Vulnerabilities > CVE-2009-2842 - Information Disclosure vulnerability in Apple Safari Shortcut Menu Options
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
Apple Safari before 4.0.4 does not properly implement certain (1) Open Image and (2) Open Link menu options, which allows remote attackers to read local HTML files via a crafted web site.
Vulnerable Configurations
Nessus
NASL family Windows NASL id SAFARI_4_0_4.NASL description The version of Safari installed on the remote Windows host is earlier than 4.0.4. Such versions are potentially affected by several issues : - An integer overflow in the handling of images with an embedded color profile could lead to a crash or arbitrary code execution. (CVE-2009-2804) - Multiple use-after-free issues exist in libxml2, the most serious of which could lead to a program crash. (CVE-2009-2414, CVE-2009-2416) - An issue in the handling of navigations initiated via the last seen 2020-06-01 modified 2020-06-02 plugin id 42478 published 2009-11-12 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42478 title Safari < 4.0.4 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(42478); script_version("1.16"); script_cve_id( "CVE-2009-2804", "CVE-2009-2414", "CVE-2009-2416", "CVE-2009-2816", "CVE-2009-2842", "CVE-2009-3384" ); script_bugtraq_id(36357, 36994, 36995, 36997); script_name(english:"Safari < 4.0.4 Multiple Vulnerabilities"); script_summary(english:"Checks Safari's version number"); script_set_attribute( attribute:"synopsis", value: "The remote host contains a web browser that is affected by several vulnerabilities." ); script_set_attribute( attribute:"description", value: "The version of Safari installed on the remote Windows host is earlier than 4.0.4. Such versions are potentially affected by several issues : - An integer overflow in the handling of images with an embedded color profile could lead to a crash or arbitrary code execution. (CVE-2009-2804) - Multiple use-after-free issues exist in libxml2, the most serious of which could lead to a program crash. (CVE-2009-2414, CVE-2009-2416) - An issue in the handling of navigations initiated via the 'Open Image in New Tab', 'Open Image in New Window' or 'Open Link in New Tab' shortcut menu options could be exploited to load a local HTML file, leading to disclosure of sensitive information. (CVE-2009-2842) - An issue involving WebKit's inclusion of custom HTTP headers specified by a requesting page in preflight requests in support of Cross-Origin Resource Sharing can facilitate cross-site request forgery attacks. (CVE-2009-2816) - Multiple issues in WebKit's handling of FTP directory listings may lead to information disclosure, unexpected application termination, or execution of arbitrary code. (CVE-2009-3384)" ); script_set_attribute( attribute:"see_also", value:"http://support.apple.com/kb/HT3949" ); script_set_attribute( attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2009/Nov/msg00001.html" ); script_set_attribute( attribute:"see_also", value:"http://www.securityfocus.com/advisories/18277" ); script_set_attribute( attribute:"solution", value:"Upgrade to Safari 4.0.4 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(119, 189, 352, 399); script_set_attribute( attribute:"vuln_publication_date", value:"2009/11/11" ); script_set_attribute( attribute:"patch_publication_date", value:"2009/11/11" ); script_set_attribute( attribute:"plugin_publication_date", value:"2009/11/12" ); script_cvs_date("Date: 2018/07/27 18:38:15"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:safari"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc."); script_dependencies("safari_installed.nasl"); script_require_keys("SMB/Safari/FileVersion"); exit(0); } include("global_settings.inc"); path = get_kb_item("SMB/Safari/Path"); version = get_kb_item("SMB/Safari/FileVersion"); if (isnull(version)) exit(0); ver = split(version, sep:'.', keep:FALSE); for (i=0; i<max_index(ver); i++) ver[i] = int(ver[i]); if ( ver[0] < 5 || ( ver[0] == 5 && ( ver[1] < 31 || ( ver[1] == 31 && ( ver[2] < 21 || (ver[2] == 21 && ver[3] < 10) ) ) ) ) ) { if (report_verbosity > 0) { if (isnull(path)) path = "n/a"; prod_version = get_kb_item("SMB/Safari/ProductVersion"); if (!isnull(prod_version)) version = prod_version; report = string( "\n", "Nessus collected the following information about the current install\n", "of Safari on the remote host :\n", "\n", " Version : ", version, "\n", " Path : ", path, "\n" ); security_hole(port:get_kb_item("SMB/transport"), extra:report); } else security_hole(get_kb_item("SMB/transport")); }
NASL family MacOS X Local Security Checks NASL id MACOSX_SAFARI4_0_4.NASL description The version of Apple Safari installed on the remote Mac OS X host is earlier than 4.0.4. As such, it is potentially affected by several issues : - Multiple use-after-free issues exist in libxml2, the most serious of which could lead to a program crash. (CVE-2009-2414, CVE-2009-2416) - An issue in the handling of navigations initiated via the last seen 2020-06-01 modified 2020-06-02 plugin id 42477 published 2009-11-12 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42477 title Mac OS X : Apple Safari < 4.0.4 code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(42477); script_version("1.21"); script_cvs_date("Date: 2018/07/14 1:59:35"); script_cve_id( "CVE-2009-2414", "CVE-2009-2416", "CVE-2009-2816", "CVE-2009-2841", "CVE-2009-2842" ); script_bugtraq_id(36994, 36996, 36997); script_name(english:"Mac OS X : Apple Safari < 4.0.4"); script_summary(english:"Check the Safari SourceVersion"); script_set_attribute( attribute:"synopsis", value: "The remote host contains a web browser that is affected by several vulnerabilities." ); script_set_attribute( attribute:"description", value: "The version of Apple Safari installed on the remote Mac OS X host is earlier than 4.0.4. As such, it is potentially affected by several issues : - Multiple use-after-free issues exist in libxml2, the most serious of which could lead to a program crash. (CVE-2009-2414, CVE-2009-2416) - An issue in the handling of navigations initiated via the 'Open Image in New Tab', 'Open Image in New Window' or 'Open Link in New Tab' shortcut menu options could be exploited to load a local HTML file, leading to disclosure of sensitive information. (CVE-2009-2842) - An issue involving WebKit's inclusion of custom HTTP headers specified by a requesting page in preflight requests in support of Cross-Origin Resource Sharing can facilitate cross-site request forgery attacks. (CVE-2009-2816) - WebKit fails to issue a resource load callback to determine if a resource should be loaded when it encounters an HTML 5 Media Element pointing to an external resource, which could lead to undesired requests to remote servers. (CVE-2009-2841)" ); script_set_attribute( attribute:"see_also", value:"http://support.apple.com/kb/HT3949" ); script_set_attribute( attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2009/Nov/msg00001.html" ); script_set_attribute( attribute:"see_also", value:"http://www.securityfocus.com/advisories/18277" ); script_set_attribute(attribute:"solution", value:"Upgrade to Apple Safari 4.0.4 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(119, 352, 399); script_set_attribute(attribute:"vuln_publication_date", value:"2009/11/11"); script_set_attribute(attribute:"patch_publication_date", value:"2009/11/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/11/12"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:safari"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc."); script_dependencies("macosx_Safari31.nasl"); script_require_keys("Host/local_checks_enabled", "Host/uname", "Host/MacOSX/Version", "MacOSX/Safari/Installed"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled."); os = get_kb_item("Host/MacOSX/Version"); if (!os) audit(AUDIT_OS_NOT, "Mac OS X"); uname = get_kb_item_or_exit("Host/uname"); if (!egrep(pattern:"Darwin.* (8\.|9\.[0-8]\.|10\.)", string:uname)) audit(AUDIT_OS_NOT, "Mac OS X 10.4 / 10.5 / 10.6"); get_kb_item_or_exit("MacOSX/Safari/Installed"); path = get_kb_item_or_exit("MacOSX/Safari/Path", exit_code:1); version = get_kb_item_or_exit("MacOSX/Safari/Version", exit_code:1); fixed_version = "4.0.4"; if (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1) { set_kb_item(name:'www/0/XSRF', value:TRUE); if (report_verbosity > 0) { report = '\n Installed version : ' + version + '\n Fixed version : ' + fixed_version + '\n'; security_hole(port:0, extra:report); } else security_hole(0); } else audit(AUDIT_INST_VER_NOT_VULN, "Safari", version);
Oval
accepted | 2013-11-11T04:02:06.175-05:00 | ||||||||||||
class | vulnerability | ||||||||||||
contributors |
| ||||||||||||
definition_extensions |
| ||||||||||||
description | Apple Safari before 4.0.4 does not properly implement certain (1) Open Image and (2) Open Link menu options, which allows remote attackers to read local HTML files via a crafted web site. | ||||||||||||
family | windows | ||||||||||||
id | oval:org.mitre.oval:def:5915 | ||||||||||||
status | accepted | ||||||||||||
submitted | 2009-11-17T18:28:46 | ||||||||||||
title | Apple Safari Local HTML Files Information Disclosure Vulnerability. | ||||||||||||
version | 8 |
Seebug
bulletinFamily | exploit |
description | BUGTRAQ ID: 36357,36010,36994,36995,36997,36996 CVE ID: CVE-2009-2804,CVE-2009-2414,CVE-2009-2416,CVE-2009-2842,CVE-2009-2816,CVE-2009-3384,CVE-2009-2841 Safari是苹果家族机器操作系统中默认捆绑的WEB浏览器。 远程攻击者可以利用Safari浏览器中的多个错误导致拒绝服务、读取敏感信息或执行任意代码。 CVE-2009-2804 处理包含有嵌入式颜色配置文件的图形时存在可导致堆溢出的整数溢出,用户受骗打开恶意图形就可能导致浏览器崩溃或执行任意代码。 CVE-2009-2414,CVE-2009-2416 libxml2库中的多个释放后使用漏洞可能导致浏览器意外终止。 CVE-2009-2842 Safari处理通过“在新标签页中打开图形”、“在新窗口中打开图形”或“在新标签页中打开链接”快捷菜单选项所初始化的导航时存在漏洞,对恶意网站使用这些选项可能加载本地HTM文件,导致泄漏敏感信息。 CVE-2009-2816 WebKit实现跨源资源共享的方式存在漏洞。在允许一个源的页面访问另一个源中资源之前,WebKit向后者服务器发送了preflight请求。由于WebKit包含有preflight所请求页面指定的自定义HTTP头,这有利于跨站请求伪造攻击。 CVE-2009-3384 WebKit处理FTP列出目录方式存在多个漏洞,访问恶意的FTP服务器可能导致信息泄露、浏览器意外终止或执行任意代码。 CVE-2009-2841 WebKit遇到指向外部资源的HTML 5媒体元素时没有发布资源加载回调来判断是否应加装资源,这可能导致对远程服务器的非预期请求。例如,HTML格式邮件的发件人可以判断消息是否已读。 Apple Safari 4.x 厂商补丁: Apple ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.apple.com/safari/download/ |
id | SSV:12627 |
last seen | 2017-11-19 |
modified | 2009-11-13 |
published | 2009-11-13 |
reporter | Root |
title | Safari 4.0.4版本修复多个安全漏洞 |
References
- http://lists.apple.com/archives/security-announce/2009/Nov/msg00001.html
- http://osvdb.org/59942
- http://secunia.com/advisories/37346
- http://support.apple.com/kb/HT3949
- http://www.securityfocus.com/bid/36994
- http://www.securitytracker.com/id?1023164
- http://www.vupen.com/english/advisories/2009/3217
- https://exchange.xforce.ibmcloud.com/vulnerabilities/54238
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5915