Vulnerabilities > CVE-2008-2307 - Resource Management Errors vulnerability in Apple Safari
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Unspecified vulnerability in WebKit in Apple Safari before 3.1.2, as distributed in Mac OS X before 10.5.4, and standalone for Windows and Mac OS X 10.4, allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors involving JavaScript arrays that trigger memory corruption.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2008-6220.NASL description This updated WebKit snapshot fixes CVE-2008-2307. (A memory corruption issue exists in WebKit last seen 2020-06-01 modified 2020-06-02 plugin id 33458 published 2008-07-10 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/33458 title Fedora 8 : WebKit-1.0.0-0.10.svn34655.fc8 (2008-6220) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2008-6220. # include("compat.inc"); if (description) { script_id(33458); script_version ("1.14"); script_cvs_date("Date: 2019/08/02 13:32:28"); script_cve_id("CVE-2008-2307"); script_bugtraq_id(29836); script_xref(name:"FEDORA", value:"2008-6220"); script_name(english:"Fedora 8 : WebKit-1.0.0-0.10.svn34655.fc8 (2008-6220)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "This updated WebKit snapshot fixes CVE-2008-2307. (A memory corruption issue exists in WebKit's handling of JavaScript arrays. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=454092" ); # https://lists.fedoraproject.org/pipermail/package-announce/2008-July/012199.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?5c295b20" ); script_set_attribute( attribute:"solution", value:"Update the affected WebKit package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:WebKit"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:8"); script_set_attribute(attribute:"patch_publication_date", value:"2008/07/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/07/10"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 8.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC8", reference:"WebKit-1.0.0-0.10.svn34655.fc8")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "WebKit"); }NASL family MacOS X Local Security Checks NASL id MACOSX_SAFARI3_1_2.NASL description The version of Apple Safari installed on the remote host reportedly has a memory corruption issue in WebKit last seen 2020-06-01 modified 2020-06-02 plugin id 33286 published 2008-07-01 reporter This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/33286 title Mac OS X : Apple Safari < 3.1.2 code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(33286); script_version("1.15"); script_cvs_date("Date: 2018/07/14 1:59:35"); script_cve_id("CVE-2008-2307"); script_bugtraq_id(29836); script_xref(name:"Secunia", value:"30801"); script_name(english:"Mac OS X : Apple Safari < 3.1.2"); script_summary(english:"Check the Safari SourceVersion"); script_set_attribute(attribute:"synopsis", value: "The remote host contains a web browser that is affected by a buffer overflow vulnerability."); script_set_attribute(attribute:"description", value: "The version of Apple Safari installed on the remote host reportedly has a memory corruption issue in WebKit's handling of JavaScript arrays."); script_set_attribute(attribute:"see_also", value:"http://support.apple.com/kb/HT2165"); script_set_attribute(attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2008/Jun/msg00003.html"); script_set_attribute(attribute:"solution", value:"Upgrade to Apple Safari 3.1.2 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(399); script_set_attribute(attribute:"plugin_publication_date", value:"2008/07/01"); script_set_attribute(attribute:"patch_publication_date", value:"2008/06/30"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:safari"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc."); script_dependencies("macosx_Safari31.nasl"); script_require_keys("Host/local_checks_enabled", "Host/uname", "Host/MacOSX/Version", "MacOSX/Safari/Installed"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled."); os = get_kb_item("Host/MacOSX/Version"); if (!os) audit(AUDIT_OS_NOT, "Mac OS X"); uname = get_kb_item_or_exit("Host/uname"); if (!egrep(pattern:"Darwin.* (8\.[0-9]\.|8\.1[01]\.)", string:uname)) audit(AUDIT_OS_NOT, "Mac OS X 10.4"); get_kb_item_or_exit("MacOSX/Safari/Installed"); path = get_kb_item_or_exit("MacOSX/Safari/Path", exit_code:1); version = get_kb_item_or_exit("MacOSX/Safari/Version", exit_code:1); fixed_version = "3.1.2"; if (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1) { if (report_verbosity > 0) { report = '\n Installed version : ' + version + '\n Fixed version : ' + fixed_version + '\n'; security_hole(port:0, extra:report); } else security_hole(0); } else audit(AUDIT_INST_VER_NOT_VULN, "Safari", version);NASL family Windows NASL id SAFARI_3_1_2.NASL description The version of Safari installed on the remote host reportedly is affected by several issues : - An out-of-bounds memory read while handling BMP and GIF images may lead to information disclosure (CVE-2008-1573). - Safari will automatically launch executable files downloaded from a site if that site is in an IE7 zone with last seen 2020-06-01 modified 2020-06-02 plugin id 33226 published 2008-06-20 reporter This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/33226 title Safari < 3.1.2 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(33226); script_version("1.15"); script_cvs_date("Date: 2018/11/15 20:50:28"); script_cve_id( "CVE-2008-1573", "CVE-2008-2306", "CVE-2008-2307", "CVE-2008-2540" ); script_bugtraq_id(29445, 29513, 29835, 29836); script_xref(name:"Secunia", value:"30775"); script_name(english:"Safari < 3.1.2 Multiple Vulnerabilities"); script_summary(english:"Checks version number of Safari"); script_set_attribute(attribute:"synopsis", value: "The remote host contains a web browser that is affected by several issues." ); script_set_attribute(attribute:"description", value: "The version of Safari installed on the remote host reportedly is affected by several issues : - An out-of-bounds memory read while handling BMP and GIF images may lead to information disclosure (CVE-2008-1573). - Safari will automatically launch executable files downloaded from a site if that site is in an IE7 zone with 'Launching applications and unsafe files' set to 'Enable' or an IE6 'Local intranet ' / ' Trusted sites' zone (CVE-2008-2306). - There is a memory corruption issue in WebKit's handling of JavaScript arrays that could be leveraged to crash the application or execute arbitrary code if visiting a malicious site (CVE-2008-2307). - When handling an object with an unrecognized content type, Safari does not prompt the user before downloading the object (aka, the 'carpet-bombing' issue). If the download location is the Windows Desktop (the default), this could lead to arbitrary code execution (CVE-2008-2540)." ); script_set_attribute(attribute:"see_also", value:"https://support.apple.com/en-us/HT201222" ); script_set_attribute(attribute:"see_also", value:"https://lists.apple.com/archives/security-announce/2008/Jun/msg00001.html" ); script_set_attribute(attribute:"solution", value: "Upgrade to Safari 3.1.2 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(119, 264, 399); script_set_attribute(attribute:"plugin_publication_date", value: "2008/06/20"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:safari"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc."); script_dependencies("safari_installed.nasl"); script_require_keys("SMB/Safari/FileVersion"); exit(0); } include("global_settings.inc"); ver = get_kb_item("SMB/Safari/FileVersion"); if (isnull(ver)) exit(0); iver = split(ver, sep:'.', keep:FALSE); for (i=0; i<max_index(iver); i++) iver[i] = int(iver[i]); if ( iver[0] < 3 || ( iver[0] == 3 && ( iver[1] < 525 || (iver[1] == 525 && iver[2] < 21) ) ) ) { if (report_verbosity) { prod_ver = get_kb_item("SMB/Safari/ProductVersion"); if (!isnull(prod_ver)) ver = prod_ver; report = string( "\n", "Safari version ", ver, " is currently installed on the remote host.\n" ); security_hole(port:get_kb_item("SMB/transport"), extra:report); } else security_hole(get_kb_item("SMB/transport")); }NASL family MacOS X Local Security Checks NASL id MACOSX_10_5_4.NASL description The remote host is running a version of Mac OS X 10.5.x that is prior to 10.5.4. Mac OS X 10.5.4 contains security fixes for multiple components. last seen 2020-06-01 modified 2020-06-02 plugin id 33281 published 2008-07-01 reporter This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/33281 title Mac OS X 10.5.x < 10.5.4 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # if (!defined_func("bn_random")) exit(0); if ( NASL_LEVEL < 3004 ) exit(0); include("compat.inc"); if (description) { script_id(33281); script_version("1.22"); script_cvs_date("Date: 2018/07/14 1:59:35"); script_cve_id("CVE-2005-3164", "CVE-2007-1355", "CVE-2007-2449", "CVE-2007-2450", "CVE-2007-3382", "CVE-2007-3383", "CVE-2007-3385", "CVE-2007-5333", "CVE-2007-5461", "CVE-2007-6276", "CVE-2008-0960", "CVE-2008-1105", "CVE-2008-1145", "CVE-2008-2307", "CVE-2008-2308", "CVE-2008-2309", "CVE-2008-2310", "CVE-2008-2311", "CVE-2008-2313", "CVE-2008-2314", "CVE-2008-2662", "CVE-2008-2663", "CVE-2008-2664", "CVE-2008-2725", "CVE-2008-2726"); script_bugtraq_id(15003, 24058, 24475, 24476, 24999, 25316, 26070, 26699, 27706, 28123, 29404, 29623, 29836, 30018); script_xref(name:"Secunia", value:"30802"); script_name(english:"Mac OS X 10.5.x < 10.5.4 Multiple Vulnerabilities"); script_summary(english:"Check the version of Mac OS X"); script_set_attribute(attribute:"synopsis", value: "The remote host is missing a Mac OS X update that fixes various security issues." ); script_set_attribute(attribute:"description", value: "The remote host is running a version of Mac OS X 10.5.x that is prior to 10.5.4. Mac OS X 10.5.4 contains security fixes for multiple components."); script_set_attribute(attribute:"see_also", value:"http://support.apple.com/kb/HT2163" ); script_set_attribute(attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2008/Jun/msg00002.html" ); script_set_attribute(attribute:"solution", value: "Upgrade to Mac OS X 10.5.4 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'D2ExploitPack'); script_cwe_id(22, 59, 79, 119, 134, 189, 200, 264, 287, 362, 399); script_set_attribute(attribute:"plugin_publication_date", value: "2008/07/01"); script_set_attribute(attribute:"vuln_publication_date", value: "2005/09/30"); script_set_attribute(attribute:"patch_publication_date", value: "2008/06/30"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc."); script_dependencies("ssh_get_info.nasl", "os_fingerprint.nasl"); exit(0); } os = get_kb_item("Host/MacOSX/Version"); if (!os) os = get_kb_item("Host/OS"); if (!os) exit(0); if (ereg(pattern:"Mac OS X 10\.5\.[0-3]([^0-9]|$)", string:os)) security_hole(0);NASL family Fedora Local Security Checks NASL id FEDORA_2008-6186.NASL description This updated WebKit snapshot fixes CVE-2008-2307. (A memory corruption issue exists in WebKit last seen 2020-06-01 modified 2020-06-02 plugin id 33453 published 2008-07-10 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/33453 title Fedora 9 : WebKit-1.0.0-0.11.svn34655.fc9 (2008-6186) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2008-6186. # include("compat.inc"); if (description) { script_id(33453); script_version ("1.14"); script_cvs_date("Date: 2019/08/02 13:32:28"); script_cve_id("CVE-2008-2307"); script_bugtraq_id(29836); script_xref(name:"FEDORA", value:"2008-6186"); script_name(english:"Fedora 9 : WebKit-1.0.0-0.11.svn34655.fc9 (2008-6186)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "This updated WebKit snapshot fixes CVE-2008-2307. (A memory corruption issue exists in WebKit's handling of JavaScript arrays. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=454092" ); # https://lists.fedoraproject.org/pipermail/package-announce/2008-July/012159.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?865892cc" ); script_set_attribute( attribute:"solution", value:"Update the affected WebKit package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:WebKit"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:9"); script_set_attribute(attribute:"patch_publication_date", value:"2008/07/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/07/10"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^9([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 9.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC9", reference:"WebKit-1.0.0-0.11.svn34655.fc9")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "WebKit"); }NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2008-004.NASL description The remote host is running a version of Mac OS X 10.4 that does not have the security update 2008-004 applied. This update contains security fixes for a number of programs. last seen 2020-06-01 modified 2020-06-02 plugin id 33282 published 2008-07-01 reporter This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/33282 title Mac OS X Multiple Vulnerabilities (Security Update 2008-004) code # # (C) Tenable Network Security, Inc. # if (!defined_func("bn_random")) exit(0); if ( NASL_LEVEL < 3004 ) exit(0); include("compat.inc"); if (description) { script_id(33282); script_version("1.26"); script_cvs_date("Date: 2018/07/14 1:59:35"); script_cve_id("CVE-2005-3164", "CVE-2007-1355", "CVE-2007-2449", "CVE-2007-2450", "CVE-2007-3382", "CVE-2007-3383", "CVE-2007-3385", "CVE-2007-5333", "CVE-2007-5461", "CVE-2007-6276", "CVE-2008-0960", "CVE-2008-1105", "CVE-2008-1145", "CVE-2008-2307", "CVE-2008-2308", "CVE-2008-2309", "CVE-2008-2310", "CVE-2008-2311", "CVE-2008-2313", "CVE-2008-2314", "CVE-2008-2662", "CVE-2008-2663", "CVE-2008-2664", "CVE-2008-2725", "CVE-2008-2726"); script_bugtraq_id(15003, 24058, 24475, 24476, 24999, 25316, 26070, 26699, 27706, 28123, 29404, 29623, 29836, 30018); script_xref(name:"Secunia", value:"30802"); script_name(english:"Mac OS X Multiple Vulnerabilities (Security Update 2008-004)"); script_summary(english:"Check for the presence of Security Update 2008-004"); script_set_attribute(attribute:"synopsis", value: "The remote host is missing a Mac OS X update that fixes various security issues." ); script_set_attribute(attribute:"description", value: "The remote host is running a version of Mac OS X 10.4 that does not have the security update 2008-004 applied. This update contains security fixes for a number of programs." ); script_set_attribute(attribute:"see_also", value:"http://support.apple.com/kb/HT2163" ); script_set_attribute(attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2008/Jun/msg00002.html" ); script_set_attribute(attribute:"solution", value: "Install Security Update 2008-004 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'D2ExploitPack'); script_cwe_id(22, 59, 79, 119, 134, 189, 200, 264, 287, 362, 399); script_set_attribute(attribute:"plugin_publication_date", value: "2008/07/01"); script_set_attribute(attribute:"vuln_publication_date", value: "2005/09/30"); script_set_attribute(attribute:"patch_publication_date", value: "2008/06/30"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/MacOSX/packages", "Host/uname"); exit(0); } # uname = get_kb_item("Host/uname"); if (!uname) exit(0); if (egrep(pattern:"Darwin.* (8\.[0-9]\.|8\.1[01]\.)", string:uname)) { packages = get_kb_item("Host/MacOSX/packages"); if (!packages) exit(0); if (!egrep(pattern:"^SecUpd(Srvr)?(2008-00[4-8]|2009-|20[1-9][0-9]-)", string:packages)) security_hole(0); }
Seebug
bulletinFamily exploit description BUGTRAQ ID: CVE ID:CVE-2008-2307 CNCVE ID:CNCVE-20082307 Apple Safari是一款流行的WEB浏览器。 Apple Safari处理JavaScript数组存在内存破坏问题,远程攻击者可以利用漏洞对应用程序进行拒绝服务攻击。 攻击者必须构建恶意WEB页,诱使用户访问来触发。目前没有详细漏洞细节提供。 Safari 3.x 厂商解决方案 升级到Safari3.1.2版本: <a href=http://www.apple.com/support/downloads/safari312fortiger.html target=_blank>http://www.apple.com/support/downloads/safari312fortiger.html</a> id SSV:3528 last seen 2017-11-19 modified 2008-07-03 published 2008-07-03 reporter Root title Apple Safari内存破坏漏洞 bulletinFamily exploit description BUGTRAQ ID: 29836 CVE(CAN) ID: CVE-2008-2307 Safari是苹果家族操作系统中默认捆绑的WEB浏览器。 Safari的WebKit在处理JavaScript数组时存在缓冲区溢出漏洞,如果用户受骗访问了恶意站点的话就可以触发这个溢出,导致拒绝服务或执行任意指令。 Apple Safari <= 3.1.1 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href=http://www.apple.com/safari/download/ target=_blank>http://www.apple.com/safari/download/</a> id SSV:3451 last seen 2017-11-19 modified 2008-06-22 published 2008-06-22 reporter Root title Apple Safari WebKit JavaScript数组远程溢出漏洞
References
- http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html
- http://lists.apple.com/archives/security-announce/2008//Jun/msg00001.html
- http://lists.apple.com/archives/security-announce/2008//Jun/msg00003.html
- http://secunia.com/advisories/30775
- http://secunia.com/advisories/30801
- http://secunia.com/advisories/30992
- http://secunia.com/advisories/31074
- http://support.apple.com/kb/HT2092
- http://support.apple.com/kb/HT2163
- http://support.apple.com/kb/HT2165
- http://www.kb.cert.org/vuls/id/361043
- http://www.securityfocus.com/bid/29836
- http://www.securitytracker.com/id?1020330
- http://www.vupen.com/english/advisories/2008/1882/references
- http://www.vupen.com/english/advisories/2008/1980
- http://www.vupen.com/english/advisories/2008/1981/references
- http://www.vupen.com/english/advisories/2008/2094/references
- https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00279.html
- https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00319.html