Vulnerabilities > CVE-2008-2322 - Numeric Errors vulnerability in Apple Coregraphics

CVSS 9.3 - CRITICAL

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

apple

CWE-189

critical

nessus

NVD

Published: 2008-08-04

Updated: 2017-08-08

Summary

Integer overflow in CoreGraphics in Apple Mac OS X 10.4.11, 10.5.2, and 10.5.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PDF file with a long Type 1 font, which triggers a heap-based buffer overflow.

Vulnerable Configurations

Part	Description	Count
OS	Apple Apple MAC OS X 10.4.11 Apple MAC OS X 10.5.4 Apple MAC OS X Server 10.4.11 Apple MAC OS X Server 10.5.4	4
Application	Apple Apple Coregraphics *	1

Common Weakness Enumeration (CWE)

CWE-189 - Numeric Errors

Nessus

NASL family	MacOS X Local Security Checks
NASL id	MACOSX_SECUPD2008-005.NASL
description	The remote host is running a version of Mac OS X 10.5 or 10.4 that does not have the security update 2008-005 applied. This update contains security fixes for a number of programs.
last seen	2020-06-01
modified	2020-06-02
plugin id	33790
published	2008-08-01
reporter	This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/33790
title	Mac OS X Multiple Vulnerabilities (Security Update 2008-005)
code	# # (C) Tenable Network Security, Inc. # if (!defined_func("bn_random")) exit(0); if (NASL_LEVEL < 3004) exit(0); include("compat.inc"); if (description) { script_id(33790); script_version("1.25"); script_cvs_date("Date: 2018/07/14 1:59:35"); script_cve_id( "CVE-2007-4850", "CVE-2007-5135", "CVE-2007-6199", "CVE-2007-6200", "CVE-2008-0599", "CVE-2008-0674", "CVE-2008-1447", "CVE-2008-2050", "CVE-2008-2051", "CVE-2008-2320", "CVE-2008-2321", "CVE-2008-2322", "CVE-2008-2323", "CVE-2008-2324", "CVE-2008-2325", "CVE-2008-2830", "CVE-2008-2952" ); script_bugtraq_id( 25831, 26638, 26639, 27413, 27786, 29009, 29831, 30013, 30131, 30487, 30488, 30489, 30490, 30492, 30493 ); script_xref(name:"Secunia", value:"31326"); script_xref(name:"IAVA", value:"2008-A-0045"); script_name(english:"Mac OS X Multiple Vulnerabilities (Security Update 2008-005)"); script_summary(english:"Check for the presence of Security Update 2008-005"); script_set_attribute(attribute:"synopsis", value: "The remote host is missing a Mac OS X update that fixes various security issues." ); script_set_attribute(attribute:"description", value: "The remote host is running a version of Mac OS X 10.5 or 10.4 that does not have the security update 2008-005 applied. This update contains security fixes for a number of programs." ); script_set_attribute(attribute:"see_also", value:"http://support.apple.com/kb/HT2647" ); script_set_attribute(attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2008/Jul/msg00003.html" ); script_set_attribute(attribute:"solution", value: "Install Security Update 2008-005 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_cwe_id(16, 119, 189, 264, 399); script_set_attribute(attribute:"plugin_publication_date", value: "2008/08/01"); script_set_attribute(attribute:"patch_publication_date", value: "2008/07/31"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x"); script_set_attribute(attribute:"stig_severity", value:"I"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/MacOSX/packages", "Host/uname"); exit(0); } uname = get_kb_item("Host/uname"); if (!uname) exit(0); if (egrep(pattern:"Darwin.* (8\.[0-9]\.\|8\.1[01]\.)", string:uname)) { packages = get_kb_item("Host/MacOSX/packages"); if (!packages) exit(0); if (!egrep(pattern:"^SecUpd(Srvr)?(2008-00[5-8]\|\|2009-\|20[1-9][0-9]-)", string:packages)) security_hole(0); } else if (egrep(pattern:"Darwin.* (9\.[0-4]\.)", string:uname)) { packages = get_kb_item("Host/MacOSX/packages/boms"); if (!packages) exit(0); if (!egrep(pattern:"^com\.apple\.pkg\.update\.security\.2008\.005\.bom", string:packages)) security_hole(0); }

Seebug

bulletinFamily	exploit
description	BUGTRAQ ID: 30489 CVE(CAN) ID: CVE-2008-2322 Mac OS X是苹果家族机器所使用的操作系统。 Mac OS X的CoreGraphics组件没有正确的处理PDF文件，如果PDF文件的Type 1字体包含有超长长度参数的话，就会触发整数溢出，最终导致堆溢出，允许攻击者执行任意指令。 Apple Mac OS X 10.5.4 Apple Mac OS X 10.4.11 Apple MacOS X Server 10.5.4 Apple MacOS X Server 10.4.11 Apple ----- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： <a href=http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=20388&cat=1&platform=osx&method=sa/SecUpd2008-005.dmg target=_blank>http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=20388&cat=1&platform=osx&method=sa/SecUpd2008-005.dmg</a>
id	SSV:3768
last seen	2017-11-19
modified	2008-08-04
published	2008-08-04
reporter	Root
title	Apple Mac OS X CoreGraphics堆溢出漏洞

bulletinFamily	exploit
description	BUGTRAQ ID: 30487,30488,30489,30490,30492,30493 CVE(CAN) ID: CVE-2008-2320,CVE-2008-2321,CVE-2008-2322,CVE-2008-2323,CVE-2008-2324,CVE-2008-2325 Mac OS X是苹果家族机器所使用的操作系统。 Apple 2008-005安全更新修复了Mac OS X中的多个安全漏洞，本地或远程攻击者可能利用这些漏洞造成多种威胁。 CVE-2008-2320 处理超长文件名时的栈溢出漏洞可能导致应用意外终止或执行任意指令。 CVE-2008-2321 CoreGraphics在处理参数时存在多个内存破坏漏洞，通过浏览器等应用程序向CoreGraphics传送不可信任输入可能导致应用意外终止或执行任意指令。 CVE-2008-2322 处理PDF文件时的整数溢出可能导致堆溢出，查看了特制的PDF文件可能导致应用意外终止或执行任意代码。 CVE-2008-2323 Data Detectors在处理文字内容时存在资源耗尽漏洞，在使用Data Detectors的应用程序中查看恶意内容可能导致拒绝服务。 CVE-2008-2324 Disk Utility中的Repair Permissions工具设置了/usr/bin/emacs setuid。在运行Repair Permissions工具后，本地用户可以使用emacs以系统权限运行命令。 CVE-2008-2325 QuickLook处理Microsoft Office文件时存在多个内存破坏漏洞，下载恶意的Microsoft Office文件可能导致应用程序意外终止或执行任意指令。 Apple Mac OS X 10.5.4 Apple Mac OS X 10.4.11 Apple MacOS X Server 10.5.4 Apple MacOS X Server 10.4.11 Apple ----- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： <a href=http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=20388&cat=1&platform=osx&method=sa/SecUpd2008-005.dmg target=_blank>http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=20388&cat=1&platform=osx&method=sa/SecUpd2008-005.dmg</a>
id	SSV:3769
last seen	2017-11-19
modified	2008-08-04
published	2008-08-04
reporter	Root
title	Apple Mac OS X 2008-005更新修复多个安全漏洞

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

Seebug

References