Vulnerabilities > CVE-2011-0207 - Cryptographic Issues vulnerability in Apple mac OS X and mac OS X Server

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN

Summary

The MobileMe component in Apple Mac OS X before 10.6.8 uses a cleartext HTTP session for the Mail application to read e-mail aliases, which allows remote attackers to obtain potentially sensitive alias information by sniffing the network.

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

Nessus

NASL familyMacOS X Local Security Checks
NASL idMACOSX_10_6_8.NASL
descriptionThe remote host is running a version of Mac OS X 10.6.x that is prior to 10.6.8. This update contains security-related fixes for the following components : - App Store - ATS - Certificate Trust Policy - CoreFoundation - CoreGraphics - FTP Server - ImageIO - International Components for Unicode - Kernel - Libsystem - libxslt - MobileMe - MySQL - OpenSSL - patch - QuickLook - QuickTime - Samba - servermgrd - subversion
last seen2020-06-01
modified2020-06-02
plugin id55416
published2011-06-24
reporterThis script is Copyright (C) 2011-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/55416
titleMac OS X 10.6.x < 10.6.8 Multiple Vulnerabilities
code
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(55416);
  script_version("1.20");
  script_cvs_date("Date: 2018/08/22 16:49:14");

  script_cve_id(
    "CVE-2009-3245",
    "CVE-2010-0740",
    "CVE-2010-2632",
    "CVE-2010-3677",
    "CVE-2010-3682",
    "CVE-2010-3790",
    "CVE-2010-3833",
    "CVE-2010-3834",
    "CVE-2010-3835",
    "CVE-2010-3836",
    "CVE-2010-3837",
    "CVE-2010-3838",
    "CVE-2010-3864",
    "CVE-2010-4180",
    "CVE-2010-4651",
    "CVE-2011-0014",
    "CVE-2011-0195",
    "CVE-2011-0197",
    "CVE-2011-0198",
    "CVE-2011-0199",
    "CVE-2011-0201",
    "CVE-2011-0202",
    "CVE-2011-0203",
    "CVE-2011-0204",
    "CVE-2011-0205",
    "CVE-2011-0206",
    "CVE-2011-0207",
    "CVE-2011-0208",
    "CVE-2011-0209",
    "CVE-2011-0210",
    "CVE-2011-0211",
    "CVE-2011-0212",
    "CVE-2011-0213",
    "CVE-2011-0715",
    "CVE-2011-0719",
    "CVE-2011-1132"
  );
  script_bugtraq_id(
    38562,
    39013,
    42599,
    42646,
    43676,
    43819,
    44794,
    44884,
    45164,
    46264,
    46597,
    46734,
    46768,
    47668,
    48418,
    48419,
    48420,
    48422,
    48426,
    48427,
    48429,
    48430,
    48436,
    48437,
    48439,
    48440,
    48442,
    48443,
    48444,
    48445,
    48447
  );

  script_name(english:"Mac OS X 10.6.x < 10.6.8 Multiple Vulnerabilities");
  script_summary(english:"Check the version of Mac OS X");

  script_set_attribute(
    attribute:"synopsis",
    value:
"The remote host is missing a Mac OS X update that fixes several
security issues."
  );
  script_set_attribute(
    attribute:"description",
    value:
"The remote host is running a version of Mac OS X 10.6.x that is prior
to 10.6.8. This update contains security-related fixes for the
following components :

  - App Store
  - ATS
  - Certificate Trust Policy
  - CoreFoundation
  - CoreGraphics
  - FTP Server
  - ImageIO
  - International Components for Unicode
  - Kernel
  - Libsystem
  - libxslt
  - MobileMe
  - MySQL
  - OpenSSL
  - patch
  - QuickLook
  - QuickTime
  - Samba
  - servermgrd
  - subversion"
  );
  script_set_attribute(attribute:"see_also", value:"http://support.apple.com/kb/HT4723");
  script_set_attribute(attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2011/Jun/msg00000.html");
  script_set_attribute(attribute:"solution", value:"Upgrade to Mac OS X 10.6.8 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_cwe_id(20);
;                 # CVE-2009-3245

  script_set_attribute(attribute:"vuln_publication_date", value:"2010/02/23");
  script_set_attribute(attribute:"patch_publication_date", value:"2011/06/23");
  script_set_attribute(attribute:"plugin_publication_date", value:"2011/06/24");

  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"MacOS X Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2011-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl", "os_fingerprint.nasl");

 exit(0);
}


os = get_kb_item("Host/MacOSX/Version");
if (!os)
{
  os = get_kb_item("Host/OS");
  if (isnull(os)) exit(0, "The 'Host/OS' KB item is missing.");
  if ("Mac OS X" >!< os) exit(0, "The host does not appear to be running Mac OS X.");

  c = get_kb_item("Host/OS/Confidence");
  if (c <= 70) exit(1, "Can't determine the host's OS with sufficient confidence.");
}
if (!os) exit(0, "The host does not appear to be running Mac OS X.");


if (ereg(pattern:"Mac OS X 10\.6($|\.[0-7]([^0-9]|$))", string:os)) security_hole(0);
else exit(0, "The host is not affected as it is running "+os+".");

Seebug

bulletinFamilyexploit
descriptionBugtraq ID: 48412 CVE ID:CVE-2011-0196 CVE-2011-0197 CVE-2011-0198 CVE-2011-0199 CVE-2011-0200 CVE-2011-0201 CVE-2011-0202 CVE-2011-0203 CVE-2011-0204 CVE-2011-0205 CVE-2011-0206 CVE-2011-0207 CVE-2011-0208 CVE-2011-0209 CVE-2011-0210 CVE-2011-0211 CVE-2011-0212 CVE-2011-0213 CVE-2011-1132 Apple Mac OS X是一款商业性质的操作系统。 Apple Mac OS X 2011-004安全公告修复了多个安全漏洞,这些漏洞影响AirPort, App Store, ATS, Certificate Trust Policy, ColorSync, CoreFoundation, CoreGraphics, FTP Server, ImageIO, International Components for Unicode, MobileMe, QuickLook, QuickTime和servermgrd。 CVE-2011-0196: CNCVE ID:CNCVE-20110196 CNCVE-20110196 处理Wi-Fi帧存在越界读问题,当连接到Wi-Fi时,在同一网络的攻击者可使系统重置。 CVE-2011-0197: CNCVE ID:CNCVE-20110196 CNCVE-20110196 CNCVE-20110197 在某些条件下,App Store会记录用户AppleID密码到其他用户不可读的文件中。 CVE-2011-0198: CNCVE ID:CNCVE-20110196 CNCVE-20110196 CNCVE-20110197 CNCVE-20110198 处理TrueType字体存在堆缓冲区溢出,查看或下载包含恶意字体的文档可执行任意代码。 CVE-2011-0199: CNCVE ID:CNCVE-20110196 CNCVE-20110196 CNCVE-20110197 CNCVE-20110198 CNCVE-20110199 证书信任策略存在一个错误处理问题。如果扩展验证(EV)证书没有OCSP URL,并且启用了CRL,那么CRL不会被检查并会接收作废的证书作为合法证书。 CVE-2011-0200: CNCVE ID:CNCVE-20110196 CNCVE-20110196 CNCVE-20110197 CNCVE-20110198 CNCVE-20110199 CNCVE-20110200 处理嵌入ColorSync配置文件的图像时存在整数溢出,可导致堆缓冲区溢出。 CVE-2011-0201: CNCVE ID:CNCVE-20110196 CNCVE-20110196 CNCVE-20110197 CNCVE-20110198 CNCVE-20110199 CNCVE-20110200 CNCVE-20110201 处理CFStrings存在单字节缓冲区溢出,可导致应用程序崩溃或任意代码执行。 CVE-2011-0202: CNCVE ID:CNCVE-20110196 CNCVE-20110196 CNCVE-20110197 CNCVE-20110198 CNCVE-20110199 CNCVE-20110200 CNCVE-20110201 CNCVE-20110202 处理Type 1字体存在整数溢出,查看和下载嵌入特制字体的文档可导致任意代码执行。 CVE-2011-0203: CNCVE ID:CNCVE-20110196 CNCVE-20110196 CNCVE-20110197 CNCVE-20110198 CNCVE-20110199 CNCVE-20110200 CNCVE-20110201 CNCVE-20110202 CNCVE-20110203 xftpd存在路径校验错误,具有FTP访问的用户可列出系统文件。 CVE-2011-0204: CNCVE ID:CNCVE-20110196 CNCVE-20110196 CNCVE-20110197 CNCVE-20110198 CNCVE-20110199 CNCVE-20110200 CNCVE-20110201 CNCVE-20110202 CNCVE-20110203 CNCVE-20110204 ImageIO处理TIFF图像存在堆缓冲区溢出,查看特制的TIFF图像可导致应用程序崩溃或执行任意代码。 CVE-2011-0205: CNCVE ID:CNCVE-20110196 CNCVE-20110196 CNCVE-20110197 CNCVE-20110198 CNCVE-20110199 CNCVE-20110200 CNCVE-20110201 CNCVE-20110202 CNCVE-20110203 CNCVE-20110204 CNCVE-20110205 ImageIO处理JPEG2000图像存在堆缓冲区溢出,查看特制的TIFF图像可导致应用程序崩溃或执行任意代码。 CVE-2011-0206: CNCVE ID:CNCVE-20110196 CNCVE-20110196 CNCVE-20110197 CNCVE-20110198 CNCVE-20110199 CNCVE-20110200 CNCVE-20110201 CNCVE-20110202 CNCVE-20110203 CNCVE-20110204 CNCVE-20110205 CNCVE-20110206 ICU处理大写字符串存在缓冲区溢出,可使使用ICU的应用程序崩溃。 CVE-2011-0207: CNCVE ID:CNCVE-20110196 CNCVE-20110196 CNCVE-20110197 CNCVE-20110198 CNCVE-20110199 CNCVE-20110200 CNCVE-20110201 CNCVE-20110202 CNCVE-20110203 CNCVE-20110204 CNCVE-20110205 CNCVE-20110206 CNCVE-20110207 通过MobileMe连接判断用户Email别名时,邮件会通过HTTP提交请求,结果可导致一个具体有特权网络位置的攻击者读取用户MobileMe email别名。 CVE-2011-0208: CNCVE ID:CNCVE-20110196 CNCVE-20110196 CNCVE-20110197 CNCVE-20110198 CNCVE-20110199 CNCVE-20110200 CNCVE-20110201 CNCVE-20110202 CNCVE-20110203 CNCVE-20110204 CNCVE-20110205 CNCVE-20110206 CNCVE-20110207 CNCVE-20110208 QuickLook处理Microsoft office文件存在内存破坏,下载特制的Microsoft Office文件可使应用程序崩溃或执行任意代码。 CVE-2011-0209: CNCVE ID:CNCVE-20110196 CNCVE-20110196 CNCVE-20110197 CNCVE-20110198 CNCVE-20110199 CNCVE-20110200 CNCVE-20110201 CNCVE-20110202 CNCVE-20110203 CNCVE-20110204 CNCVE-20110205 CNCVE-20110206 CNCVE-20110207 CNCVE-20110208 CNCVE-20110209 QuickTime处理RIFF WAV文件存在整数溢出,查看特制WAV文件可使应用程序崩溃或执行任意代码。 CVE-2011-0210: CNCVE ID:CNCVE-20110196 CNCVE-20110196 CNCVE-20110197 CNCVE-20110198 CNCVE-20110199 CNCVE-20110200 CNCVE-20110201 CNCVE-20110202 CNCVE-20110203 CNCVE-20110204 CNCVE-20110205 CNCVE-20110206 CNCVE-20110207 CNCVE-20110208 CNCVE-20110209 CNCVE-20110210 QuickTime处理QuickTime电影文件中的示例表时存在内存破坏,查看特制电影文件可使应用程序崩溃或执行任意代码。 CVE-2011-0211: CNCVE ID:CNCVE-20110196 CNCVE-20110196 CNCVE-20110197 CNCVE-20110198 CNCVE-20110199 CNCVE-20110200 CNCVE-20110201 CNCVE-20110202 CNCVE-20110203 CNCVE-20110204 CNCVE-20110205 CNCVE-20110206 CNCVE-20110207 CNCVE-20110208 CNCVE-20110209 CNCVE-20110210 CNCVE-20110211 QuickTime处理QuickTime电影文件存在整数溢出,查看特制电影文件可使应用程序崩溃或执行任意代码。 CVE-2011-0212: CNCVE ID:CNCVE-20110196 CNCVE-20110196 CNCVE-20110197 CNCVE-20110198 CNCVE-20110199 CNCVE-20110200 CNCVE-20110201 CNCVE-20110202 CNCVE-20110203 CNCVE-20110204 CNCVE-20110205 CNCVE-20110206 CNCVE-20110207 CNCVE-20110208 CNCVE-20110209 CNCVE-20110210 CNCVE-20110211 CNCVE-20110212 QuickTime处理PICT图像存在缓冲区溢出,查看特制PICT图像文件可使应用程序崩溃或执行任意代码。 CVE-2011-0213: CNCVE ID:CNCVE-20110196 CNCVE-20110196 CNCVE-20110197 CNCVE-20110198 CNCVE-20110199 CNCVE-20110200 CNCVE-20110201 CNCVE-20110202 CNCVE-20110203 CNCVE-20110204 CNCVE-20110205 CNCVE-20110206 CNCVE-20110207 CNCVE-20110208 CNCVE-20110209 CNCVE-20110210 CNCVE-20110211 CNCVE-20110212 CNCVE-20110213 QuickTime处理JPEG图像存在缓冲区溢出,查看特制JPEG图像文件可使应用程序崩溃或执行任意代码。 CVE-2011-1132: CNCVE ID:CNCVE-20110196 CNCVE-20110196 CNCVE-20110197 CNCVE-20110198 CNCVE-20110199 CNCVE-20110200 CNCVE-20110201 CNCVE-20110202 CNCVE-20110203 CNCVE-20110204 CNCVE-20110205 CNCVE-20110206 CNCVE-20110207 CNCVE-20110208 CNCVE-20110209 CNCVE-20110210 CNCVE-20110211 CNCVE-20110212 CNCVE-20110213 CNCVE-20111132 处理IPV6套接字选项存在空指针引用错误,本地用户可使系统重置。 Apple Mac OS X Server 10.6.6 Apple Mac OS X Server 10.6.5 Apple Mac OS X Server 10.6.5 Apple Mac OS X Server 10.6.4 Apple Mac OS X Server 10.6.3 Apple Mac OS X Server 10.6.2 Apple Mac OS X Server 10.6.1 Apple Mac OS X Server 10.5.8 Apple Mac OS X Server 10.5.7 Apple Mac OS X Server 10.5.6 Apple Mac OS X Server 10.5.5 Apple Mac OS X Server 10.5.4 Apple Mac OS X Server 10.5.3 Apple Mac OS X Server 10.5.2 Apple Mac OS X Server 10.5.1 Apple Mac OS X Server 10.5 Apple Mac Os X Server 10.6.7 Apple Mac OS X Server 10.6 Apple Mac OS X Server 10.5 Apple Mac OS X 10.6.5 Apple Mac OS X 10.6.4 Apple Mac OS X 10.6.3 Apple Mac OS X 10.6.2 Apple Mac OS X 10.6.1 Apple Mac OS X 10.5.8 Apple Mac OS X 10.5.7 Apple Mac OS X 10.5.6 Apple Mac OS X 10.5.5 Apple Mac OS X 10.5.4 Apple Mac OS X 10.5.3 Apple Mac OS X 10.5.2 Apple Mac OS X 10.5.1 Apple Mac OS X 10.5 Apple Mac OS X 10.6 Apple Mac OS X 10.5 厂商解决方案 用户可参考如下供应商提供的安全公告获得补丁信息: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=0b760113a3a155269a3fba93a409c640031dd68f
idSSV:20665
last seen2017-11-19
modified2011-06-27
published2011-06-27
reporterRoot
titleApple Mac OS X 10.6.8之前版本存在多个安全漏洞