Vulnerabilities > CVE-2009-0151 - Unspecified vulnerability in Apple mac OS X and mac OS X Server
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN apple
nessus
Summary
The screen saver in Dock in Apple Mac OS X 10.5 before 10.5.8 does not prevent four-finger Multi-Touch gestures, which allows physically proximate attackers to bypass locking and "manage applications or use Expose" via unspecified vectors.
Vulnerable Configurations
Nessus
NASL family | MacOS X Local Security Checks |
NASL id | MACOSX_10_5_8.NASL |
description | The remote host is running a version of Mac OS X 10.5.x that is prior to 10.5.8. Mac OS X 10.5.8 contains security fixes for the following products : - bzip2 - CFNetwork - ColorSync - CoreTypes - Dock - Image RAW - ImageIO - Kernel - launchd - Login Window - MobileMe - Networking - XQuery |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 40502 |
published | 2009-08-05 |
reporter | This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/40502 |
title | Mac OS X 10.5.x < 10.5.8 Multiple Vulnerabilities |
code |
|
Seebug
bulletinFamily | exploit |
description | Bugraq ID: 35954 CVE ID:CVE-2009-1723 CVE-2009-1726 CVE-2009-1727 CVE-2009-0151 CVE-2009-1728 CVE-2009-2188 CVE-2009-2190 CVE-2009-2191 CVE-2009-2192 CVE-2009-2193 CVE-2009-2194 CNCVE ID:CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20092188 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 CNCVE-20092194 Apple Mac OS X是一款基于BSD的操作系统。 Apple Mac OS X安全升级2009-003修复多个安全漏洞: CVE-ID: CVE-2008-1372: CNCVE ID:CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20092188 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 CNCVE-20092194 CNCVE-20081372 bzip2存在越界内存发那个吻问题,构建恶意的压缩文件,诱使用户打开可导致应用程序崩溃。 CVE-ID: CVE-2009-1723: CNCVE ID:CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20092188 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 CNCVE-20092194 CNCVE-20081372 CNCVE-20091723 当Safari访问到通过302重定向的WEB站点时,会提示证书警告,此警告会包含原始WEB站点URL来代替当前WEB站点URL,这允许恶意构建的WEB站点可控制显示在证书警告中的WEB站点URL,导致用户盲目信任。 CVE-ID: CVE-2009-1726: CNCVE ID:CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20092188 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 CNCVE-20092194 CNCVE-20081372 CNCVE-20091723 CNCVE-20091726 打开一个特殊构建的使用嵌入式ColorSync配置文件的图像时可导致应用程序崩溃。 CVE-ID: CVE-2009-1727: CNCVE ID:CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20092188 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 CNCVE-20092194 CNCVE-20081372 CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 打开部分不安全内容类型时没有对用户提示警告,可导致恶意脚本代码负载执行。 CVE-ID: CVE-2009-0151: CNCVE ID:CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20092188 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 CNCVE-20092194 CNCVE-20081372 CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 屏幕保护没有正确阻断four-finger Multi-Touch gestures多点触控,允许物理访问的用户可管理应用程序。 CVE-ID: CVE-2009-1728: CNCVE ID:CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20092188 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 CNCVE-20092194 CNCVE-20081372 CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 处理Canon RAW图像存在多个栈缓冲区溢出。 CVE-ID: CVE-2009-1722: CNCVE ID:CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20092188 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 CNCVE-20092194 CNCVE-20081372 CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20091722 ImageIO处理OpenEXR图像存在堆缓冲区溢出。 CVE-ID: CVE-2009-1721: CNCVE ID:CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20092188 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 CNCVE-20092194 CNCVE-20081372 CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20091722 CNCVE-20091721 ImageIO处理OpenEXR图像存在未初始化内存访问问题,可导致应用程序崩溃或任意代码执行 。 CVE-ID: CVE-2009-1720: CNCVE ID:CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20092188 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 CNCVE-20092194 CNCVE-20081372 CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20091722 CNCVE-20091721 CNCVE-20091720 ImageIO处理OpenEXR图像存在整数溢出问题,可导致应用程序崩溃或任意代码执行。 CVE-ID: CVE-2009-2188: CNCVE ID:CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20092188 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 CNCVE-20092194 CNCVE-20081372 CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20091722 CNCVE-20091721 CNCVE-20091720 CNCVE-20092188 ImageIO处理EXIF元数据存在缓冲区溢出问题,可导致应用程序崩溃或任意代码执行。 CVE-ID: CVE-2009-0040: CNCVE ID:CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20092188 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 CNCVE-20092194 CNCVE-20081372 CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20091722 CNCVE-20091721 CNCVE-20091720 CNCVE-20092188 CNCVE-20090040 处理PNG图像存在未初始化指针问题,构建特殊的PNG诱使用户处理可导致应用程序崩溃或任意代码执行。 CVE-ID: CVE-2009-1235: CNCVE ID:CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20092188 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 CNCVE-20092194 CNCVE-20081372 CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20091722 CNCVE-20091721 CNCVE-20091720 CNCVE-20092188 CNCVE-20090040 CNCVE-20091235 内核fcntl系统调用处理存在实现错误,本地攻击者可以覆盖内核内存以系统特权执行任意代码。 CVE-ID: CVE-2009-2190: CNCVE ID:CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20092188 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 CNCVE-20092194 CNCVE-20081372 CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20091722 CNCVE-20091721 CNCVE-20091720 CNCVE-20092188 CNCVE-20090040 CNCVE-20091235 CNCVE-20092190 对基于inetd的launchd服务打开多个连接,可导致launchd停止对外连接的响应。 CVE-ID: CVE-2009-2191: CNCVE ID:CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20092188 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 CNCVE-20092194 CNCVE-20081372 CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20091722 CNCVE-20091721 CNCVE-20091720 CNCVE-20092188 CNCVE-20090040 CNCVE-20091235 CNCVE-20092190 CNCVE-20092191 登录窗口处理应用程序名存在格式串问题,可导致应用程序崩溃或任意代码执行。 CVE-ID: CVE-2009-2192: CNCVE ID:CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20092188 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 CNCVE-20092194 CNCVE-20081372 CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20091722 CNCVE-20091721 CNCVE-20091720 CNCVE-20092188 CNCVE-20090040 CNCVE-20091235 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 MobileMe存在一个逻辑错误,在退出时没有删除所有凭据,本地用户可以访问其他MobileMe帐户相关资源。 CVE-ID: CVE-2009-2193: CNCVE ID:CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20092188 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 CNCVE-20092194 CNCVE-20081372 CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20091722 CNCVE-20091721 CNCVE-20091720 CNCVE-20092188 CNCVE-20090040 CNCVE-20091235 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 内核处理 AppleTalk应答报文存在缓冲区溢出,可导致以系统权限执行任意指令。 CVE-ID: CVE-2009-2194: CNCVE ID:CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20092188 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 CNCVE-20092194 CNCVE-20081372 CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20091722 CNCVE-20091721 CNCVE-20091720 CNCVE-20092188 CNCVE-20090040 CNCVE-20091235 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 CNCVE-20092194 处理通过本地套接字共享的文件描述符存在同步问题,通过发送包含文件描述符的消息给没有接收者的套接字,本地用户可导致系统崩溃。 CVE-ID: CVE-2008-0674: CNCVE ID:CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20092188 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 CNCVE-20092194 CNCVE-20081372 CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20091722 CNCVE-20091721 CNCVE-20091720 CNCVE-20092188 CNCVE-20090040 CNCVE-20091235 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 CNCVE-20092194 CNCVE-20080674 XQuery使用的PCRE库处理规则表达式中的字符类存在缓冲区溢出,构建恶意的XML内容诱使用户访问可触发此漏洞。 Apple Mac OS X Server 10.5.7 Apple Mac OS X Server 10.5.6 Apple Mac OS X Server 10.5.5 Apple Mac OS X Server 10.5.4 Apple Mac OS X Server 10.5.3 Apple Mac OS X Server 10.5.2 Apple Mac OS X Server 10.5.1 Apple Mac OS X Server 10.4.11 Apple Mac OS X Server 10.4.11 Apple Mac OS X Server 10.4.10 Apple Mac OS X Server 10.4.9 Apple Mac OS X Server 10.4.8 Apple Mac OS X Server 10.4.7 Apple Mac OS X Server 10.4.6 Apple Mac OS X Server 10.4.5 Apple Mac OS X Server 10.4.4 Apple Mac OS X Server 10.4.3 Apple Mac OS X Server 10.4.2 Apple Mac OS X Server 10.4.1 Apple Mac OS X Server 10.4 Apple Mac OS X Server 10.5 Apple Mac OS X 10.5.7 Apple Mac OS X 10.5.6 Apple Mac OS X 10.5.5 Apple Mac OS X 10.5.4 Apple Mac OS X 10.5.3 Apple Mac OS X 10.5.2 Apple Mac OS X 10.5.1 Apple Mac OS X 10.4.11 Apple Mac OS X 10.4.11 Apple Mac OS X 10.4.10 Apple Mac OS X 10.4.9 Apple Mac OS X 10.4.8 Apple Mac OS X 10.4.7 Apple Mac OS X 10.4.6 Apple Mac OS X 10.4.5 Apple Mac OS X 10.4.4 Apple Mac OS X 10.4.3 Apple Mac OS X 10.4.2 Apple Mac OS X 10.4.1 Apple Mac OS X 10.4 Apple Mac OS X 10.5 厂商解决方案 用户可联系供应商获得升级补丁: Apple Mac OS X Server 10.5 Apple MacOSXServerUpdCombo10.5.8.dmg http://www.apple.com/support/downloads/ Apple Mac OS X 10.5 Apple MacOSXUpdCombo10.5.8.dmg http://www.apple.com/support/downloads/ Apple Mac OS X Server 10.4.11 Apple SecUpdSrvr2009-003PPC.dmg PowerPC http://www.apple.com/support/downloads/ Apple SecUpdSrvr2009-003Univ.dmg Universal http://www.apple.com/support/downloads/ Apple Mac OS X 10.4.11 Apple SecUpd2009-003Intel.dmg Intel http://www.apple.com/support/downloads/ Apple SecUpd2009-003PPC.dmg PPC http://www.apple.com/support/downloads/ Apple Mac OS X 10.5.1 Apple MacOSXUpdCombo10.5.8.dmg http://www.apple.com/support/downloads/ Apple Mac OS X Server 10.5.1 Apple MacOSXServerUpdCombo10.5.8.dmg http://www.apple.com/support/downloads/ Apple Mac OS X 10.5.2 Apple MacOSXUpdCombo10.5.8.dmg http://www.apple.com/support/downloads/ Apple Mac OS X Server 10.5.2 Apple MacOSXServerUpdCombo10.5.8.dmg http://www.apple.com/support/downloads/ Apple Mac OS X 10.5.3 Apple MacOSXUpdCombo10.5.8.dmg http://www.apple.com/support/downloads/ Apple Mac OS X Server 10.5.3 Apple MacOSXServerUpdCombo10.5.8.dmg http://www.apple.com/support/downloads/ Apple Mac OS X 10.5.4 Apple MacOSXUpdCombo10.5.8.dmg http://www.apple.com/support/downloads/ Apple Mac OS X Server 10.5.4 Apple MacOSXServerUpdCombo10.5.8.dmg http://www.apple.com/support/downloads/ Apple Mac OS X Server 10.5.5 Apple MacOSXServerUpdCombo10.5.8.dmg http://www.apple.com/support/downloads/ Apple Mac OS X 10.5.5 Apple MacOSXUpdCombo10.5.8.dmg http://www.apple.com/support/downloads/ Apple Mac OS X 10.5.6 Apple MacOSXUpdCombo10.5.8.dmg http://www.apple.com/support/downloads/ Apple Mac OS X Server 10.5.6 Apple MacOSXServerUpdCombo10.5.8.dmg http://www.apple.com/support/downloads/ Apple Mac OS X Server 10.5.7 Apple MacOSXServerUpd10.5.8.dmg http://www.apple.com/support/downloads/ Apple Mac OS X 10.5.7 Apple MacOSXUpd10.5.8.dmg http://www.apple.com/support/downloads/ |
id | SSV:11998 |
last seen | 2017-11-19 |
modified | 2009-08-06 |
published | 2009-08-06 |
reporter | Root |
title | Apple Mac OS X 2009-003修补多个安全漏洞 |
References
- http://support.apple.com/kb/HT3757
- http://www.securityfocus.com/bid/35954
- http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html
- http://www.vupen.com/english/advisories/2009/2172
- http://secunia.com/advisories/36096
- http://osvdb.org/56847
- http://www.us-cert.gov/cas/techalerts/TA09-218A.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/52421