analog package in Gentoo is built with its own copy of bzip2, making it vulnerable to CVE-2008-1372 (GLSA 200804-02). Impact : A local attacker could place specially crafted log files into a log directory being analyzed by analog, e.g. /var/log/apache, resulting in a crash when being processed by the application. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id36048
    published2009-03-30
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/36048
    titleGLSA-200903-40 : Analog: Denial of Service
  • NASL familySuSE Local Security Checks
    NASL idSUSE_BZIP2-5295.NASL
    descriptionSpecially crafted files could crash the bzip2-decoder. (CVE-2008-1372)
    last seen2020-06-01
    modified2020-06-02
    plugin id41482
    published2009-09-24
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41482
    titleSuSE 10 Security Update : Linux kernel (ZYPP Patch Number 5295)

Oval

  • accepted2013-04-29T04:01:09.336-04:00
    classvulnerability
    contributors
    • nameAharon Chernin
      organizationSCAP.com, LLC
    • nameDragos Prisaca
      organizationG2, Inc.
    definition_extensions
    • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
      ovaloval:org.mitre.oval:def:11782
    • commentCentOS Linux 3.x
      ovaloval:org.mitre.oval:def:16651
    • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
      ovaloval:org.mitre.oval:def:11831
    • commentCentOS Linux 4.x
      ovaloval:org.mitre.oval:def:16636
    • commentOracle Linux 4.x
      ovaloval:org.mitre.oval:def:15990
    • commentThe operating system installed on the system is Red Hat Enterprise Linux 5
      ovaloval:org.mitre.oval:def:11414
    • commentThe operating system installed on the system is CentOS Linux 5.x
      ovaloval:org.mitre.oval:def:15802
    • commentOracle Linux 5.x
      ovaloval:org.mitre.oval:def:15459
    descriptionbzlib.c in bzip2 before 1.0.5 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted file that triggers a buffer over-read, as demonstrated by the PROTOS GENOME test suite for Archive Formats.
    familyunix
    idoval:org.mitre.oval:def:10067
    statusaccepted
    submitted2010-07-09T03:56:16-04:00
    titlebzlib.c in bzip2 before 1.0.5 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted file that triggers a buffer over-read, as demonstrated by the PROTOS GENOME test suite for Archive Formats.
    version27
  • accepted2010-05-17T04:00:17.984-04:00
    classvulnerability
    contributors
    • nameMichael Wood
      organizationHewlett-Packard
    • nameMichael Wood
      organizationHewlett-Packard
    • nameJ. Daniel Brown
      organizationDTCC
    definition_extensions
    • commentVMWare ESX Server 3.0.3 is installed
      ovaloval:org.mitre.oval:def:6026
    • commentVMWare ESX Server 3.0.2 is installed
      ovaloval:org.mitre.oval:def:5613
    • commentVMware ESX Server 3.5.0 is installed
      ovaloval:org.mitre.oval:def:5887
    descriptionbzlib.c in bzip2 before 1.0.5 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted file that triggers a buffer over-read, as demonstrated by the PROTOS GENOME test suite for Archive Formats.
    familyunix
    idoval:org.mitre.oval:def:6467
    statusaccepted
    submitted2009-09-23T15:39:02.000-04:00
    titleBzip2 Bug Lets Remote Users Deny Service
    version6

Redhat

advisories
bugzilla
id438118
titleCVE-2008-1372 bzip2: crash on malformed archive file
oval
OR
  • commentRed Hat Enterprise Linux must be installed
    ovaloval:com.redhat.rhba:tst:20070304026
  • AND
    • commentRed Hat Enterprise Linux 4 is installed
      ovaloval:com.redhat.rhba:tst:20070304025
    • OR
      • AND
        • commentbzip2-libs is earlier than 0:1.0.2-14.el4_7
          ovaloval:com.redhat.rhsa:tst:20080893001
        • commentbzip2-libs is signed with Red Hat master key
          ovaloval:com.redhat.rhsa:tst:20080893002
      • AND
        • commentbzip2 is earlier than 0:1.0.2-14.el4_7
          ovaloval:com.redhat.rhsa:tst:20080893003
        • commentbzip2 is signed with Red Hat master key
          ovaloval:com.redhat.rhsa:tst:20080893004
      • AND
        • commentbzip2-devel is earlier than 0:1.0.2-14.el4_7
          ovaloval:com.redhat.rhsa:tst:20080893005
        • commentbzip2-devel is signed with Red Hat master key
          ovaloval:com.redhat.rhsa:tst:20080893006
  • AND
    • commentRed Hat Enterprise Linux 5 is installed
      ovaloval:com.redhat.rhba:tst:20070331005
    • OR
      • AND
        • commentbzip2-libs is earlier than 0:1.0.3-4.el5_2
          ovaloval:com.redhat.rhsa:tst:20080893008
        • commentbzip2-libs is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhsa:tst:20080893009
      • AND
        • commentbzip2 is earlier than 0:1.0.3-4.el5_2
          ovaloval:com.redhat.rhsa:tst:20080893010
        • commentbzip2 is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhsa:tst:20080893011
      • AND
        • commentbzip2-devel is earlier than 0:1.0.3-4.el5_2
          ovaloval:com.redhat.rhsa:tst:20080893012
        • commentbzip2-devel is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhsa:tst:20080893013
rhsa
idRHSA-2008:0893
released2008-09-16
severityModerate
titleRHSA-2008:0893: bzip2 security update (Moderate)
rpms
  • bzip2-0:1.0.1-5.EL2.1
  • bzip2-0:1.0.2-12.EL3
  • bzip2-0:1.0.2-14.el4_7
  • bzip2-0:1.0.3-4.el5_2
  • bzip2-debuginfo-0:1.0.2-12.EL3
  • bzip2-debuginfo-0:1.0.2-14.el4_7
  • bzip2-debuginfo-0:1.0.3-4.el5_2
  • bzip2-devel-0:1.0.1-5.EL2.1
  • bzip2-devel-0:1.0.2-12.EL3
  • bzip2-devel-0:1.0.2-14.el4_7
  • bzip2-devel-0:1.0.3-4.el5_2
  • bzip2-libs-0:1.0.1-5.EL2.1
  • bzip2-libs-0:1.0.2-12.EL3
  • bzip2-libs-0:1.0.2-14.el4_7
  • bzip2-libs-0:1.0.3-4.el5_2

Seebug

bulletinFamilyexploit
descriptionBugraq ID: 35954 CVE ID:CVE-2009-1723 CVE-2009-1726 CVE-2009-1727 CVE-2009-0151 CVE-2009-1728 CVE-2009-2188 CVE-2009-2190 CVE-2009-2191 CVE-2009-2192 CVE-2009-2193 CVE-2009-2194 CNCVE ID:CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20092188 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 CNCVE-20092194 Apple Mac OS X是一款基于BSD的操作系统。 Apple Mac OS X安全升级2009-003修复多个安全漏洞: CVE-ID: CVE-2008-1372: CNCVE ID:CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20092188 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 CNCVE-20092194 CNCVE-20081372 bzip2存在越界内存发那个吻问题,构建恶意的压缩文件,诱使用户打开可导致应用程序崩溃。 CVE-ID: CVE-2009-1723: CNCVE ID:CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20092188 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 CNCVE-20092194 CNCVE-20081372 CNCVE-20091723 当Safari访问到通过302重定向的WEB站点时,会提示证书警告,此警告会包含原始WEB站点URL来代替当前WEB站点URL,这允许恶意构建的WEB站点可控制显示在证书警告中的WEB站点URL,导致用户盲目信任。 CVE-ID: CVE-2009-1726: CNCVE ID:CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20092188 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 CNCVE-20092194 CNCVE-20081372 CNCVE-20091723 CNCVE-20091726 打开一个特殊构建的使用嵌入式ColorSync配置文件的图像时可导致应用程序崩溃。 CVE-ID: CVE-2009-1727: CNCVE ID:CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20092188 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 CNCVE-20092194 CNCVE-20081372 CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 打开部分不安全内容类型时没有对用户提示警告,可导致恶意脚本代码负载执行。 CVE-ID: CVE-2009-0151: CNCVE ID:CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20092188 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 CNCVE-20092194 CNCVE-20081372 CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 屏幕保护没有正确阻断four-finger Multi-Touch gestures多点触控,允许物理访问的用户可管理应用程序。 CVE-ID: CVE-2009-1728: CNCVE ID:CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20092188 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 CNCVE-20092194 CNCVE-20081372 CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 处理Canon RAW图像存在多个栈缓冲区溢出。 CVE-ID: CVE-2009-1722: CNCVE ID:CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20092188 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 CNCVE-20092194 CNCVE-20081372 CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20091722 ImageIO处理OpenEXR图像存在堆缓冲区溢出。 CVE-ID: CVE-2009-1721: CNCVE ID:CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20092188 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 CNCVE-20092194 CNCVE-20081372 CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20091722 CNCVE-20091721 ImageIO处理OpenEXR图像存在未初始化内存访问问题,可导致应用程序崩溃或任意代码执行 。 CVE-ID: CVE-2009-1720: CNCVE ID:CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20092188 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 CNCVE-20092194 CNCVE-20081372 CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20091722 CNCVE-20091721 CNCVE-20091720 ImageIO处理OpenEXR图像存在整数溢出问题,可导致应用程序崩溃或任意代码执行。 CVE-ID: CVE-2009-2188: CNCVE ID:CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20092188 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 CNCVE-20092194 CNCVE-20081372 CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20091722 CNCVE-20091721 CNCVE-20091720 CNCVE-20092188 ImageIO处理EXIF元数据存在缓冲区溢出问题,可导致应用程序崩溃或任意代码执行。 CVE-ID: CVE-2009-0040: CNCVE ID:CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20092188 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 CNCVE-20092194 CNCVE-20081372 CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20091722 CNCVE-20091721 CNCVE-20091720 CNCVE-20092188 CNCVE-20090040 处理PNG图像存在未初始化指针问题,构建特殊的PNG诱使用户处理可导致应用程序崩溃或任意代码执行。 CVE-ID: CVE-2009-1235: CNCVE ID:CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20092188 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 CNCVE-20092194 CNCVE-20081372 CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20091722 CNCVE-20091721 CNCVE-20091720 CNCVE-20092188 CNCVE-20090040 CNCVE-20091235 内核fcntl系统调用处理存在实现错误,本地攻击者可以覆盖内核内存以系统特权执行任意代码。 CVE-ID: CVE-2009-2190: CNCVE ID:CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20092188 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 CNCVE-20092194 CNCVE-20081372 CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20091722 CNCVE-20091721 CNCVE-20091720 CNCVE-20092188 CNCVE-20090040 CNCVE-20091235 CNCVE-20092190 对基于inetd的launchd服务打开多个连接,可导致launchd停止对外连接的响应。 CVE-ID: CVE-2009-2191: CNCVE ID:CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20092188 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 CNCVE-20092194 CNCVE-20081372 CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20091722 CNCVE-20091721 CNCVE-20091720 CNCVE-20092188 CNCVE-20090040 CNCVE-20091235 CNCVE-20092190 CNCVE-20092191 登录窗口处理应用程序名存在格式串问题,可导致应用程序崩溃或任意代码执行。 CVE-ID: CVE-2009-2192: CNCVE ID:CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20092188 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 CNCVE-20092194 CNCVE-20081372 CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20091722 CNCVE-20091721 CNCVE-20091720 CNCVE-20092188 CNCVE-20090040 CNCVE-20091235 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 MobileMe存在一个逻辑错误,在退出时没有删除所有凭据,本地用户可以访问其他MobileMe帐户相关资源。 CVE-ID: CVE-2009-2193: CNCVE ID:CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20092188 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 CNCVE-20092194 CNCVE-20081372 CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20091722 CNCVE-20091721 CNCVE-20091720 CNCVE-20092188 CNCVE-20090040 CNCVE-20091235 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 内核处理 AppleTalk应答报文存在缓冲区溢出,可导致以系统权限执行任意指令。 CVE-ID: CVE-2009-2194: CNCVE ID:CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20092188 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 CNCVE-20092194 CNCVE-20081372 CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20091722 CNCVE-20091721 CNCVE-20091720 CNCVE-20092188 CNCVE-20090040 CNCVE-20091235 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 CNCVE-20092194 处理通过本地套接字共享的文件描述符存在同步问题,通过发送包含文件描述符的消息给没有接收者的套接字,本地用户可导致系统崩溃。 CVE-ID: CVE-2008-0674: CNCVE ID:CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20092188 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 CNCVE-20092194 CNCVE-20081372 CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20091722 CNCVE-20091721 CNCVE-20091720 CNCVE-20092188 CNCVE-20090040 CNCVE-20091235 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 CNCVE-20092194 CNCVE-20080674 XQuery使用的PCRE库处理规则表达式中的字符类存在缓冲区溢出,构建恶意的XML内容诱使用户访问可触发此漏洞。 Apple Mac OS X Server 10.5.7 Apple Mac OS X Server 10.5.6 Apple Mac OS X Server 10.5.5 Apple Mac OS X Server 10.5.4 Apple Mac OS X Server 10.5.3 Apple Mac OS X Server 10.5.2 Apple Mac OS X Server 10.5.1 Apple Mac OS X Server 10.4.11 Apple Mac OS X Server 10.4.11 Apple Mac OS X Server 10.4.10 Apple Mac OS X Server 10.4.9 Apple Mac OS X Server 10.4.8 Apple Mac OS X Server 10.4.7 Apple Mac OS X Server 10.4.6 Apple Mac OS X Server 10.4.5 Apple Mac OS X Server 10.4.4 Apple Mac OS X Server 10.4.3 Apple Mac OS X Server 10.4.2 Apple Mac OS X Server 10.4.1 Apple Mac OS X Server 10.4 Apple Mac OS X Server 10.5 Apple Mac OS X 10.5.7 Apple Mac OS X 10.5.6 Apple Mac OS X 10.5.5 Apple Mac OS X 10.5.4 Apple Mac OS X 10.5.3 Apple Mac OS X 10.5.2 Apple Mac OS X 10.5.1 Apple Mac OS X 10.4.11 Apple Mac OS X 10.4.11 Apple Mac OS X 10.4.10 Apple Mac OS X 10.4.9 Apple Mac OS X 10.4.8 Apple Mac OS X 10.4.7 Apple Mac OS X 10.4.6 Apple Mac OS X 10.4.5 Apple Mac OS X 10.4.4 Apple Mac OS X 10.4.3 Apple Mac OS X 10.4.2 Apple Mac OS X 10.4.1 Apple Mac OS X 10.4 Apple Mac OS X 10.5 厂商解决方案 用户可联系供应商获得升级补丁: Apple Mac OS X Server 10.5 Apple MacOSXServerUpdCombo10.5.8.dmg http://www.apple.com/support/downloads/ Apple Mac OS X 10.5 Apple MacOSXUpdCombo10.5.8.dmg http://www.apple.com/support/downloads/ Apple Mac OS X Server 10.4.11 Apple SecUpdSrvr2009-003PPC.dmg PowerPC http://www.apple.com/support/downloads/ Apple SecUpdSrvr2009-003Univ.dmg Universal http://www.apple.com/support/downloads/ Apple Mac OS X 10.4.11 Apple SecUpd2009-003Intel.dmg Intel http://www.apple.com/support/downloads/ Apple SecUpd2009-003PPC.dmg PPC http://www.apple.com/support/downloads/ Apple Mac OS X 10.5.1 Apple MacOSXUpdCombo10.5.8.dmg http://www.apple.com/support/downloads/ Apple Mac OS X Server 10.5.1 Apple MacOSXServerUpdCombo10.5.8.dmg http://www.apple.com/support/downloads/ Apple Mac OS X 10.5.2 Apple MacOSXUpdCombo10.5.8.dmg http://www.apple.com/support/downloads/ Apple Mac OS X Server 10.5.2 Apple MacOSXServerUpdCombo10.5.8.dmg http://www.apple.com/support/downloads/ Apple Mac OS X 10.5.3 Apple MacOSXUpdCombo10.5.8.dmg http://www.apple.com/support/downloads/ Apple Mac OS X Server 10.5.3 Apple MacOSXServerUpdCombo10.5.8.dmg http://www.apple.com/support/downloads/ Apple Mac OS X 10.5.4 Apple MacOSXUpdCombo10.5.8.dmg http://www.apple.com/support/downloads/ Apple Mac OS X Server 10.5.4 Apple MacOSXServerUpdCombo10.5.8.dmg http://www.apple.com/support/downloads/ Apple Mac OS X Server 10.5.5 Apple MacOSXServerUpdCombo10.5.8.dmg http://www.apple.com/support/downloads/ Apple Mac OS X 10.5.5 Apple MacOSXUpdCombo10.5.8.dmg http://www.apple.com/support/downloads/ Apple Mac OS X 10.5.6 Apple MacOSXUpdCombo10.5.8.dmg http://www.apple.com/support/downloads/ Apple Mac OS X Server 10.5.6 Apple MacOSXServerUpdCombo10.5.8.dmg http://www.apple.com/support/downloads/ Apple Mac OS X Server 10.5.7 Apple MacOSXServerUpd10.5.8.dmg http://www.apple.com/support/downloads/ Apple Mac OS X 10.5.7 Apple MacOSXUpd10.5.8.dmg http://www.apple.com/support/downloads/
idSSV:11998
last seen2017-11-19
modified2009-08-06
published2009-08-06
reporterRoot
titleApple Mac OS X 2009-003修补多个安全漏洞

Statements

contributorJoshua Bressers
lastmodified2008-10-17
organizationRed Hat
statementRed Hat has re-evaluated the potential impact of this flaw and has released an update which corrects this behavior: http://rhn.redhat.com/errata/RHSA-2008-0893.html

References