Vulnerabilities > CVE-2008-2321 - Resource Management Errors vulnerability in Apple Coregraphics

047910
CVSS 9.3 - CRITICAL
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
apple
CWE-399
critical
nessus
exploit available

Summary

Unspecified vulnerability in CoreGraphics in Apple Mac OS X 10.4.11 and 10.5.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unknown vectors involving "processing of arguments."

Common Weakness Enumeration (CWE)

Exploit-Db

descriptionApple Mac OS X 10.x CoreGraphics Multiple Memory Corruption Vulnerabilities. CVE-2008-2321. Dos exploit for osx platform
idEDB-ID:32136
last seen2016-02-03
modified2008-07-31
published2008-07-31
reporterMichal Zalewski
sourcehttps://www.exploit-db.com/download/32136/
titleApple Mac OS X 10.x CoreGraphics Multiple Memory Corruption Vulnerabilities

Nessus

  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SECUPD2008-005.NASL
    descriptionThe remote host is running a version of Mac OS X 10.5 or 10.4 that does not have the security update 2008-005 applied. This update contains security fixes for a number of programs.
    last seen2020-06-01
    modified2020-06-02
    plugin id33790
    published2008-08-01
    reporterThis script is Copyright (C) 2008-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/33790
    titleMac OS X Multiple Vulnerabilities (Security Update 2008-005)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    
    if (!defined_func("bn_random")) exit(0);
    if (NASL_LEVEL < 3004) exit(0);
    
    
    
    include("compat.inc");
    
    if (description)
    {
      script_id(33790);
      script_version("1.25");
      script_cvs_date("Date: 2018/07/14  1:59:35");
    
      script_cve_id(
        "CVE-2007-4850", 
        "CVE-2007-5135", 
        "CVE-2007-6199", 
        "CVE-2007-6200", 
        "CVE-2008-0599",
        "CVE-2008-0674", 
        "CVE-2008-1447", 
        "CVE-2008-2050", 
        "CVE-2008-2051", 
        "CVE-2008-2320",
        "CVE-2008-2321", 
        "CVE-2008-2322", 
        "CVE-2008-2323", 
        "CVE-2008-2324", 
        "CVE-2008-2325",
        "CVE-2008-2830", 
        "CVE-2008-2952"
      );
      script_bugtraq_id(
        25831, 
        26638, 
        26639, 
        27413, 
        27786, 
        29009, 
        29831, 
        30013, 
        30131, 
        30487,
        30488, 
        30489, 
        30490, 
        30492, 
        30493
      );
      script_xref(name:"Secunia", value:"31326");
      script_xref(name:"IAVA", value:"2008-A-0045");
    
      script_name(english:"Mac OS X Multiple Vulnerabilities (Security Update 2008-005)");
      script_summary(english:"Check for the presence of Security Update 2008-005");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote host is missing a Mac OS X update that fixes various
    security issues." );
      script_set_attribute(attribute:"description", value:
    "The remote host is running a version of Mac OS X 10.5 or 10.4 that
    does not have the security update 2008-005 applied. 
    
    This update contains security fixes for a number of programs." );
      script_set_attribute(attribute:"see_also", value:"http://support.apple.com/kb/HT2647" );
      script_set_attribute(attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2008/Jul/msg00003.html" );
      script_set_attribute(attribute:"solution", value:
    "Install Security Update 2008-005 or later." );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_cwe_id(16, 119, 189, 264, 399);
    
      script_set_attribute(attribute:"plugin_publication_date", value: "2008/08/01");
      script_set_attribute(attribute:"patch_publication_date", value: "2008/07/31");
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x");
      script_set_attribute(attribute:"stig_severity", value:"I");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"MacOS X Local Security Checks");
      script_copyright(english:"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.");
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/MacOSX/packages", "Host/uname");
      exit(0);
    }
    
    
    uname = get_kb_item("Host/uname");
    if (!uname) exit(0);
    
    if (egrep(pattern:"Darwin.* (8\.[0-9]\.|8\.1[01]\.)", string:uname))
    {
      packages = get_kb_item("Host/MacOSX/packages");
      if (!packages) exit(0);
    
      if (!egrep(pattern:"^SecUpd(Srvr)?(2008-00[5-8]||2009-|20[1-9][0-9]-)", string:packages))
        security_hole(0);
    }
    else if (egrep(pattern:"Darwin.* (9\.[0-4]\.)", string:uname))
    {
      packages = get_kb_item("Host/MacOSX/packages/boms");
      if (!packages) exit(0);
    
      if (!egrep(pattern:"^com\.apple\.pkg\.update\.security\.2008\.005\.bom", string:packages))
        security_hole(0);
    }
    
  • NASL familyWindows
    NASL idSAFARI_4.0.NASL
    descriptionThe version of Safari installed on the remote Windows host is earlier than 4.0. It therefore is potentially affected by numerous issues in the following components : - CFNetwork - CoreGraphics - ImageIO - International Components for Unicode - libxml - Safari - Safari Windows Installer - WebKit
    last seen2020-06-01
    modified2020-06-02
    plugin id39339
    published2009-06-09
    reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/39339
    titleSafari < 4.0 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    
    include("compat.inc");
    
    
    if (description)
    {
      script_id(39339);
      script_version("1.30");
      script_cvs_date("Date: 2018/07/27 18:38:15");
    
      script_cve_id("CVE-2006-2783", "CVE-2008-1588", "CVE-2008-2320", "CVE-2008-2321",
                    "CVE-2008-3281", "CVE-2008-3529", "CVE-2008-3632", "CVE-2008-4225",
                    "CVE-2008-4226", "CVE-2008-4231", "CVE-2008-4409", "CVE-2009-0040",
                    "CVE-2009-0145", "CVE-2009-0153", "CVE-2009-0946", "CVE-2009-1179",
                    "CVE-2009-1681", "CVE-2009-1682", "CVE-2009-1684", "CVE-2009-1685",
                    "CVE-2009-1686", "CVE-2009-1687", "CVE-2009-1688", "CVE-2009-1689",
                    "CVE-2009-1690", "CVE-2009-1691", "CVE-2009-1693", "CVE-2009-1694",
                    "CVE-2009-1695", "CVE-2009-1696", "CVE-2009-1697", "CVE-2009-1698",
                    "CVE-2009-1699", "CVE-2009-1700", "CVE-2009-1701", "CVE-2009-1702",
                    "CVE-2009-1703", "CVE-2009-1704", "CVE-2009-1705", "CVE-2009-1706",
                    "CVE-2009-1707", "CVE-2009-1708", "CVE-2009-1709", "CVE-2009-1710",
                    "CVE-2009-1711", "CVE-2009-1712", "CVE-2009-1713", "CVE-2009-1714",
                    "CVE-2009-1715", "CVE-2009-1716", "CVE-2009-1718", "CVE-2009-2027",
                    "CVE-2009-2420", "CVE-2009-2421");
      script_bugtraq_id(30487, 31092, 32326, 33276, 35260, 35270, 35271, 35272, 35283,
                        35284, 35308, 35309, 35310, 35311, 35315, 35317, 35318, 35319,
                        35320, 35321, 35322, 35325, 35327, 35328, 35330, 35331, 35332,
                        35333, 35334, 35339, 35340, 35344, 35346, 35347, 35348, 35349,
                        35350, 35351, 35352, 35353, 35481, 35482);
    
      script_name(english:"Safari < 4.0 Multiple Vulnerabilities");
      script_summary(english:"Checks Safari's version number");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote host contains a web browser that is affected by several
    vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of Safari installed on the remote Windows host is earlier
    than 4.0.  It therefore is potentially affected by numerous issues in
    the following components :
    
      - CFNetwork
      - CoreGraphics
      - ImageIO
      - International Components for Unicode
      - libxml
      - Safari
      - Safari Windows Installer
      - WebKit");
      script_set_attribute(attribute:"see_also", value:"http://support.apple.com/kb/HT3613");
      script_set_attribute(attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2009/Jun/msg00002.html");
      script_set_attribute(attribute:"see_also", value:"http://www.securityfocus.com/advisories/17079");
      script_set_attribute(attribute:"solution", value:"Upgrade to Safari 4.0 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
      script_cwe_id(20, 79, 94, 119, 189, 200, 255, 264, 310, 362, 399);
    
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/06/09");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:safari");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.");
    
      script_dependencies("safari_installed.nasl");
      script_require_keys("SMB/Safari/FileVersion");
    
      exit(0);
    }
    
    
    include("global_settings.inc");
    
    
    path = get_kb_item("SMB/Safari/Path");
    version = get_kb_item("SMB/Safari/FileVersion");
    if (isnull(version)) exit(0);
    
    ver = split(version, sep:'.', keep:FALSE);
    for (i=0; i<max_index(ver); i++)
      ver[i] = int(ver[i]);
    
    if (
      ver[0] < 4 ||
      (
        ver[0] == 4 &&
        (
          ver[1] < 530 ||
          (ver[1] == 530 && ver[2] < 17)
        )
      )
    )
    {
      if (report_verbosity > 0)
      {
        if (isnull(path)) path = "n/a";
    
        prod_version = get_kb_item("SMB/Safari/ProductVersion");
        if (!isnull(prod_version)) version = prod_version;
    
        report = string(
          "\n",
          "Nessus collected the following information about the current install\n",
          "of Safari on the remote host :\n",
          "\n",
          "  Version : ", version, "\n",
          "  Path    : ", path, "\n"
        );
        security_hole(port:get_kb_item("SMB/transport"), extra:report);
      }
      else security_hole(get_kb_item("SMB/transport"));
    }
    

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 30487,30488,30489,30490,30492,30493 CVE(CAN) ID: CVE-2008-2320,CVE-2008-2321,CVE-2008-2322,CVE-2008-2323,CVE-2008-2324,CVE-2008-2325 Mac OS X是苹果家族机器所使用的操作系统。 Apple 2008-005安全更新修复了Mac OS X中的多个安全漏洞,本地或远程攻击者可能利用这些漏洞造成多种威胁。 CVE-2008-2320 处理超长文件名时的栈溢出漏洞可能导致应用意外终止或执行任意指令。 CVE-2008-2321 CoreGraphics在处理参数时存在多个内存破坏漏洞,通过浏览器等应用程序向CoreGraphics传送不可信任输入可能导致应用意外终止或执行任意指令。 CVE-2008-2322 处理PDF文件时的整数溢出可能导致堆溢出,查看了特制的PDF文件可能导致应用意外终止或执行任意代码。 CVE-2008-2323 Data Detectors在处理文字内容时存在资源耗尽漏洞,在使用Data Detectors的应用程序中查看恶意内容可能导致拒绝服务。 CVE-2008-2324 Disk Utility中的Repair Permissions工具设置了/usr/bin/emacs setuid。在运行Repair Permissions工具后,本地用户可以使用emacs以系统权限运行命令。 CVE-2008-2325 QuickLook处理Microsoft Office文件时存在多个内存破坏漏洞,下载恶意的Microsoft Office文件可能导致应用程序意外终止或执行任意指令。 Apple Mac OS X 10.5.4 Apple Mac OS X 10.4.11 Apple MacOS X Server 10.5.4 Apple MacOS X Server 10.4.11 Apple ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href=http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=20388&amp;cat=1&amp;platform=osx&amp;method=sa/SecUpd2008-005.dmg target=_blank>http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=20388&amp;cat=1&amp;platform=osx&amp;method=sa/SecUpd2008-005.dmg</a>
idSSV:3769
last seen2017-11-19
modified2008-08-04
published2008-08-04
reporterRoot
titleApple Mac OS X 2008-005更新修复多个安全漏洞