Vulnerabilities > CVE-2008-3608 - Resource Management Errors vulnerability in Apple mac OS X and mac OS X Server
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
ImageIO in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a crafted JPEG image with an embedded ICC profile.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family MacOS X Local Security Checks NASL id MACOSX_SAFARI3_2.NASL description The version of Apple Safari installed on the remote Mac OS X host is earlier than 3.2. As such, it is potentially affected by several issues : - A signedness issue in Safari last seen 2020-06-01 modified 2020-06-02 plugin id 34773 published 2008-11-14 reporter This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/34773 title Mac OS X : Apple Safari < 3.2 code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(34773); script_version("1.16"); script_cvs_date("Date: 2018/07/14 1:59:35"); script_cve_id( # "CVE-2005-2096", # "CVE-2008-1767", "CVE-2008-2303", "CVE-2008-2317", # "CVE-2008-2327", # "CVE-2008-2332", # "CVE-2008-3608", # "CVE-2008-3623", # "CVE-2008-3642", "CVE-2008-3644", "CVE-2008-4216" ); script_bugtraq_id(32291); script_name(english:"Mac OS X : Apple Safari < 3.2"); script_summary(english:"Check the Safari SourceVersion"); script_set_attribute(attribute:"synopsis", value: "The remote host contains a web browser that is affected by several issues."); script_set_attribute(attribute:"description", value: "The version of Apple Safari installed on the remote Mac OS X host is earlier than 3.2. As such, it is potentially affected by several issues : - A signedness issue in Safari's handling of JavaScript array indices could lead to a crash or arbitrary code execution. (CVE-2008-2303) - A memory corruption issue in WebCore's handling of style sheet elements could lead to a crash or arbitrary code execution. (CVE-2008-2317) - Disabling autocomplete on a form field may not prevent the data in the field from being stored in the browser page cache. (CVE-2008-3644) - WebKit's plug-in interface does not block plug-ins from launching local URLs, which could allow a remote attacker to launch local files in Safari and lead to the disclosure of sensitive information. (CVE-2008-4216)"); script_set_attribute(attribute:"see_also", value:"http://support.apple.com/kb/HT3298"); script_set_attribute(attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2008/Nov/msg00001.html"); script_set_attribute(attribute:"see_also", value:"http://www.securityfocus.com/advisories/15730"); script_set_attribute(attribute:"solution", value:"Upgrade to Apple Safari 3.2 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_cwe_id(189, 200, 399); script_set_attribute(attribute:"plugin_publication_date", value:"2008/11/14"); script_set_attribute(attribute:"patch_publication_date", value:"2008/11/13"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:safari"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc."); script_dependencies("macosx_Safari31.nasl"); script_require_keys("Host/local_checks_enabled", "Host/uname", "Host/MacOSX/Version", "MacOSX/Safari/Installed"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled."); os = get_kb_item("Host/MacOSX/Version"); if (!os) audit(AUDIT_OS_NOT, "Mac OS X"); uname = get_kb_item_or_exit("Host/uname"); if (!egrep(pattern:"Darwin.* (8\.|9\.([0-4]\.|5\.0))", string:uname)) audit(AUDIT_OS_NOT, "Mac OS X 10.4 / 10.5"); get_kb_item_or_exit("MacOSX/Safari/Installed"); path = get_kb_item_or_exit("MacOSX/Safari/Path", exit_code:1); version = get_kb_item_or_exit("MacOSX/Safari/Version", exit_code:1); fixed_version = "3.2"; if (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1) { if (report_verbosity > 0) { report = '\n Installed version : ' + version + '\n Fixed version : ' + fixed_version + '\n'; security_hole(port:0, extra:report); } else security_hole(0); } else audit(AUDIT_INST_VER_NOT_VULN, "Safari", version);NASL family Windows NASL id SAFARI_3_2.NASL description The version of Safari installed on the remote Windows host is earlier than 3.2. Such versions are potentially affected by several issues : - Safari includes a version of zlib that is affected by multiple vulnerabilities. (CVE-2005-2096) - A heap-based buffer overflow issue in the libxslt library could lead to a crash or arbitrary code execution. (CVE-2008-1767) - A signedness issue in Safari last seen 2020-06-01 modified 2020-06-02 plugin id 34772 published 2008-11-14 reporter This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/34772 title Safari < 3.2 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(34772); script_version("1.14"); script_cvs_date("Date: 2018/07/27 18:38:15"); script_cve_id( "CVE-2005-2096", "CVE-2008-1767", "CVE-2008-2303", "CVE-2008-2317", "CVE-2008-2327", "CVE-2008-2332", "CVE-2008-3608", "CVE-2008-3623", "CVE-2008-3642", "CVE-2008-3644", "CVE-2008-4216" ); script_bugtraq_id(14162, 29312, 30832, 32291); script_name(english:"Safari < 3.2 Multiple Vulnerabilities"); script_summary(english:"Checks version number of Safari"); script_set_attribute(attribute:"synopsis", value: "The remote host contains a web browser that is affected by several issues." ); script_set_attribute(attribute:"description", value: "The version of Safari installed on the remote Windows host is earlier than 3.2. Such versions are potentially affected by several issues : - Safari includes a version of zlib that is affected by multiple vulnerabilities. (CVE-2005-2096) - A heap-based buffer overflow issue in the libxslt library could lead to a crash or arbitrary code execution. (CVE-2008-1767) - A signedness issue in Safari's handling of JavaScript array indices could lead to a crash or arbitrary code execution. (CVE-2008-2303) - A memory corruption issue in WebCore's handling of style sheet elements could lead to a crash or arbitrary code execution. (CVE-2008-2317) - Multiple uninitialized memory access issues in libTIFF's handling of LZW-encoded TIFF images could lead to a crash or arbitrary code execution. (CVE-2008-2327) - A memory corruption issue in ImageIO's handling of TIFF images could lead to a crash or arbitrary code execution. (CVE-2008-2332). - A memory corruption issue in ImageIO's handling of embedded ICC profiles in JPEG images could lead to a crash or arbitrary code execution. (CVE-2008-3608) - A heap-based buffer overflow in CoreGraphics' handling of color spaces could lead to a crash or arbitrary code execution. (CVE-2008-3623) - A buffer overflow in the handling of images with an embedded ICC profile could lead to a crash or arbitrary code execution. (CVE-2008-3642) - Disabling autocomplete on a form field may not prevent the data in the field from being stored in the browser page cache. (CVE-2008-3644) - WebKit's plug-in interface does not block plug-ins from launching local URLs, which could allow a remote attacker to launch local files in Safari and lead to the disclosure of sensitive information. (CVE-2008-4216)" ); script_set_attribute(attribute:"see_also", value:"http://support.apple.com/kb/HT3298" ); script_set_attribute(attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2008/Nov/msg00001.html" ); script_set_attribute(attribute:"see_also", value:"http://www.securityfocus.com/advisories/15730" ); script_set_attribute(attribute:"solution", value:"Upgrade to Safari 3.2 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_cwe_id(119, 189, 200, 399); script_set_attribute(attribute:"plugin_publication_date", value: "2008/11/14"); script_set_attribute(attribute:"vuln_publication_date", value: "2005/07/07"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:safari"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc."); script_dependencies("safari_installed.nasl"); script_require_keys("SMB/Safari/FileVersion"); exit(0); } include("global_settings.inc"); ver = get_kb_item("SMB/Safari/FileVersion"); if (isnull(ver)) exit(0); iver = split(ver, sep:'.', keep:FALSE); for (i=0; i<max_index(iver); i++) iver[i] = int(iver[i]); if ( iver[0] < 3 || ( iver[0] == 3 && ( iver[1] < 525 || ( iver[1] == 525 && ( iver[2] < 26 || (iver[2] == 26 && iver[3] < 13) ) ) ) ) ) { if (report_verbosity) { prod_ver = get_kb_item("SMB/Safari/ProductVersion"); if (!isnull(prod_ver)) ver = prod_ver; report = string( "\n", "Safari version ", ver, " is currently installed on the remote host.\n" ); security_hole(port:get_kb_item("SMB/transport"), extra:report); } else security_hole(get_kb_item("SMB/transport")); }NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2008-006.NASL description The remote host is running a version of Mac OS X 10.4 that does not have the security update 2008-006 applied. This update contains security fixes for a number of programs. last seen 2020-06-01 modified 2020-06-02 plugin id 34210 published 2008-09-16 reporter This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/34210 title Mac OS X Multiple Vulnerabilities (Security Update 2008-006) code # # (C) Tenable Network Security, Inc. # if (!defined_func("bn_random")) exit(0); if (NASL_LEVEL < 3004) exit(0); include("compat.inc"); if (description) { script_id(34210); script_version("1.23"); script_cvs_date("Date: 2018/07/14 1:59:35"); script_cve_id( "CVE-2008-0314", "CVE-2008-1100", "CVE-2008-1382", "CVE-2008-1387", "CVE-2008-1447", "CVE-2008-1483", "CVE-2008-1657", "CVE-2008-1833", "CVE-2008-1835", "CVE-2008-1836", "CVE-2008-1837", "CVE-2008-2305", "CVE-2008-2312", "CVE-2008-2327", "CVE-2008-2329", "CVE-2008-2330", "CVE-2008-2331", "CVE-2008-2332", "CVE-2008-2376", "CVE-2008-2713", "CVE-2008-3215", "CVE-2008-3608", "CVE-2008-3609", "CVE-2008-3610", "CVE-2008-3611", "CVE-2008-3613", "CVE-2008-3614", "CVE-2008-3616", "CVE-2008-3617", "CVE-2008-3618", "CVE-2008-3619", "CVE-2008-3621", "CVE-2008-3622" ); script_bugtraq_id( 28444, 28531, 28756, 28770, 28784, 29750, 30131, 30832, 31189 ); script_xref(name:"IAVA", value:"2008-A-0045"); script_name(english:"Mac OS X Multiple Vulnerabilities (Security Update 2008-006)"); script_summary(english:"Check for the presence of Security Update 2008-006"); script_set_attribute(attribute:"synopsis", value: "The remote host is missing a Mac OS X update that fixes various security issues." ); script_set_attribute(attribute:"description", value: "The remote host is running a version of Mac OS X 10.4 that does not have the security update 2008-006 applied. This update contains security fixes for a number of programs." ); script_set_attribute(attribute:"see_also", value:"http://support.apple.com/kb/HT3137" ); script_set_attribute(attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2008/Sep/msg00005.html" ); script_set_attribute(attribute:"solution", value: "Install Security Update 2008-006 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(20, 79, 119, 189, 200, 255, 264, 287, 399); script_set_attribute(attribute:"plugin_publication_date", value: "2008/09/16"); script_set_attribute(attribute:"patch_publication_date", value: "2008/09/15"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x"); script_set_attribute(attribute:"stig_severity", value:"I"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/MacOSX/packages", "Host/uname"); exit(0); } uname = get_kb_item("Host/uname"); if (!uname) exit(0); if (egrep(pattern:"Darwin.* (8\.[0-9]\.|8\.1[01]\.)", string:uname)) { packages = get_kb_item("Host/MacOSX/packages"); if (!packages) exit(0); if (!egrep(pattern:"^SecUpd(Srvr)?(2008-00[6-8]|2009-|20[1-9][0-9]-)", string:packages)) security_hole(0); }NASL family MacOS X Local Security Checks NASL id MACOSX_10_5_5.NASL description The remote host is running a version of Mac OS X 10.5.x that is prior to 10.5.5. Mac OS X 10.5.5 contains security fixes for a number of programs. last seen 2020-06-01 modified 2020-06-02 plugin id 34211 published 2008-09-16 reporter This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/34211 title Mac OS X 10.5.x < 10.5.5 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # if (!defined_func("bn_random")) exit(0); if (NASL_LEVEL < 3004) exit(0); include("compat.inc"); if (description) { script_id(34211); script_version("1.22"); script_cvs_date("Date: 2018/07/14 1:59:35"); script_cve_id( "CVE-2008-0314", "CVE-2008-1100", "CVE-2008-1382", "CVE-2008-1387", "CVE-2008-1447", "CVE-2008-1483", "CVE-2008-1657", "CVE-2008-1833", "CVE-2008-1835", "CVE-2008-1836", "CVE-2008-1837", "CVE-2008-2305", "CVE-2008-2312", "CVE-2008-2327", "CVE-2008-2329", "CVE-2008-2330", "CVE-2008-2331", "CVE-2008-2332", "CVE-2008-2376", "CVE-2008-2713", "CVE-2008-3215", "CVE-2008-3608", "CVE-2008-3609", "CVE-2008-3610", "CVE-2008-3611", "CVE-2008-3613", "CVE-2008-3614", "CVE-2008-3616", "CVE-2008-3617", "CVE-2008-3618", "CVE-2008-3619", "CVE-2008-3621", "CVE-2008-3622" ); script_bugtraq_id( 28444, 28531, 28756, 28770, 28784, 29750, 30131, 30832, 31086, 31189 ); script_xref(name:"IAVA", value:"2008-A-0045"); script_name(english:"Mac OS X 10.5.x < 10.5.5 Multiple Vulnerabilities"); script_summary(english:"Check the version of Mac OS X"); script_set_attribute(attribute:"synopsis", value: "The remote host is missing a Mac OS X update that fixes various security issues." ); script_set_attribute(attribute:"description", value: "The remote host is running a version of Mac OS X 10.5.x that is prior to 10.5.5. Mac OS X 10.5.5 contains security fixes for a number of programs." ); script_set_attribute(attribute:"see_also", value:"http://support.apple.com/kb/HT3137" ); script_set_attribute(attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2008/Sep/msg00005.html" ); script_set_attribute(attribute:"solution", value: "Upgrade to Mac OS X 10.5.5 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(20, 79, 119, 189, 200, 255, 264, 287, 399); script_set_attribute(attribute:"plugin_publication_date", value: "2008/09/16"); script_set_attribute(attribute:"patch_publication_date", value: "2008/09/15"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x"); script_set_attribute(attribute:"stig_severity", value:"I"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc."); script_dependencies("ssh_get_info.nasl", "os_fingerprint.nasl"); exit(0); } os = get_kb_item("Host/MacOSX/Version"); if (!os) os = get_kb_item("Host/OS"); if (!os) exit(0); if (ereg(pattern:"Mac OS X 10\.5\.[0-4]([^0-9]|$)", string:os)) security_hole(0);
References
- http://lists.apple.com/archives/security-announce//2008/Nov/msg00001.html
- http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html
- http://secunia.com/advisories/31882
- http://secunia.com/advisories/32706
- http://support.apple.com/kb/HT3276
- http://support.apple.com/kb/HT3298
- http://www.securityfocus.com/bid/31189
- http://www.securitytracker.com/id?1020876
- http://www.us-cert.gov/cas/techalerts/TA08-260A.html
- http://www.vupen.com/english/advisories/2008/2584
- http://www.vupen.com/english/advisories/2008/3107
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45168