Vulnerabilities > CVE-2009-2191 - USE of Externally-Controlled Format String vulnerability in Apple mac OS X and mac OS X Server
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Format string vulnerability in Login Window in Apple Mac OS X 10.4.11 and 10.5 before 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in an application name.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 | |
| OS | 7 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Format String Injection An attacker includes formatting characters in a string input field on the target application. Most applications assume that users will provide static text and may respond unpredictably to the presence of formatting character. For example, in certain functions of the C programming languages such as printf, the formatting character %s will print the contents of a memory location expecting this location to identify a string and the formatting character %n prints the number of DWORD written in the memory. An attacker can use this to read or write to memory locations or files, or simply to manipulate the value of the resulting text in unexpected ways. Reading or writing memory may result in program crashes and writing memory could result in the execution of arbitrary code if the attacker can write to the program stack.
- String Format Overflow in syslog() This attack targets the format string vulnerabilities in the syslog() function. An attacker would typically inject malicious input in the format string parameter of the syslog function. This is a common problem, and many public vulnerabilities and associated exploits have been posted.
Nessus
NASL family MacOS X Local Security Checks NASL id MACOSX_10_5_8.NASL description The remote host is running a version of Mac OS X 10.5.x that is prior to 10.5.8. Mac OS X 10.5.8 contains security fixes for the following products : - bzip2 - CFNetwork - ColorSync - CoreTypes - Dock - Image RAW - ImageIO - Kernel - launchd - Login Window - MobileMe - Networking - XQuery last seen 2020-06-01 modified 2020-06-02 plugin id 40502 published 2009-08-05 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40502 title Mac OS X 10.5.x < 10.5.8 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # if (!defined_func("bn_random")) exit(0); if (NASL_LEVEL < 3004) exit(0); include("compat.inc"); if (description) { script_id(40502); script_version("1.23"); script_cve_id("CVE-2008-0674", "CVE-2008-1372", "CVE-2009-0040", "CVE-2009-0151", "CVE-2009-1235", "CVE-2009-1720", "CVE-2009-1721", "CVE-2009-1722", "CVE-2009-1723", "CVE-2009-1726", "CVE-2009-1727", "CVE-2009-1728", "CVE-2009-2188", "CVE-2009-2190", "CVE-2009-2191", "CVE-2009-2192", "CVE-2009-2193", "CVE-2009-2194"); script_bugtraq_id(27786, 28286, 33827, 34203, 35838, 36025); script_name(english:"Mac OS X 10.5.x < 10.5.8 Multiple Vulnerabilities"); script_summary(english:"Check the version of Mac OS X"); script_set_attribute( attribute:"synopsis", value: "The remote host is missing a Mac OS X update that fixes various security issues." ); script_set_attribute( attribute:"description", value: "The remote host is running a version of Mac OS X 10.5.x that is prior to 10.5.8. Mac OS X 10.5.8 contains security fixes for the following products : - bzip2 - CFNetwork - ColorSync - CoreTypes - Dock - Image RAW - ImageIO - Kernel - launchd - Login Window - MobileMe - Networking - XQuery" ); script_set_attribute( attribute:"see_also", value:"http://support.apple.com/kb/HT3757" ); script_set_attribute( attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html" ); script_set_attribute( attribute:"solution", value:"Upgrade to Mac OS X 10.5.8 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_cwe_id(16, 94, 119, 134, 189, 255, 264, 399); script_set_attribute( attribute:"vuln_publication_date", value:"2009/08/05" ); script_set_attribute( attribute:"patch_publication_date", value:"2009/08/05" ); script_set_attribute( attribute:"plugin_publication_date", value:"2009/08/05" ); script_cvs_date("Date: 2018/07/16 12:48:31"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc."); script_dependencies("ssh_get_info.nasl", "os_fingerprint.nasl"); exit(0); } os = get_kb_item("Host/MacOSX/Version"); if (!os) os = get_kb_item("Host/OS"); if (!os) exit(1, "The 'Host/MacOSX/Version' and 'Host/OS' KB items are missing."); if (ereg(pattern:"Mac OS X 10\.5\.[0-7]([^0-9]|$)", string:os)) security_hole(0); else exit(0, "The host is not affected.");NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2009-003.NASL description The remote host is running a version of Mac OS X 10.4 that does not have Security Update 2009-003 applied. This security update contains fixes for the following products : - bzip2 - ColorSync - ImageIO - Login Window last seen 2020-06-01 modified 2020-06-02 plugin id 40501 published 2009-08-05 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40501 title Mac OS X Multiple Vulnerabilities (Security Update 2009-003) code # # (C) Tenable Network Security, Inc. # if (!defined_func("bn_random")) exit(0); include("compat.inc"); if (description) { script_id(40501); script_version("1.20"); script_cve_id("CVE-2008-1372", "CVE-2009-0040", "CVE-2009-1720", "CVE-2009-1721", "CVE-2009-1722", "CVE-2009-1726", "CVE-2009-2191"); script_bugtraq_id(28286, 33827, 35838); script_name(english:"Mac OS X Multiple Vulnerabilities (Security Update 2009-003)"); script_summary(english:"Check for the presence of Security Update 2009-003"); script_set_attribute( attribute:"synopsis", value: "The remote host is missing a Mac OS X update that fixes various security issues." ); script_set_attribute( attribute:"description", value: "The remote host is running a version of Mac OS X 10.4 that does not have Security Update 2009-003 applied. This security update contains fixes for the following products : - bzip2 - ColorSync - ImageIO - Login Window" ); script_set_attribute( attribute:"see_also", value:"http://support.apple.com/kb/HT3757" ); script_set_attribute( attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html" ); script_set_attribute( attribute:"solution", value:"Install Security Update 2009-003 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(16, 94, 119, 134, 189); script_set_attribute( attribute:"vuln_publication_date", value:"2009/08/05" ); script_set_attribute( attribute:"patch_publication_date", value:"2009/08/05" ); script_set_attribute( attribute:"plugin_publication_date", value:"2009/08/05" ); script_cvs_date("Date: 2018/07/14 1:59:35"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/MacOSX/packages", "Host/uname"); exit(0); } # uname = get_kb_item("Host/uname"); if (!uname) exit(1, "The 'Host/uname' KB item is missing."); if (egrep(pattern:"Darwin.* (8\.[0-9]\.|8\.1[01]\.)", string:uname)) { packages = get_kb_item("Host/MacOSX/packages"); if (!packages) exit(1, "The 'Host/MacOSX/packages' KB item is missing."); if (!egrep(pattern:"^SecUpd(Srvr)?(2009-00[3-5]|20[1-9][0-9]-)", string:packages)) security_hole(0); } else exit(0, "The host is not affected.");
Seebug
| bulletinFamily | exploit |
| description | Bugraq ID: 35954 CVE ID:CVE-2009-1723 CVE-2009-1726 CVE-2009-1727 CVE-2009-0151 CVE-2009-1728 CVE-2009-2188 CVE-2009-2190 CVE-2009-2191 CVE-2009-2192 CVE-2009-2193 CVE-2009-2194 CNCVE ID:CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20092188 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 CNCVE-20092194 Apple Mac OS X是一款基于BSD的操作系统。 Apple Mac OS X安全升级2009-003修复多个安全漏洞: CVE-ID: CVE-2008-1372: CNCVE ID:CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20092188 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 CNCVE-20092194 CNCVE-20081372 bzip2存在越界内存发那个吻问题,构建恶意的压缩文件,诱使用户打开可导致应用程序崩溃。 CVE-ID: CVE-2009-1723: CNCVE ID:CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20092188 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 CNCVE-20092194 CNCVE-20081372 CNCVE-20091723 当Safari访问到通过302重定向的WEB站点时,会提示证书警告,此警告会包含原始WEB站点URL来代替当前WEB站点URL,这允许恶意构建的WEB站点可控制显示在证书警告中的WEB站点URL,导致用户盲目信任。 CVE-ID: CVE-2009-1726: CNCVE ID:CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20092188 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 CNCVE-20092194 CNCVE-20081372 CNCVE-20091723 CNCVE-20091726 打开一个特殊构建的使用嵌入式ColorSync配置文件的图像时可导致应用程序崩溃。 CVE-ID: CVE-2009-1727: CNCVE ID:CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20092188 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 CNCVE-20092194 CNCVE-20081372 CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 打开部分不安全内容类型时没有对用户提示警告,可导致恶意脚本代码负载执行。 CVE-ID: CVE-2009-0151: CNCVE ID:CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20092188 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 CNCVE-20092194 CNCVE-20081372 CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 屏幕保护没有正确阻断four-finger Multi-Touch gestures多点触控,允许物理访问的用户可管理应用程序。 CVE-ID: CVE-2009-1728: CNCVE ID:CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20092188 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 CNCVE-20092194 CNCVE-20081372 CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 处理Canon RAW图像存在多个栈缓冲区溢出。 CVE-ID: CVE-2009-1722: CNCVE ID:CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20092188 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 CNCVE-20092194 CNCVE-20081372 CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20091722 ImageIO处理OpenEXR图像存在堆缓冲区溢出。 CVE-ID: CVE-2009-1721: CNCVE ID:CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20092188 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 CNCVE-20092194 CNCVE-20081372 CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20091722 CNCVE-20091721 ImageIO处理OpenEXR图像存在未初始化内存访问问题,可导致应用程序崩溃或任意代码执行 。 CVE-ID: CVE-2009-1720: CNCVE ID:CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20092188 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 CNCVE-20092194 CNCVE-20081372 CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20091722 CNCVE-20091721 CNCVE-20091720 ImageIO处理OpenEXR图像存在整数溢出问题,可导致应用程序崩溃或任意代码执行。 CVE-ID: CVE-2009-2188: CNCVE ID:CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20092188 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 CNCVE-20092194 CNCVE-20081372 CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20091722 CNCVE-20091721 CNCVE-20091720 CNCVE-20092188 ImageIO处理EXIF元数据存在缓冲区溢出问题,可导致应用程序崩溃或任意代码执行。 CVE-ID: CVE-2009-0040: CNCVE ID:CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20092188 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 CNCVE-20092194 CNCVE-20081372 CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20091722 CNCVE-20091721 CNCVE-20091720 CNCVE-20092188 CNCVE-20090040 处理PNG图像存在未初始化指针问题,构建特殊的PNG诱使用户处理可导致应用程序崩溃或任意代码执行。 CVE-ID: CVE-2009-1235: CNCVE ID:CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20092188 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 CNCVE-20092194 CNCVE-20081372 CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20091722 CNCVE-20091721 CNCVE-20091720 CNCVE-20092188 CNCVE-20090040 CNCVE-20091235 内核fcntl系统调用处理存在实现错误,本地攻击者可以覆盖内核内存以系统特权执行任意代码。 CVE-ID: CVE-2009-2190: CNCVE ID:CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20092188 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 CNCVE-20092194 CNCVE-20081372 CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20091722 CNCVE-20091721 CNCVE-20091720 CNCVE-20092188 CNCVE-20090040 CNCVE-20091235 CNCVE-20092190 对基于inetd的launchd服务打开多个连接,可导致launchd停止对外连接的响应。 CVE-ID: CVE-2009-2191: CNCVE ID:CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20092188 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 CNCVE-20092194 CNCVE-20081372 CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20091722 CNCVE-20091721 CNCVE-20091720 CNCVE-20092188 CNCVE-20090040 CNCVE-20091235 CNCVE-20092190 CNCVE-20092191 登录窗口处理应用程序名存在格式串问题,可导致应用程序崩溃或任意代码执行。 CVE-ID: CVE-2009-2192: CNCVE ID:CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20092188 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 CNCVE-20092194 CNCVE-20081372 CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20091722 CNCVE-20091721 CNCVE-20091720 CNCVE-20092188 CNCVE-20090040 CNCVE-20091235 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 MobileMe存在一个逻辑错误,在退出时没有删除所有凭据,本地用户可以访问其他MobileMe帐户相关资源。 CVE-ID: CVE-2009-2193: CNCVE ID:CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20092188 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 CNCVE-20092194 CNCVE-20081372 CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20091722 CNCVE-20091721 CNCVE-20091720 CNCVE-20092188 CNCVE-20090040 CNCVE-20091235 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 内核处理 AppleTalk应答报文存在缓冲区溢出,可导致以系统权限执行任意指令。 CVE-ID: CVE-2009-2194: CNCVE ID:CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20092188 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 CNCVE-20092194 CNCVE-20081372 CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20091722 CNCVE-20091721 CNCVE-20091720 CNCVE-20092188 CNCVE-20090040 CNCVE-20091235 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 CNCVE-20092194 处理通过本地套接字共享的文件描述符存在同步问题,通过发送包含文件描述符的消息给没有接收者的套接字,本地用户可导致系统崩溃。 CVE-ID: CVE-2008-0674: CNCVE ID:CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20092188 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 CNCVE-20092194 CNCVE-20081372 CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20091722 CNCVE-20091721 CNCVE-20091720 CNCVE-20092188 CNCVE-20090040 CNCVE-20091235 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 CNCVE-20092194 CNCVE-20080674 XQuery使用的PCRE库处理规则表达式中的字符类存在缓冲区溢出,构建恶意的XML内容诱使用户访问可触发此漏洞。 Apple Mac OS X Server 10.5.7 Apple Mac OS X Server 10.5.6 Apple Mac OS X Server 10.5.5 Apple Mac OS X Server 10.5.4 Apple Mac OS X Server 10.5.3 Apple Mac OS X Server 10.5.2 Apple Mac OS X Server 10.5.1 Apple Mac OS X Server 10.4.11 Apple Mac OS X Server 10.4.11 Apple Mac OS X Server 10.4.10 Apple Mac OS X Server 10.4.9 Apple Mac OS X Server 10.4.8 Apple Mac OS X Server 10.4.7 Apple Mac OS X Server 10.4.6 Apple Mac OS X Server 10.4.5 Apple Mac OS X Server 10.4.4 Apple Mac OS X Server 10.4.3 Apple Mac OS X Server 10.4.2 Apple Mac OS X Server 10.4.1 Apple Mac OS X Server 10.4 Apple Mac OS X Server 10.5 Apple Mac OS X 10.5.7 Apple Mac OS X 10.5.6 Apple Mac OS X 10.5.5 Apple Mac OS X 10.5.4 Apple Mac OS X 10.5.3 Apple Mac OS X 10.5.2 Apple Mac OS X 10.5.1 Apple Mac OS X 10.4.11 Apple Mac OS X 10.4.11 Apple Mac OS X 10.4.10 Apple Mac OS X 10.4.9 Apple Mac OS X 10.4.8 Apple Mac OS X 10.4.7 Apple Mac OS X 10.4.6 Apple Mac OS X 10.4.5 Apple Mac OS X 10.4.4 Apple Mac OS X 10.4.3 Apple Mac OS X 10.4.2 Apple Mac OS X 10.4.1 Apple Mac OS X 10.4 Apple Mac OS X 10.5 厂商解决方案 用户可联系供应商获得升级补丁: Apple Mac OS X Server 10.5 Apple MacOSXServerUpdCombo10.5.8.dmg http://www.apple.com/support/downloads/ Apple Mac OS X 10.5 Apple MacOSXUpdCombo10.5.8.dmg http://www.apple.com/support/downloads/ Apple Mac OS X Server 10.4.11 Apple SecUpdSrvr2009-003PPC.dmg PowerPC http://www.apple.com/support/downloads/ Apple SecUpdSrvr2009-003Univ.dmg Universal http://www.apple.com/support/downloads/ Apple Mac OS X 10.4.11 Apple SecUpd2009-003Intel.dmg Intel http://www.apple.com/support/downloads/ Apple SecUpd2009-003PPC.dmg PPC http://www.apple.com/support/downloads/ Apple Mac OS X 10.5.1 Apple MacOSXUpdCombo10.5.8.dmg http://www.apple.com/support/downloads/ Apple Mac OS X Server 10.5.1 Apple MacOSXServerUpdCombo10.5.8.dmg http://www.apple.com/support/downloads/ Apple Mac OS X 10.5.2 Apple MacOSXUpdCombo10.5.8.dmg http://www.apple.com/support/downloads/ Apple Mac OS X Server 10.5.2 Apple MacOSXServerUpdCombo10.5.8.dmg http://www.apple.com/support/downloads/ Apple Mac OS X 10.5.3 Apple MacOSXUpdCombo10.5.8.dmg http://www.apple.com/support/downloads/ Apple Mac OS X Server 10.5.3 Apple MacOSXServerUpdCombo10.5.8.dmg http://www.apple.com/support/downloads/ Apple Mac OS X 10.5.4 Apple MacOSXUpdCombo10.5.8.dmg http://www.apple.com/support/downloads/ Apple Mac OS X Server 10.5.4 Apple MacOSXServerUpdCombo10.5.8.dmg http://www.apple.com/support/downloads/ Apple Mac OS X Server 10.5.5 Apple MacOSXServerUpdCombo10.5.8.dmg http://www.apple.com/support/downloads/ Apple Mac OS X 10.5.5 Apple MacOSXUpdCombo10.5.8.dmg http://www.apple.com/support/downloads/ Apple Mac OS X 10.5.6 Apple MacOSXUpdCombo10.5.8.dmg http://www.apple.com/support/downloads/ Apple Mac OS X Server 10.5.6 Apple MacOSXServerUpdCombo10.5.8.dmg http://www.apple.com/support/downloads/ Apple Mac OS X Server 10.5.7 Apple MacOSXServerUpd10.5.8.dmg http://www.apple.com/support/downloads/ Apple Mac OS X 10.5.7 Apple MacOSXUpd10.5.8.dmg http://www.apple.com/support/downloads/ |
| id | SSV:11998 |
| last seen | 2017-11-19 |
| modified | 2009-08-06 |
| published | 2009-08-06 |
| reporter | Root |
| title | Apple Mac OS X 2009-003修补多个安全漏洞 |
References
- http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html
- http://osvdb.org/56840
- http://secunia.com/advisories/36096
- http://support.apple.com/kb/HT3757
- http://www.securityfocus.com/bid/35954
- http://www.us-cert.gov/cas/techalerts/TA09-218A.html
- http://www.vupen.com/english/advisories/2009/2172
- https://exchange.xforce.ibmcloud.com/vulnerabilities/52428