Vulnerabilities > CVE-2009-1717 - Numeric Errors vulnerability in Apple mac OS X and mac OS X Server
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Integer overflow in Terminal in Apple Mac OS X 10.5 before 10.5.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted size value in a CSI[4 xterm resize escape sequence that triggers a heap-based buffer overflow.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family | MacOS X Local Security Checks |
NASL id | MACOSX_10_5_7.NASL |
description | The remote host is running a version of Mac OS X 10.5.x that is prior to 10.5.7. Mac OS X 10.5.7 contains security fixes for the following products : - Apache - ATS - BIND - CFNetwork - CoreGraphics - Cscope - CUPS - Disk Images - enscript - Flash Player plug-in - Help Viewer - iChat - International Components for Unicode - IPSec - Kerberos - Kernel - Launch Services - libxml - Net-SNMP - Network Time - Networking - OpenSSL - PHP - QuickDraw Manager - ruby - Safari - Spotlight - system_cmds - telnet - Terminal - WebKit - X11 |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 38744 |
published | 2009-05-13 |
reporter | This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/38744 |
title | Mac OS X 10.5.x < 10.5.7 Multiple Vulnerabilities |
code |
|
Seebug
bulletinFamily | exploit |
description | BUGTRAQ ID: 35182 CVE(CAN) ID: CVE-2009-1717 Mac OS X是苹果家族机器所使用的操作系统。 在处理CSI[4 xterm调整窗口大小转义代码中,如果对(x, y)大小设置了很低的负数值,就可能触发整数溢出。攻击者可以通过诱骗用户使用Terminal连接到远程系统(如打开telnet: URL)来利用这个漏洞,导致拒绝服务或执行任意指令。 Apple Mac OS X 10.5.x Apple MacOS X Server 10.5.x 厂商补丁: Apple ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href="http://support.apple.com/downloads/DL827/MacOSXUpdCombo10.5.7.dmg" target="_blank" rel=external nofollow>http://support.apple.com/downloads/DL827/MacOSXUpdCombo10.5.7.dmg</a> <a href="http://support.apple.com/downloads/DL829/MacOSXServerUpdCombo10.5.7.dmg" target="_blank" rel=external nofollow>http://support.apple.com/downloads/DL829/MacOSXServerUpdCombo10.5.7.dmg</a> |
id | SSV:11519 |
last seen | 2017-11-19 |
modified | 2009-06-04 |
published | 2009-06-04 |
reporter | Root |
title | Apple Mac OS X终端调整窗口大小整数溢出漏洞 |