Vulnerabilities > CVE-2009-1726 - Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server

047910
CVSS 9.3 - CRITICAL
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
apple
CWE-119
critical
nessus

Summary

Heap-based buffer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5 before 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted image containing an embedded ColorSync profile.

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
  • Client-side Injection-induced Buffer Overflow
    This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
  • Filter Failure through Buffer Overflow
    In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
  • MIME Conversion
    An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.

Nessus

  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_10_5_8.NASL
    descriptionThe remote host is running a version of Mac OS X 10.5.x that is prior to 10.5.8. Mac OS X 10.5.8 contains security fixes for the following products : - bzip2 - CFNetwork - ColorSync - CoreTypes - Dock - Image RAW - ImageIO - Kernel - launchd - Login Window - MobileMe - Networking - XQuery
    last seen2020-06-01
    modified2020-06-02
    plugin id40502
    published2009-08-05
    reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40502
    titleMac OS X 10.5.x < 10.5.8 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    
    if (!defined_func("bn_random")) exit(0);
    if (NASL_LEVEL < 3004) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(40502);
      script_version("1.23");
    
      script_cve_id("CVE-2008-0674", "CVE-2008-1372", "CVE-2009-0040", "CVE-2009-0151", "CVE-2009-1235",
                    "CVE-2009-1720", "CVE-2009-1721", "CVE-2009-1722", "CVE-2009-1723", "CVE-2009-1726",
                    "CVE-2009-1727", "CVE-2009-1728", "CVE-2009-2188", "CVE-2009-2190", "CVE-2009-2191",
                    "CVE-2009-2192", "CVE-2009-2193", "CVE-2009-2194");
      script_bugtraq_id(27786, 28286, 33827, 34203, 35838, 36025);
    
      script_name(english:"Mac OS X 10.5.x < 10.5.8 Multiple Vulnerabilities");
      script_summary(english:"Check the version of Mac OS X");
    
      script_set_attribute( attribute:"synopsis",  value:
    "The remote host is missing a Mac OS X update that fixes various
    security issues."  );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is running a version of Mac OS X 10.5.x that is prior
    to 10.5.8. 
    
    Mac OS X 10.5.8 contains security fixes for the following products :
    
      - bzip2
      - CFNetwork
      - ColorSync
      - CoreTypes
      - Dock
      - Image RAW
      - ImageIO
      - Kernel
      - launchd
      - Login Window
      - MobileMe
      - Networking
      - XQuery"  );
      script_set_attribute(
        attribute:"see_also", 
        value:"http://support.apple.com/kb/HT3757"
      );
      script_set_attribute(
        attribute:"see_also", 
        value:"http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Upgrade to Mac OS X 10.5.8 or later."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_cwe_id(16, 94, 119, 134, 189, 255, 264, 399);
      script_set_attribute(
        attribute:"vuln_publication_date", 
        value:"2009/08/05"
      );
      script_set_attribute(
        attribute:"patch_publication_date", 
        value:"2009/08/05"
      );
      script_set_attribute(
        attribute:"plugin_publication_date", 
        value:"2009/08/05"
      );
     script_cvs_date("Date: 2018/07/16 12:48:31");
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x");
      script_end_attributes();
     
      script_category(ACT_GATHER_INFO);
      script_family(english:"MacOS X Local Security Checks");
     
      script_copyright(english:"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.");
     
      script_dependencies("ssh_get_info.nasl", "os_fingerprint.nasl");
    
     exit(0);
    }
    
    
    os = get_kb_item("Host/MacOSX/Version");
    if (!os) os = get_kb_item("Host/OS");
    if (!os) exit(1, "The 'Host/MacOSX/Version' and 'Host/OS' KB items are missing.");
    
    if (ereg(pattern:"Mac OS X 10\.5\.[0-7]([^0-9]|$)", string:os)) security_hole(0);
    else exit(0, "The host is not affected.");
    
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SECUPD2009-003.NASL
    descriptionThe remote host is running a version of Mac OS X 10.4 that does not have Security Update 2009-003 applied. This security update contains fixes for the following products : - bzip2 - ColorSync - ImageIO - Login Window
    last seen2020-06-01
    modified2020-06-02
    plugin id40501
    published2009-08-05
    reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40501
    titleMac OS X Multiple Vulnerabilities (Security Update 2009-003)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    
    if (!defined_func("bn_random")) exit(0);
    
    
    include("compat.inc");
    
    
    if (description)
    {
      script_id(40501);
      script_version("1.20");
    
      script_cve_id("CVE-2008-1372", "CVE-2009-0040", "CVE-2009-1720", "CVE-2009-1721",
                    "CVE-2009-1722", "CVE-2009-1726", "CVE-2009-2191");
      script_bugtraq_id(28286, 33827, 35838);
    
      script_name(english:"Mac OS X Multiple Vulnerabilities (Security Update 2009-003)");
      script_summary(english:"Check for the presence of Security Update 2009-003");
    
      script_set_attribute(  attribute:"synopsis",  value:
    "The remote host is missing a Mac OS X update that fixes various
    security issues."  );
      script_set_attribute(  attribute:"description",   value:
    "The remote host is running a version of Mac OS X 10.4 that does not
    have Security Update 2009-003 applied.
    
    This security update contains fixes for the following products :
    
      - bzip2
      - ColorSync
      - ImageIO
      - Login Window"  );
      script_set_attribute(
        attribute:"see_also", 
        value:"http://support.apple.com/kb/HT3757"
      );
      script_set_attribute(
        attribute:"see_also", 
        value:"http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Install Security Update 2009-003 or later."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(16, 94, 119, 134, 189);
      script_set_attribute(
        attribute:"vuln_publication_date", 
        value:"2009/08/05"
      );
      script_set_attribute(
        attribute:"patch_publication_date", 
        value:"2009/08/05"
      );
      script_set_attribute(
        attribute:"plugin_publication_date", 
        value:"2009/08/05"
      );
     script_cvs_date("Date: 2018/07/14  1:59:35");
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"MacOS X Local Security Checks");
      script_copyright(english:"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.");
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/MacOSX/packages", "Host/uname");
      exit(0);
    }
    
    #
    
    uname = get_kb_item("Host/uname");
    if (!uname) exit(1, "The 'Host/uname' KB item is missing.");
    
    if (egrep(pattern:"Darwin.* (8\.[0-9]\.|8\.1[01]\.)", string:uname))
    {
      packages = get_kb_item("Host/MacOSX/packages");
      if (!packages) exit(1, "The 'Host/MacOSX/packages' KB item is missing.");
    
      if (!egrep(pattern:"^SecUpd(Srvr)?(2009-00[3-5]|20[1-9][0-9]-)", string:packages))
        security_hole(0);
    }
    else exit(0, "The host is not affected.");
    
  • NASL familyPeer-To-Peer File Sharing
    NASL idITUNES_9_2_BANNER.NASL
    descriptionThe version of Apple iTunes on the remote host is prior to version 9.2. It is, therefore, affected by multiple vulnerabilities : - A heap-based buffer overflow vulnerability exists in the handling of images with an embedded ColorSync profile. By using a specially crafted image, a remote attacker can exploit this to cause a denial of service or execute arbitrary code. (CVE-2009-1726) - Multiple integer overflow vulnerabilities exist in ImageIO
    last seen2020-06-01
    modified2020-06-02
    plugin id47038
    published2010-06-17
    reporterThis script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/47038
    titleApple iTunes < 9.2 Multiple Vulnerabilities (uncredentialed check)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(47038);
      script_version("1.23");
      script_cvs_date("Date: 2018/11/15 20:50:24");
    
      script_cve_id(
        "CVE-2009-1726",
        "CVE-2010-0544",
        "CVE-2010-1119",
        "CVE-2010-1387",
        "CVE-2010-1390",
        "CVE-2010-1392",
        "CVE-2010-1393",
        "CVE-2010-1395",
        "CVE-2010-1396",
        "CVE-2010-1397",
        "CVE-2010-1398",
        "CVE-2010-1399",
        "CVE-2010-1400",
        "CVE-2010-1401",
        "CVE-2010-1402",
        "CVE-2010-1403",
        "CVE-2010-1404",
        "CVE-2010-1405",
        "CVE-2010-1408",
        "CVE-2010-1409",
        "CVE-2010-1410",
        "CVE-2010-1411",
        "CVE-2010-1412",
        "CVE-2010-1414",
        "CVE-2010-1415",
        "CVE-2010-1416",
        "CVE-2010-1417",
        "CVE-2010-1418",
        "CVE-2010-1419",
        "CVE-2010-1421",
        "CVE-2010-1422",
        "CVE-2010-1749",
        "CVE-2010-1758",
        "CVE-2010-1759",
        "CVE-2010-1761",
        "CVE-2010-1763",
        "CVE-2010-1769",
        "CVE-2010-1770",
        "CVE-2010-1771",
        "CVE-2010-1774"
      );
      script_bugtraq_id(40657, 40663, 40697, 40710, 41053, 41054, 41125);
    
      script_name(english:"Apple iTunes < 9.2 Multiple Vulnerabilities (uncredentialed check)");
      script_summary(english:"Checks the version of iTunes.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote host contains a multimedia application that has multiple
    vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of Apple iTunes on the remote host is prior to version
    9.2. It is, therefore, affected by multiple vulnerabilities :
    
      - A heap-based buffer overflow vulnerability exists in the
        handling of images with an embedded ColorSync profile.
        By using a specially crafted image, a remote attacker
        can exploit this to cause a denial of service or execute
        arbitrary code. (CVE-2009-1726)
    
      - Multiple integer overflow vulnerabilities exist in
        ImageIO's handling of TIFF files. By using a specially
        crafted TIFF file, a remote attacker can exploit these
        to cause a denial of service or execute arbitrary code.
        (CVE-2010-1411)
    
      - The WebKit component contains multiple vulnerabilities
        that can be exploited, including the execution of
        arbitrary code.
        (CVE-2010-0544, CVE-2010-1119, CVE-2010-1387,
        CVE-2010-1390, CVE-2010-1392, CVE-2010-1393,
        CVE-2010-1395, CVE-2010-1396, CVE-2010-1397,
        CVE-2010-1398, CVE-2010-1399, CVE-2010-1400,
        CVE-2010-1401, CVE-2010-1402, CVE-2010-1403,
        CVE-2010-1404, CVE-2010-1405, CVE-2010-1408,
        CVE-2010-1409, CVE-2010-1410, CVE-2010-1412,
        CVE-2010-1414, CVE-2010-1415, CVE-2010-1416,
        CVE-2010-1417, CVE-2010-1418, CVE-2010-1419,
        CVE-2010-1421, CVE-2010-1422, CVE-2010-1749,
        CVE-2010-1758, CVE-2010-1759, CVE-2010-1761,
        CVE-2010-1763, CVE-2010-1769, CVE-2010-1770,
        CVE-2010-1771, CVE-2010-1774)");
      script_set_attribute(attribute:"see_also", value:"https://support.apple.com/en-us/HT4220");
      script_set_attribute(attribute:"see_also", value:"https://lists.apple.com/archives/security-announce/2010/Jun/msg00002.html");
      script_set_attribute(attribute:"solution", value:"Upgrade to Apple iTunes 9.2 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_cwe_id(119);
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2010/06/16");
      script_set_attribute(attribute:"patch_publication_date", value:"2010/06/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2010/06/17");
    
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:itunes");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Peer-To-Peer File Sharing");
    
      script_copyright(english:"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.");
    
      script_dependencies("itunes_sharing.nasl");
      script_require_keys("iTunes/sharing");
      script_require_ports("Services/www", 3689);
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("http.inc");
    
    port = get_http_port(default:3689, embedded:TRUE, ignore_broken:TRUE);
    
    get_kb_item_or_exit("iTunes/" + port + "/enabled");
    
    type = get_kb_item_or_exit("iTunes/" + port + "/type");
    source = get_kb_item_or_exit("iTunes/" + port + "/source");
    version = get_kb_item_or_exit("iTunes/" + port + "/version");
    
    if (type != 'Windows') audit(AUDIT_OS_NOT, "Windows");
    
    fixed_version = "9.2";
    
    if (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)
    {
      if (report_verbosity > 0)
      {
        report = '\n  Version source    : ' + source +
                 '\n  Installed version : ' + version +
                 '\n  Fixed version     : ' + fixed_version + '\n';
        security_hole(port:port, extra:report);
      }
      else security_hole(port);
    }
    else audit(AUDIT_LISTEN_NOT_VULN, "iTunes", port, version);
    
  • NASL familyWindows
    NASL idSAFARI_5_0.NASL
    descriptionThe version of Safari installed on the remote Windows host is earlier than 5.0. As such, it is potentially affected by numerous issues in the following components : - ColorSync - Safari - WebKit
    last seen2020-06-01
    modified2020-06-02
    plugin id46838
    published2010-06-08
    reporterThis script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/46838
    titleSafari < 5.0 Multiple Vulnerabilities
  • NASL familyWindows
    NASL idITUNES_9_2.NASL
    descriptionThe version of Apple iTunes installed on the remote Windows host is older than 9.2. As such, it may be affected by multiple vulnerabilities : - A heap-based buffer overflow in the handling of images with an embedded ColorSync profile may lead to an application crash or arbitrary code execution. (CVE-2009-1726) - Multiple integer overflows in ImageIO
    last seen2020-06-01
    modified2020-06-02
    plugin id47037
    published2010-06-17
    reporterThis script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/47037
    titleApple iTunes < 9.2 Multiple Vulnerabilities (credentialed check)

Oval

accepted2013-12-30T04:01:06.099-05:00
classvulnerability
contributors
  • nameJ. Daniel Brown
    organizationDTCC
  • namePreeti Subramanian
    organizationSecPod Technologies
  • nameShane Shaffer
    organizationG2, Inc.
  • nameMaria Kedovskaya
    organizationALTX-SOFT
  • nameMaria Kedovskaya
    organizationALTX-SOFT
definition_extensions
commentApple Safari is installed
ovaloval:org.mitre.oval:def:6325
descriptionHeap-based buffer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5 before 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted image containing an embedded ColorSync profile.
familywindows
idoval:org.mitre.oval:def:7499
statusaccepted
submitted2010-06-08T17:30:00.000-05:00
titleColorSync in Apple Safari Heap Buffer Overflow Vulnerability
version14

Seebug

bulletinFamilyexploit
descriptionBugraq ID: 35954 CVE ID:CVE-2009-1723 CVE-2009-1726 CVE-2009-1727 CVE-2009-0151 CVE-2009-1728 CVE-2009-2188 CVE-2009-2190 CVE-2009-2191 CVE-2009-2192 CVE-2009-2193 CVE-2009-2194 CNCVE ID:CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20092188 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 CNCVE-20092194 Apple Mac OS X是一款基于BSD的操作系统。 Apple Mac OS X安全升级2009-003修复多个安全漏洞: CVE-ID: CVE-2008-1372: CNCVE ID:CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20092188 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 CNCVE-20092194 CNCVE-20081372 bzip2存在越界内存发那个吻问题,构建恶意的压缩文件,诱使用户打开可导致应用程序崩溃。 CVE-ID: CVE-2009-1723: CNCVE ID:CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20092188 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 CNCVE-20092194 CNCVE-20081372 CNCVE-20091723 当Safari访问到通过302重定向的WEB站点时,会提示证书警告,此警告会包含原始WEB站点URL来代替当前WEB站点URL,这允许恶意构建的WEB站点可控制显示在证书警告中的WEB站点URL,导致用户盲目信任。 CVE-ID: CVE-2009-1726: CNCVE ID:CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20092188 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 CNCVE-20092194 CNCVE-20081372 CNCVE-20091723 CNCVE-20091726 打开一个特殊构建的使用嵌入式ColorSync配置文件的图像时可导致应用程序崩溃。 CVE-ID: CVE-2009-1727: CNCVE ID:CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20092188 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 CNCVE-20092194 CNCVE-20081372 CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 打开部分不安全内容类型时没有对用户提示警告,可导致恶意脚本代码负载执行。 CVE-ID: CVE-2009-0151: CNCVE ID:CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20092188 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 CNCVE-20092194 CNCVE-20081372 CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 屏幕保护没有正确阻断four-finger Multi-Touch gestures多点触控,允许物理访问的用户可管理应用程序。 CVE-ID: CVE-2009-1728: CNCVE ID:CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20092188 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 CNCVE-20092194 CNCVE-20081372 CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 处理Canon RAW图像存在多个栈缓冲区溢出。 CVE-ID: CVE-2009-1722: CNCVE ID:CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20092188 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 CNCVE-20092194 CNCVE-20081372 CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20091722 ImageIO处理OpenEXR图像存在堆缓冲区溢出。 CVE-ID: CVE-2009-1721: CNCVE ID:CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20092188 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 CNCVE-20092194 CNCVE-20081372 CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20091722 CNCVE-20091721 ImageIO处理OpenEXR图像存在未初始化内存访问问题,可导致应用程序崩溃或任意代码执行 。 CVE-ID: CVE-2009-1720: CNCVE ID:CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20092188 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 CNCVE-20092194 CNCVE-20081372 CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20091722 CNCVE-20091721 CNCVE-20091720 ImageIO处理OpenEXR图像存在整数溢出问题,可导致应用程序崩溃或任意代码执行。 CVE-ID: CVE-2009-2188: CNCVE ID:CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20092188 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 CNCVE-20092194 CNCVE-20081372 CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20091722 CNCVE-20091721 CNCVE-20091720 CNCVE-20092188 ImageIO处理EXIF元数据存在缓冲区溢出问题,可导致应用程序崩溃或任意代码执行。 CVE-ID: CVE-2009-0040: CNCVE ID:CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20092188 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 CNCVE-20092194 CNCVE-20081372 CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20091722 CNCVE-20091721 CNCVE-20091720 CNCVE-20092188 CNCVE-20090040 处理PNG图像存在未初始化指针问题,构建特殊的PNG诱使用户处理可导致应用程序崩溃或任意代码执行。 CVE-ID: CVE-2009-1235: CNCVE ID:CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20092188 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 CNCVE-20092194 CNCVE-20081372 CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20091722 CNCVE-20091721 CNCVE-20091720 CNCVE-20092188 CNCVE-20090040 CNCVE-20091235 内核fcntl系统调用处理存在实现错误,本地攻击者可以覆盖内核内存以系统特权执行任意代码。 CVE-ID: CVE-2009-2190: CNCVE ID:CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20092188 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 CNCVE-20092194 CNCVE-20081372 CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20091722 CNCVE-20091721 CNCVE-20091720 CNCVE-20092188 CNCVE-20090040 CNCVE-20091235 CNCVE-20092190 对基于inetd的launchd服务打开多个连接,可导致launchd停止对外连接的响应。 CVE-ID: CVE-2009-2191: CNCVE ID:CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20092188 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 CNCVE-20092194 CNCVE-20081372 CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20091722 CNCVE-20091721 CNCVE-20091720 CNCVE-20092188 CNCVE-20090040 CNCVE-20091235 CNCVE-20092190 CNCVE-20092191 登录窗口处理应用程序名存在格式串问题,可导致应用程序崩溃或任意代码执行。 CVE-ID: CVE-2009-2192: CNCVE ID:CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20092188 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 CNCVE-20092194 CNCVE-20081372 CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20091722 CNCVE-20091721 CNCVE-20091720 CNCVE-20092188 CNCVE-20090040 CNCVE-20091235 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 MobileMe存在一个逻辑错误,在退出时没有删除所有凭据,本地用户可以访问其他MobileMe帐户相关资源。 CVE-ID: CVE-2009-2193: CNCVE ID:CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20092188 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 CNCVE-20092194 CNCVE-20081372 CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20091722 CNCVE-20091721 CNCVE-20091720 CNCVE-20092188 CNCVE-20090040 CNCVE-20091235 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 内核处理 AppleTalk应答报文存在缓冲区溢出,可导致以系统权限执行任意指令。 CVE-ID: CVE-2009-2194: CNCVE ID:CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20092188 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 CNCVE-20092194 CNCVE-20081372 CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20091722 CNCVE-20091721 CNCVE-20091720 CNCVE-20092188 CNCVE-20090040 CNCVE-20091235 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 CNCVE-20092194 处理通过本地套接字共享的文件描述符存在同步问题,通过发送包含文件描述符的消息给没有接收者的套接字,本地用户可导致系统崩溃。 CVE-ID: CVE-2008-0674: CNCVE ID:CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20092188 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 CNCVE-20092194 CNCVE-20081372 CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20091722 CNCVE-20091721 CNCVE-20091720 CNCVE-20092188 CNCVE-20090040 CNCVE-20091235 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 CNCVE-20092194 CNCVE-20080674 XQuery使用的PCRE库处理规则表达式中的字符类存在缓冲区溢出,构建恶意的XML内容诱使用户访问可触发此漏洞。 Apple Mac OS X Server 10.5.7 Apple Mac OS X Server 10.5.6 Apple Mac OS X Server 10.5.5 Apple Mac OS X Server 10.5.4 Apple Mac OS X Server 10.5.3 Apple Mac OS X Server 10.5.2 Apple Mac OS X Server 10.5.1 Apple Mac OS X Server 10.4.11 Apple Mac OS X Server 10.4.11 Apple Mac OS X Server 10.4.10 Apple Mac OS X Server 10.4.9 Apple Mac OS X Server 10.4.8 Apple Mac OS X Server 10.4.7 Apple Mac OS X Server 10.4.6 Apple Mac OS X Server 10.4.5 Apple Mac OS X Server 10.4.4 Apple Mac OS X Server 10.4.3 Apple Mac OS X Server 10.4.2 Apple Mac OS X Server 10.4.1 Apple Mac OS X Server 10.4 Apple Mac OS X Server 10.5 Apple Mac OS X 10.5.7 Apple Mac OS X 10.5.6 Apple Mac OS X 10.5.5 Apple Mac OS X 10.5.4 Apple Mac OS X 10.5.3 Apple Mac OS X 10.5.2 Apple Mac OS X 10.5.1 Apple Mac OS X 10.4.11 Apple Mac OS X 10.4.11 Apple Mac OS X 10.4.10 Apple Mac OS X 10.4.9 Apple Mac OS X 10.4.8 Apple Mac OS X 10.4.7 Apple Mac OS X 10.4.6 Apple Mac OS X 10.4.5 Apple Mac OS X 10.4.4 Apple Mac OS X 10.4.3 Apple Mac OS X 10.4.2 Apple Mac OS X 10.4.1 Apple Mac OS X 10.4 Apple Mac OS X 10.5 厂商解决方案 用户可联系供应商获得升级补丁: Apple Mac OS X Server 10.5 Apple MacOSXServerUpdCombo10.5.8.dmg http://www.apple.com/support/downloads/ Apple Mac OS X 10.5 Apple MacOSXUpdCombo10.5.8.dmg http://www.apple.com/support/downloads/ Apple Mac OS X Server 10.4.11 Apple SecUpdSrvr2009-003PPC.dmg PowerPC http://www.apple.com/support/downloads/ Apple SecUpdSrvr2009-003Univ.dmg Universal http://www.apple.com/support/downloads/ Apple Mac OS X 10.4.11 Apple SecUpd2009-003Intel.dmg Intel http://www.apple.com/support/downloads/ Apple SecUpd2009-003PPC.dmg PPC http://www.apple.com/support/downloads/ Apple Mac OS X 10.5.1 Apple MacOSXUpdCombo10.5.8.dmg http://www.apple.com/support/downloads/ Apple Mac OS X Server 10.5.1 Apple MacOSXServerUpdCombo10.5.8.dmg http://www.apple.com/support/downloads/ Apple Mac OS X 10.5.2 Apple MacOSXUpdCombo10.5.8.dmg http://www.apple.com/support/downloads/ Apple Mac OS X Server 10.5.2 Apple MacOSXServerUpdCombo10.5.8.dmg http://www.apple.com/support/downloads/ Apple Mac OS X 10.5.3 Apple MacOSXUpdCombo10.5.8.dmg http://www.apple.com/support/downloads/ Apple Mac OS X Server 10.5.3 Apple MacOSXServerUpdCombo10.5.8.dmg http://www.apple.com/support/downloads/ Apple Mac OS X 10.5.4 Apple MacOSXUpdCombo10.5.8.dmg http://www.apple.com/support/downloads/ Apple Mac OS X Server 10.5.4 Apple MacOSXServerUpdCombo10.5.8.dmg http://www.apple.com/support/downloads/ Apple Mac OS X Server 10.5.5 Apple MacOSXServerUpdCombo10.5.8.dmg http://www.apple.com/support/downloads/ Apple Mac OS X 10.5.5 Apple MacOSXUpdCombo10.5.8.dmg http://www.apple.com/support/downloads/ Apple Mac OS X 10.5.6 Apple MacOSXUpdCombo10.5.8.dmg http://www.apple.com/support/downloads/ Apple Mac OS X Server 10.5.6 Apple MacOSXServerUpdCombo10.5.8.dmg http://www.apple.com/support/downloads/ Apple Mac OS X Server 10.5.7 Apple MacOSXServerUpd10.5.8.dmg http://www.apple.com/support/downloads/ Apple Mac OS X 10.5.7 Apple MacOSXUpd10.5.8.dmg http://www.apple.com/support/downloads/
idSSV:11998
last seen2017-11-19
modified2009-08-06
published2009-08-06
reporterRoot
titleApple Mac OS X 2009-003修补多个安全漏洞