Vulnerabilities > CVE-2008-2317 - Resource Management Errors vulnerability in Apple Safari

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN

Summary

WebCore in Apple Safari does not properly perform garbage collection of JavaScript document elements, which allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption and application crash) via a reference to the ownerNode property of a copied CSSStyleSheet object of a STYLE element, as originally demonstrated on Apple iPhone before 2.0 and iPod touch before 2.0, a different vulnerability than CVE-2008-1590.

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SAFARI3_2.NASL
    descriptionThe version of Apple Safari installed on the remote Mac OS X host is earlier than 3.2. As such, it is potentially affected by several issues : - A signedness issue in Safari
    last seen2020-06-01
    modified2020-06-02
    plugin id34773
    published2008-11-14
    reporterThis script is Copyright (C) 2008-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/34773
    titleMac OS X : Apple Safari < 3.2
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(34773);
      script_version("1.16");
      script_cvs_date("Date: 2018/07/14  1:59:35");
    
      script_cve_id(
        # "CVE-2005-2096",
        # "CVE-2008-1767",
        "CVE-2008-2303",
        "CVE-2008-2317",
        # "CVE-2008-2327",
        # "CVE-2008-2332",
        # "CVE-2008-3608",
        # "CVE-2008-3623",
        # "CVE-2008-3642",
        "CVE-2008-3644",
        "CVE-2008-4216"
      );
      script_bugtraq_id(32291);
    
      script_name(english:"Mac OS X : Apple Safari < 3.2");
      script_summary(english:"Check the Safari SourceVersion");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote host contains a web browser that is affected by several
    issues.");
      script_set_attribute(attribute:"description", value:
    "The version of Apple Safari installed on the remote Mac OS X host is
    earlier than 3.2.  As such, it is potentially affected by several
    issues :
    
      - A signedness issue in Safari's handling of JavaScript 
        array indices could lead to a crash or arbitrary code 
        execution. (CVE-2008-2303)
    
      - A memory corruption issue in WebCore's handling of style
        sheet elements could lead to a crash or arbitrary code 
        execution. (CVE-2008-2317)
    
      - Disabling autocomplete on a form field may not prevent 
        the data in the field from being stored in the browser 
        page cache. (CVE-2008-3644)
    
      - WebKit's plug-in interface does not block plug-ins from 
        launching local URLs, which could allow a remote 
        attacker to launch local files in Safari and lead to the 
        disclosure of sensitive information. (CVE-2008-4216)");
      script_set_attribute(attribute:"see_also", value:"http://support.apple.com/kb/HT3298");
      script_set_attribute(attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2008/Nov/msg00001.html");
      script_set_attribute(attribute:"see_also", value:"http://www.securityfocus.com/advisories/15730");
      script_set_attribute(attribute:"solution", value:"Upgrade to Apple Safari 3.2 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
      script_cwe_id(189, 200, 399);
    
      script_set_attribute(attribute:"plugin_publication_date", value:"2008/11/14");
      script_set_attribute(attribute:"patch_publication_date", value:"2008/11/13");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:safari");
      script_end_attributes();
     
      script_category(ACT_GATHER_INFO);
      script_family(english:"MacOS X Local Security Checks");
     
      script_copyright(english:"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.");
     
      script_dependencies("macosx_Safari31.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/uname", "Host/MacOSX/Version", "MacOSX/Safari/Installed");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
    os = get_kb_item("Host/MacOSX/Version");
    if (!os) audit(AUDIT_OS_NOT, "Mac OS X");
    
    uname = get_kb_item_or_exit("Host/uname");
    if (!egrep(pattern:"Darwin.* (8\.|9\.([0-4]\.|5\.0))", string:uname)) audit(AUDIT_OS_NOT, "Mac OS X 10.4 / 10.5");
    
    
    get_kb_item_or_exit("MacOSX/Safari/Installed");
    path = get_kb_item_or_exit("MacOSX/Safari/Path", exit_code:1);
    version = get_kb_item_or_exit("MacOSX/Safari/Version", exit_code:1);
    
    fixed_version = "3.2";
    
    if (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)
    {
      if (report_verbosity > 0)
      {
        report = 
          '\n  Installed version : ' + version + 
          '\n  Fixed version     : ' + fixed_version + '\n';
        security_hole(port:0, extra:report);
      }
      else security_hole(0);
    }
    else audit(AUDIT_INST_VER_NOT_VULN, "Safari", version);
    
  • NASL familyWindows
    NASL idSAFARI_3_2.NASL
    descriptionThe version of Safari installed on the remote Windows host is earlier than 3.2. Such versions are potentially affected by several issues : - Safari includes a version of zlib that is affected by multiple vulnerabilities. (CVE-2005-2096) - A heap-based buffer overflow issue in the libxslt library could lead to a crash or arbitrary code execution. (CVE-2008-1767) - A signedness issue in Safari
    last seen2020-06-01
    modified2020-06-02
    plugin id34772
    published2008-11-14
    reporterThis script is Copyright (C) 2008-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/34772
    titleSafari < 3.2 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(34772);
      script_version("1.14");
      script_cvs_date("Date: 2018/07/27 18:38:15");
    
      script_cve_id(
        "CVE-2005-2096",
        "CVE-2008-1767",
        "CVE-2008-2303",
        "CVE-2008-2317",
        "CVE-2008-2327",
        "CVE-2008-2332",
        "CVE-2008-3608",
        "CVE-2008-3623",
        "CVE-2008-3642",
        "CVE-2008-3644",
        "CVE-2008-4216"
      );
      script_bugtraq_id(14162, 29312, 30832, 32291);
    
      script_name(english:"Safari < 3.2 Multiple Vulnerabilities");
      script_summary(english:"Checks version number of Safari");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote host contains a web browser that is affected by several
    issues." );
      script_set_attribute(attribute:"description", value:
    "The version of Safari installed on the remote Windows host is earlier
    than 3.2.  Such versions are potentially affected by several issues :
    
      - Safari includes a version of zlib that is affected by
        multiple vulnerabilities. (CVE-2005-2096)
    
      - A heap-based buffer overflow issue in the libxslt library
        could lead to a crash or arbitrary code execution.
        (CVE-2008-1767)
    
      - A signedness issue in Safari's handling of JavaScript
        array indices could lead to a crash or arbitrary code
        execution. (CVE-2008-2303)
    
      - A memory corruption issue in WebCore's handling of style
        sheet elements could lead to a crash or arbitrary code
        execution. (CVE-2008-2317)
    
      - Multiple uninitialized memory access issues in libTIFF's
        handling of LZW-encoded TIFF images could lead to a
        crash or arbitrary code execution. (CVE-2008-2327)
    
      - A memory corruption issue in ImageIO's handling of TIFF
        images could lead to a crash or arbitrary code
        execution. (CVE-2008-2332).
    
      - A memory corruption issue in ImageIO's handling of
        embedded ICC profiles in JPEG images could lead to a
        crash or arbitrary code execution. (CVE-2008-3608)
    
      - A heap-based buffer overflow in CoreGraphics' handling
        of color spaces could lead to a crash or arbitrary code
        execution. (CVE-2008-3623)
    
      - A buffer overflow in the handling of images with an
        embedded ICC profile could lead to a crash or arbitrary
        code execution. (CVE-2008-3642)
    
      - Disabling autocomplete on a form field may not prevent
        the data in the field from being stored in the browser
        page cache. (CVE-2008-3644)
    
      - WebKit's plug-in interface does not block plug-ins from
        launching local URLs, which could allow a remote
        attacker to launch local files in Safari and lead to the
        disclosure of sensitive information. (CVE-2008-4216)" );
      script_set_attribute(attribute:"see_also", value:"http://support.apple.com/kb/HT3298" );
      script_set_attribute(attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2008/Nov/msg00001.html" );
      script_set_attribute(attribute:"see_also", value:"http://www.securityfocus.com/advisories/15730" );
      script_set_attribute(attribute:"solution", value:"Upgrade to Safari 3.2 or later." );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
      script_cwe_id(119, 189, 200, 399);
      script_set_attribute(attribute:"plugin_publication_date", value: "2008/11/14");
      script_set_attribute(attribute:"vuln_publication_date", value: "2005/07/07");
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:safari");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.");
    
      script_dependencies("safari_installed.nasl");
      script_require_keys("SMB/Safari/FileVersion");
    
      exit(0);
    }
    
    
    include("global_settings.inc");
    
    
    ver = get_kb_item("SMB/Safari/FileVersion");
    if (isnull(ver)) exit(0);
    
    iver = split(ver, sep:'.', keep:FALSE);
    for (i=0; i<max_index(iver); i++)
      iver[i] = int(iver[i]);
    
    if (
      iver[0] < 3 ||
      (
        iver[0] == 3 &&
        (
          iver[1] < 525 ||
          (
            iver[1] == 525 && 
            (
              iver[2] < 26 ||
              (iver[2] == 26 && iver[3] < 13)
            )
          )
        )
      )
    )
    {
      if (report_verbosity)
      {
        prod_ver = get_kb_item("SMB/Safari/ProductVersion");
        if (!isnull(prod_ver)) ver = prod_ver;
    
        report = string(
          "\n",
          "Safari version ", ver, " is currently installed on the remote host.\n"
        );
        security_hole(port:get_kb_item("SMB/transport"), extra:report);
      }
      else security_hole(get_kb_item("SMB/transport"));
    }
    

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 30186 CVE(CAN) ID: CVE-2008-1588,CVE-2008-1589,CVE-2008-2303,CVE-2008-2317,CVE-2008-1590 iPod touch(也被称为iTouch)是苹果公司发布的MP4播放器,iPhone是其发布的智能手机。 iPhone和iPod Touch都内嵌了Safari浏览器,远程攻击者可以利用该浏览器中的多个安全漏洞导致拒绝服务、读取敏感信息或执行任意代码。 CVE-2008-1588 Safari在地址栏中显示当前URL时会呈现Unicode表意空间,这允许恶意站点将用户引导到看起来类似于合法域的欺骗站点。 CVE-2008-1589 当Safari访问了使用自签名或无效证书的站点时,会提示用户接受或拒绝证书。如果用户在提示时按下了菜单键,则在下一次访问该站点就会未经提示便接受该证书,这可能导致泄露敏感信息。 CVE-2008-2303 Safari处理JavaScript数组索引时的符号错误可能导致越界内存访问,如果访问了恶意站点,浏览器就可能意外终止或执行任意代码。 CVE-2008-2317 WebCore处理样式表单元时存在内存破坏漏洞,如果访问了恶意站点,浏览器就可能意外终止或执行任意代码。 CVE-2008-1590 JavaScriptCore处理运行时垃圾收集的方式存在内存破坏漏洞,如果访问了恶意站点,浏览器就可能意外终止或执行任意代码。 Apple iPhone 1.0 - 1.1.4 Apple iTouch 1.1 - 1.1.4 Apple ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href=http://www.apple.com target=_blank>http://www.apple.com</a>
idSSV:3613
last seen2017-11-19
modified2008-07-14
published2008-07-14
reporterRoot
titleApple iPhone和iPod Touch 2.0版修复多个安全漏洞