Vulnerabilities > CVE-2009-2825 - Cryptographic Issues vulnerability in Apple mac OS X and mac OS X Server
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Certificate Assistant in Apple Mac OS X before 10.6.2 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Signature Spoofing by Key Recreation An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Nessus
NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2009-006.NASL description The remote host is running a version of Mac OS X 10.5 that does not have Security Update 2009-006 applied. This security update contains fixes for the following products : - AFP Client - Adaptive Firewall - Apache - Apache Portable Runtime - ATS - Certificate Assistant - CoreGraphics - CUPS - Dictionary - DirectoryService - Disk Images - Event Monitor - fetchmail - FTP Server - Help Viewer - International Components for Unicode - IOKit - IPSec - libsecurity - libxml - OpenLDAP - OpenSSH - PHP - QuickDraw Manager - QuickLook - FreeRADIUS - Screen Sharing - Spotlight - Subversion last seen 2020-06-01 modified 2020-06-02 plugin id 42433 published 2009-11-09 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42433 title Mac OS X Multiple Vulnerabilities (Security Update 2009-006) code # # (C) Tenable Network Security, Inc. # if (!defined_func("bn_random")) exit(0); if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(42433); script_version("1.27"); script_cve_id( "CVE-2007-5707", "CVE-2007-6698", "CVE-2008-0658", "CVE-2008-5161", "CVE-2009-0023", "CVE-2009-1191", "CVE-2009-1195", "CVE-2009-1574", "CVE-2009-1632", "CVE-2009-1890", "CVE-2009-1891", "CVE-2009-1955", "CVE-2009-1956", "CVE-2009-2408", "CVE-2009-2409", "CVE-2009-2411", "CVE-2009-2412", "CVE-2009-2414", "CVE-2009-2416", "CVE-2009-2666", "CVE-2009-2808", "CVE-2009-2818", "CVE-2009-2819", "CVE-2009-2820", "CVE-2009-2823", "CVE-2009-2824", "CVE-2009-2825", "CVE-2009-2826", "CVE-2009-2827", "CVE-2009-2828", "CVE-2009-2829", "CVE-2009-2831", "CVE-2009-2832", "CVE-2009-2833", "CVE-2009-2834", "CVE-2009-2837", "CVE-2009-2838", "CVE-2009-2839", "CVE-2009-2840", "CVE-2009-3111", "CVE-2009-3291", "CVE-2009-3292", "CVE-2009-3293" ); script_bugtraq_id( 26245, 27778, 34663, 35115, 35221, 35251, 35565, 35623, 35888, 35983, 36263, 36449, 36959, 36961, 36962, 36963, 36964, 36966, 36967, 36972, 36973, 36975, 36977, 36978, 36979, 36982, 36985, 36988, 36990 ); script_name(english:"Mac OS X Multiple Vulnerabilities (Security Update 2009-006)"); script_summary(english:"Check for the presence of Security Update 2009-006"); script_set_attribute( attribute:"synopsis", value: "The remote host is missing a Mac OS X update that fixes various security issues." ); script_set_attribute( attribute:"description", value: "The remote host is running a version of Mac OS X 10.5 that does not have Security Update 2009-006 applied. This security update contains fixes for the following products : - AFP Client - Adaptive Firewall - Apache - Apache Portable Runtime - ATS - Certificate Assistant - CoreGraphics - CUPS - Dictionary - DirectoryService - Disk Images - Event Monitor - fetchmail - FTP Server - Help Viewer - International Components for Unicode - IOKit - IPSec - libsecurity - libxml - OpenLDAP - OpenSSH - PHP - QuickDraw Manager - QuickLook - FreeRADIUS - Screen Sharing - Spotlight - Subversion" ); script_set_attribute( attribute:"see_also", value:"http://support.apple.com/kb/HT3937" ); script_set_attribute( attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html" ); script_set_attribute( attribute:"see_also", value:"http://www.securityfocus.com/advisories/18255" ); script_set_attribute( attribute:"solution", value:"Install Security Update 2009-006 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_cwe_id(16, 20, 79, 119, 189, 200, 255, 264, 310, 399); script_set_attribute(attribute:"vuln_publication_date", value:"2009/11/09"); script_set_attribute(attribute:"patch_publication_date", value:"2009/11/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/11/09"); script_cvs_date("Date: 2018/07/16 12:48:31"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/MacOSX/packages", "Host/uname"); exit(0); } uname = get_kb_item("Host/uname"); if (!uname) exit(1, "The 'Host/uname' KB item is missing."); pat = "^.+Darwin.* ([0-9]+\.[0-9.]+).*$"; if (!ereg(pattern:pat, string:uname)) exit(1, "Can't identify the Darwin kernel version from the uname output ("+uname+")."); darwin = ereg_replace(pattern:pat, replace:"\1", string:uname); if (ereg(pattern:"^(9\.[0-8]\.)", string:darwin)) { packages = get_kb_item("Host/MacOSX/packages/boms"); if (!packages) exit(1, "The 'Host/MacOSX/packages/boms' KB item is missing."); if (egrep(pattern:"^com\.apple\.pkg\.update\.security\.(2009\.00[6-9]|20[1-9][0-9]\.[0-9]+)\.bom", string:packages)) exit(0, "The host has Security Update 2009-006 or later installed and therefore is not affected."); else security_hole(0); } else exit(0, "The host is running Darwin kernel version "+darwin+" and therefore is not affected.");NASL family MacOS X Local Security Checks NASL id MACOSX_10_6_2.NASL description The remote host is running a version of Mac OS X 10.6.x that is prior to 10.6.2. Mac OS X 10.6.2 contains security fixes for the following products : - Adaptive Firewall - Apache - Apache Portable Runtime - Certificate Assistant - CoreMedia - CUPS - Dovecot - fetchmail - file - FTP Server - Help Viewer - ImageIO - IOKit - IPSec - Kernel - Launch Services - libsecurity - libxml - Login Window - OpenLDAP - QuickDraw Manager - QuickTime - Screen Sharing - Subversion last seen 2020-06-01 modified 2020-06-02 plugin id 42434 published 2009-11-09 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42434 title Mac OS X 10.6.x < 10.6.2 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # if (!defined_func("bn_random")) exit(0); if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(42434); script_version("1.33"); script_cvs_date("Date: 2018/07/16 12:48:31"); script_cve_id( "CVE-2009-0023", "CVE-2009-1191", "CVE-2009-1195", "CVE-2009-1574", "CVE-2009-1632", "CVE-2009-1890", "CVE-2009-1891", "CVE-2009-1955", "CVE-2009-1956", "CVE-2009-2202", "CVE-2009-2203", "CVE-2009-2285", "CVE-2009-2408", "CVE-2009-2409", "CVE-2009-2411", "CVE-2009-2412", "CVE-2009-2414", "CVE-2009-2416", "CVE-2009-2666", "CVE-2009-2798", "CVE-2009-2799", "CVE-2009-2808", "CVE-2009-2810", "CVE-2009-2818", "CVE-2009-2820", "CVE-2009-2823", "CVE-2009-2825", "CVE-2009-2830", "CVE-2009-2832", "CVE-2009-2834", "CVE-2009-2835", "CVE-2009-2836", "CVE-2009-2837", "CVE-2009-2839", "CVE-2009-3235" ); script_bugtraq_id( 34663, 35115, 35221, 35251, 35451, 35565, 35623, 35888, 35983, 36328, 36377, 36963, 36964, 36974, 36975, 36977, 36979, 36983, 36984, 36985, 36987, 36990 ); script_name(english:"Mac OS X 10.6.x < 10.6.2 Multiple Vulnerabilities"); script_summary(english:"Check the version of Mac OS X"); script_set_attribute( attribute:"synopsis", value: "The remote host is missing a Mac OS X update that fixes various security issues." ); script_set_attribute( attribute:"description", value: "The remote host is running a version of Mac OS X 10.6.x that is prior to 10.6.2. Mac OS X 10.6.2 contains security fixes for the following products : - Adaptive Firewall - Apache - Apache Portable Runtime - Certificate Assistant - CoreMedia - CUPS - Dovecot - fetchmail - file - FTP Server - Help Viewer - ImageIO - IOKit - IPSec - Kernel - Launch Services - libsecurity - libxml - Login Window - OpenLDAP - QuickDraw Manager - QuickTime - Screen Sharing - Subversion" ); script_set_attribute( attribute:"see_also", value:"http://support.apple.com/kb/HT3937" ); script_set_attribute( attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html" ); script_set_attribute( attribute:"see_also", value:"http://www.securityfocus.com/advisories/18255" ); script_set_attribute( attribute:"solution", value:"Upgrade to Mac OS X 10.6.2 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_cwe_id(16, 20, 79, 119, 189, 264, 310, 362, 399); script_set_attribute( attribute:"vuln_publication_date", value:"2009/11/09" ); script_set_attribute( attribute:"patch_publication_date", value:"2009/11/09" ); script_set_attribute( attribute:"plugin_publication_date", value:"2009/11/09" ); script_set_attribute(attribute:"plugin_type", value:"combined"); script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc."); script_dependencies("ssh_get_info.nasl", "os_fingerprint.nasl"); exit(0); } os = get_kb_item("Host/MacOSX/Version"); if (!os) { os = get_kb_item("Host/OS"); c = get_kb_item("Host/OS/Confidence"); if ( isnull(os) || c <= 70 ) exit(0); } if (!os) exit(1, "The 'Host/OS' KB item is missing."); if (ereg(pattern:"Mac OS X 10\.6($|\.[01]([^0-9]|$))", string:os)) security_hole(0); else exit(0, "The host is not affected as it is running "+os+".");
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 36956 CVE ID: CVE-2009-2808,CVE-2009-2810,CVE-2009-2818,CVE-2009-2819,CVE-2009-2820,CVE-2009-2823,CVE-2009-2824,CVE-2009-2825,CVE-2009-2826,CVE-2009-2827,CVE-2009-2828,CVE-2009-2829,CVE-2009-2830,CVE-2009-2831,CVE-2009-2832,CVE-2009-2833,CVE-2009-2834,CVE-2009-2835,CVE-2009-2837,CVE-2009-2838,CVE-2009-2839,CVE-2009-2840 Mac OS X是苹果家族机器所使用的操作系统。 Apple 2009-006安全更新修复了Mac OS X中的多个安全漏洞,本地或远程攻击者可能利用这些漏洞导致拒绝服务、读取敏感信息或执行任意代码。 CVE-2009-2808 Help Viewer没有使用HTTPS查看Apple Help内容,本地网络中的用户可以发送包含有恶意help:runscript链接的伪造HTTP响应。 CVE-2009-2810 在调用Launch服务打开被隔离的文件夹时会递归的清除文件夹中文件的隔离信息,而被清除的隔离信息用户在打开项之前触发用户警告。这可能允许在没有警告对话框的情况下启动不安全的项,如应用程序。 CVE-2009-2818 自适应防火墙通过创建临时规则限制访问来响应可疑行为,如大量的访问尝试。在某些环境下,自适应防火墙可能无法检测使用无效用户名的SSH登录尝试。 CVE-2009-2819 AFP客户端中存在多个内存破坏漏洞,连接到恶意的AFP服务器可能导致系统意外终止或以系统权限执行任意代码。 CVE-2009-2820 CUPS中的漏洞可能导致跨站脚本和HTTP响应拆分,访问恶意网页或URL可能允许攻击者通过CUPS web接口访问本地用户可用的内容,包括打印系统配置和已打印任务的标题。 CVE-2009-2823 Apache Web服务器允许TRACE HTTP方式,远程攻击者可以利用这个工具通过某些Web客户端软件执行跨站脚本攻击。 CVE-2009-2824 Apple类型服务处理嵌入式字体的方式存在多个缓冲区溢出,查看或下载包含有恶意嵌入式字体的文档可能导致执行任意代码。 CVE-2009-2825 在处理CN字段中包含有空字符的SSL证书时存在错误,用户可能被误导接受外观类似于匹配用户所访问域的特制证书。 CVE-2009-2826 CoreGraphics处理PDF文件存在多个可导致堆溢出的整数溢出,打开恶意PDF文件可能导致应用程序意外终止或执行任意代码。 CVE-2009-2827 处理包含有FAT文件系统的磁盘镜像时存在堆溢出,下载恶意的磁盘镜像可能导致应用程序意外终止或执行任意代码。 CVE-2009-2828 DirectoryService中的内存破坏漏洞可能导致应用程序意外终止或执行任意代码。 CVE-2009-2829 Event Monitor中存在日志注入漏洞,通过特制认证信息连接到SSH服务器就可以导致日志注入。当其他服务处理日志数据时这可能导致拒绝服务。 CVE-2009-2830 文件命令行工具中存在多个缓冲区溢出漏洞,对恶意的CDF文件运行文件命令可能导致应用程序意外终止或执行任意代码。 CVE-2009-2831 Dictionary中的设计错误允许恶意的Javascript向用户文件系统的任意位置写入任意数据,这可能允许本地网络中的其他用户在用户系统上执行任意代码。 CVE-2009-2832 FTP服务器的CWD命令行工具中存在缓冲区溢出,对深层嵌套的目录结构发布CWD命令可能导致应用程序意外终止或执行任意代码。 CVE-2009-2833 UCCompareTextDefault API中的缓冲区溢出可能导致应用程序意外终止或执行任意代码。 CVE-2009-2834 非特权用户可以更改附带的USB或蓝牙Apple键盘的固件。 CVE-2009-2835 内核处理任务状态段存在多个输入验证问题,可能允许本地用户导致信息泄露、系统意外关机或执行任意代码。 CVE-2009-2837 QuickDraw处理PICT图形存在堆溢出,打开恶意的PICT图形可能导致应用程序意外终止或执行任意代码。 CVE-2009-2838 QuickLook处理Microsoft Office文件存在整数溢出,下载恶意的Microsoft Office文件可能导致应用程序意外终止或执行任意代码。 CVE-2009-2839 Screen Sharing客户端存在多个内存破坏漏洞,通过打开vnc:// URL访问恶意的VNC服务器可能导致应用程序意外终止或执行任意代码。 CVE-2009-2840 Spotlight处理临时文件的方式存在不安全的文件操作,可能允许本地用户以其他用户的权限覆盖文件。 Apple Mac OS X < 10.6.2 Apple MacOS X Server < 10.6.2 厂商补丁: Apple ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.apple.com/support/downloads/ |
| id | SSV:12599 |
| last seen | 2017-11-19 |
| modified | 2009-11-10 |
| published | 2009-11-10 |
| reporter | Root |
| title | Apple Mac OS X 2009-006更新修复多个安全漏洞 |