Details of VAR-200508-0312

ID

VAR-200508-0312

CVE

CVE-2005-2518

TITLE

Apple Mac OS X Server servermgrd authentication vulnerable to buffer overflow

Trust: 0.8

sources: CERT/CC: VU#461412

DESCRIPTION

Buffer overflow in servermgrd in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to execute arbitrary code during authentication. This vulnerability may lead to remote execution of arbitrary code. Apple Safari fails to perform security checks on hyperlinks in rich text content, which may allow an attacker to execute arbitrary commands on a vulnerable system. Apple From Security Update 2005-007 Has been released. Mac OS X, Mac OS X Server, Safari web browser Vulnerability has been confirmed in such as.The potential impact depends on each vulnerability. For more information Apple See the information provided by. Apache is prone to five vulnerabilities ranging from buffer overflows to access validation vulnerabilities. The CVE Mitre candidate IDs CAN-2005-1344, CAN-2004-0942, CAN-2004-0885, CAN-2004-1083, and CAN-2004-1084 are assigned to these issues. Appkit is prone to three vulnerabilities. The CVE Mitre candidate IDs CAN-2005-2501, CAN-2005-2502, and CAN-2005-2503 are assigned to these issues. Bluetooth is prone to a vulnerability regarding authentication bypass. The CVE Mitre candidate ID CAN-2005-2504 is assigned to this issue. CoreFoundation is prone to two vulnerabilities, one resulting in a buffer overflow, the other a denial-of-service vulnerability. The CVE Mitre candidate IDs CAN-2005-2505 and CAN-2005-2506 are assigned to these issues. CUPS is prone to two vulnerabilities resulting in a denial of service until the service can be restarted. The CVE Mitre candidate IDs CAN-2005-2525 and CAN-2005-2526 are assigned to these issues. Directory Services is prone to three vulnerabilities. These issues vary from buffer overflow, unauthorized account creation and deletion, and privilege escalation. The CVE Mitre candidate IDs CAN-2005-2507, CAN-2005-2508 and CAN-2005-2519 are assigned to these issues. HItoolbox is prone to a vulnerability that could result in information disclosure. The CVE Mitre candidate ID CAN-2005-2513 is assigned to this issue. The CVE Mitre candidate IDs CAN-2004-1189, CAN-2005-1174, CAN-2005-1175, CAN-2005-1689, and CAN-2005-2511 are assigned to these issues. loginwindow is prone to a vulnerability that could permit a user to gain access to other logged-in accounts. The CVE Mitre candidate ID CAN-2005-2509 is assigned to this issue. Mail is prone to a vulnerability regarding the loss of privacy when remote images are loaded into HTML email. The CVE Mitre candidate ID CAN-2005-2512 is assigned to this issue. The CVE Mitre candidate IDs CAN-2005-0709, CAN-2005-0710, and CAN-2005-0711 are assigned to these issues. OpenSSL is prone to two vulnerabilities resulting in denial of service. The CVE Mitre candidate IDs CAN-2004-0079 and CAN-2004-0112 are assigned to these issues. The CVE Mitre candidate ID CAN-2005-2514 is assigned to this issue. QuartzComposerScreenSaver is prone to a vulnerability that could allow users to open pages while the RSS Visualizer screen is locked. The CVE Mitre candidate ID CAN-2005-2515 is assigned to this issue. Safari is prone to two vulnerabilities that could result in arbitrary command execution or have information submitted to an incorrect site. The CVE Mitre candidate IDs CAN-2005-2516 and CAN-2005-2517 are assigned to these issues. SecurityInterface is prone to a vulnerability that could expose recently used passwords. The CVE Mitre candidate ID CAN-2005-2520 is assigned to this issue. The CVE Mitre candidate ID CAN-2005-2518 is assigned to this issue. servermgr_ipfilter is prone to a vulnerability regarding firewall settings not always being written to the Active Rules. The CVE Mitre candidate ID CAN-2005-2510 is assigned to this issue. SquirrelMail is prone to two vulnerabilities including a cross-site scripting issue. The CVE Mitre candidate IDs CAN-2005-1769 and CAN-2005-2095 are assigned to these issues. The CVE Mitre candidate ID CAN-2005-2521 is assigned to this issue. The CVE Mitre candidate ID CAN-2005-2522 is assigned to this issue. Weblog Server is prone to multiple cross-site scripting vulnerabilities. The CVE Mitre candidate ID CAN-2005-2523 is assigned to this issue. The CVE Mitre candidate ID CAN-2005-0605 is assigned to this issue. The CVE Mitre candidate IDs CAN-2005-2096 and CAN-2005-1849 are assigned to these issues. These vulnerabilities will be separated into individual BIDs upon further analysis of the issues. ---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secunia_vacancies/ ---------------------------------------------------------------------- TITLE: Mac OS X Security Update Fixes Multiple Vulnerabilities SECUNIA ADVISORY ID: SA16449 VERIFY ADVISORY: http://secunia.com/advisories/16449/ CRITICAL: Highly critical IMPACT: Security Bypass, Cross Site Scripting, Manipulation of data, Exposure of sensitive information, Privilege escalation, DoS, System access WHERE: >From remote OPERATING SYSTEM: Apple Macintosh OS X http://secunia.com/product/96/ DESCRIPTION: Apple has issued a security update for Mac OS X, which fixes more than 40 vulnerabilities. 1) A boundary error in htdigest can be exploited to cause a buffer overflow by passing an overly long realm argument. NOTE: htdigest is by default only locally accessible and not setuid / setgid. For more information: SA12787 SA13045 3) A security issue in Apache 2 results in access to ".DS_Store" files and files starting with ".ht" not being fully blocked. The problem is that the Apache configuration blocks access in a case sensitive way, but the Apple HFS+ filesystem performs file access in a case insensitive way. 4) A security issue in Apache 2 makes it possible to bypass the normal Apache file handlers and retrieve file data and resource fork content via HTTP. The problem is that the Apple HFS+ filesystem permits files to have multiple data streams. NOTE: This issue may also affect other products installed on the HFS+ filesystem. 6) A boundary error in the AppKit component can be exploited to cause a buffer overflow and execute arbitrary code on a user's system when a specially crafted Microsoft Word .doc file is opened in e.g. TextEdit. 7) An error in the AppKit component allows malicious, local users with physical access to create additional local accounts. 8) A bug in the System Profiler causes it to display misleading information about whether or not a Bluetooth device requires authentication. 10) An error in the CoreFoundation framework when parsing Gregorian date information can cause applications to stall. 11) Errors in the CUPS printing service can cause it to stop printing when handling multiple, simultaneous print jobs. 13) Various errors in the privileged tool dsidentity can be exploited by unprivileged users to add or remove identity user accounts in Directory Services. 14) The slpd program in Directory Services creates temporary files insecurely. This can be exploited via symlink attacks to overwrite arbitrary files with root privileges. 15) An error in Hltoolbox may allow VoiceOver services to read contents from secure input fields. 16) An error in Kerberos can potentially be exploited by malicious users to compromise a vulnerable system. For more information: SA13592 17) Multiple boundary errors in Kerberos can be exploited by malicious people to cause a DoS or potentially compromise a vulnerable system. For more information: SA16041 18) An error in Kerberos when Kerberos authentication is enabled in addition to LDAP can be exploited to gain access to the root Terminal window. 21) Various errors in MySQL can potentially be exploited by malicious users to compromise a vulnerable system and by malicious, local users to perform certain actions on a vulnerable system with escalated privileges. For more information: SA14547 22) Three vulnerabilities in OpenSSL can be exploited by malicious people to cause a DoS (Denial-of-Service). For more information: SA11139 23) An unspecified boundary error in the ping utility can be exploited to cause a buffer overflow and potentially gain escalated privileges. 26) A security issue in Safari when submitting forms on a XSL formatted page may cause the information to be submitted to the next visited web page. 27) A security issue in the SecurityInterface component may cause recently used passwords to be visible in the password assistant. 34) A vulnerability in X11 can potentially be exploited by malicious people to compromise a vulnerable system. 8) John M. Glenn 9) David Remahl 10) David Remahl 13) KF and Neil Archibald. 18) Jim Foraker 20) Brad Miller and John Pell 23) Neil Archibald, Suresec LTD. 24) Jay Craft, GrooVault Entertainment. 26) Bill Kuker 27) Andrew Langmead 29) Matt Richard and Chris Pepper 31) Neil Archibald, Suresec LTD. 33) Donnie Werner and Atsushi MATSUO. ORIGINAL ADVISORY: Apple: http://docs.info.apple.com/article.html?artnum=302163 OTHER REFERENCES: SA11139: http://secunia.com/advisories/11139/ SA12787: http://secunia.com/advisories/12787/ SA13045: http://secunia.com/advisories/13045/ SA13592: http://secunia.com/advisories/13592/ SA14460: http://secunia.com/advisories/14460/ SA14547: http://secunia.com/advisories/14547/ SA15721: http://secunia.com/advisories/15721/ SA15949: http://secunia.com/advisories/15949/ SA16041: http://secunia.com/advisories/16041/ SA16058: http://secunia.com/advisories/16058/ SA16137: http://secunia.com/advisories/16137/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . I. II. Impact The impacts of these vulnerabilities vary. III. Appendix A. References * US-CERT Vulnerability Note VU#913820 - <http://www.kb.cert.org/vuls/id/913820> * US-CERT Vulnerability Note VU#461412 - <http://www.kb.cert.org/vuls/id/461412> * US-CERT Vulnerability Note VU#435188 - <http://www.kb.cert.org/vuls/id/435188> * US-CERT Vulnerability Note VU#172948 - <http://www.kb.cert.org/vuls/id/172948> * US-CERT Vulnerability Note VU#420316 - <http://www.kb.cert.org/vuls/id/420316> * US-CERT Vulnerability Note VU#709220 - <http://www.kb.cert.org/vuls/id/709220> * Apple Security Update 2005-007 - <http://docs.info.apple.com/article.html?artnum=302163> * Mac OS X: Updating your software - <http://docs.info.apple.com/article.html?artnum=106704> ____________________________________________________________________ The most recent version of this document can be found at: <http://www.us-cert.gov/cas/techalerts/TA05-229A.html> ____________________________________________________________________ Feedback can be directed to US-CERT. Please send email to <cert@cert.org> with "TA05-229A Feedback VU#913820" in the subject. ____________________________________________________________________ Mailing list information: <http://www.us-cert.gov/cas/> ____________________________________________________________________ Produced 2005 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History August 17, 2005: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBQwOKkRhoSezw4YfQAQLxywgAkWTcoA3KoWAiY5YYPGejCVbWw/yFzAqy 4Fb0z9WXfwhwB3/L/IxLvJGhPdVF/b6buP/KZgIxalwsRu6GPjJp5Aj+Cbtf/8KI 2ca0bRxS3vZJS52ZOEVpS2Z2M8JdcBA2CgfvIw6GEklXD9MTjXXwYUhB6tYK4Ar0 +UAk6xxaaMRvKztOYbRZhy5/5Kz2Xd9a5UwO/hbojQmilv4elW3iZhGWP+nLEpSI D680yttkY++UzmYGYHO0Wm+SAK4fzXKxs/4PMfWvNgP8lKJsHXjjr7KLFtmgCiWU oxhOB8RdqVNTKE2kYEq1kiopusBtwK/x35VNr3uCjg23CxYuv8HAjw== =yJpi -----END PGP SIGNATURE-----

Trust: 6.48

sources: NVD: CVE-2005-2518 // CERT/CC: VU#461412 // CERT/CC: VU#709220 // CERT/CC: VU#435188 // CERT/CC: VU#172948 // CERT/CC: VU#420316 // CERT/CC: VU#913820 // JVNDB: JVNDB-2005-000828 // BID: 14567 // VULHUB: VHN-13727 // PACKETSTORM: 39394 // PACKETSTORM: 39463

AFFECTED PRODUCTS

vendor:	apple computer	model:	-	scope:	-	version:	-	Trust: 4.8
vendor:	apple	model:	mac os x	scope:	eq	version:	10.4.2	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.3.9	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	version 10.3.9 (panther) and version 10.4.2 (tiger)	Trust: 0.8
vendor:	apple	model:	mac os x server	scope:	eq	version:	version 10.3.9 and version 10.4.2	Trust: 0.8
vendor:	apple	model:	safari	scope:	-	version:	-	Trust: 0.8
vendor:	redhat	model:	linux i386	scope:	eq	version:	9.0	Trust: 0.3
vendor:	redhat	model:	fedora core2	scope:	-	version:	-	Trust: 0.3
vendor:	redhat	model:	fedora core1	scope:	-	version:	-	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.4.2	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.4.1	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.4	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.9	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.9	Trust: 0.3

sources: CERT/CC: VU#461412 // CERT/CC: VU#709220 // CERT/CC: VU#435188 // CERT/CC: VU#172948 // CERT/CC: VU#420316 // CERT/CC: VU#913820 // BID: 14567 // JVNDB: JVNDB-2005-000828 // CNNVD: CNNVD-200508-216 // NVD: CVE-2005-2518

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2005-2518
value:	HIGH
Trust: 1.0
CARNEGIE MELLON:	VU#461412
value:	14.11
Trust: 0.8
CARNEGIE MELLON:	VU#709220
value:	11.57
Trust: 0.8
CARNEGIE MELLON:	VU#435188
value:	15.49
Trust: 0.8
CARNEGIE MELLON:	VU#172948
value:	15.49
Trust: 0.8
CARNEGIE MELLON:	VU#420316
value:	10.41
Trust: 0.8
CARNEGIE MELLON:	VU#913820
value:	18.17
Trust: 0.8
CNNVD:	CNNVD-200508-216
value:	HIGH
Trust: 0.6
VULHUB:	VHN-13727
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2005-2518
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-13727
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#461412 // CERT/CC: VU#709220 // CERT/CC: VU#435188 // CERT/CC: VU#172948 // CERT/CC: VU#420316 // CERT/CC: VU#913820 // VULHUB: VHN-13727 // CNNVD: CNNVD-200508-216 // NVD: CVE-2005-2518

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2005-2518

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 39463 // CNNVD: CNNVD-200508-216

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-200508-216

CONFIGURATIONS

sources: JVNDB: JVNDB-2005-000828

PATCH

title:

HT1222

url:

http://support.apple.com/kb/HT1222?viewlocale=ja_JP

Trust: 0.8

sources: JVNDB: JVNDB-2005-000828

EXTERNAL IDS

db:	SECUNIA	id:	16449	Trust: 4.9
db:	CERT/CC	id:	VU#461412	Trust: 3.4
db:	NVD	id:	CVE-2005-2518	Trust: 2.8
db:	USCERT	id:	TA05-229A	Trust: 2.6
db:	CERT/CC	id:	VU#709220	Trust: 1.7
db:	CERT/CC	id:	VU#435188	Trust: 1.7
db:	CERT/CC	id:	VU#172948	Trust: 1.7
db:	CERT/CC	id:	VU#420316	Trust: 1.7
db:	CERT/CC	id:	VU#913820	Trust: 1.7
db:	SECTRACK	id:	1014709	Trust: 1.7
db:	AUSCERT	id:	ESB-2005.0638	Trust: 1.6
db:	JVNDB	id:	JVNDB-2005-000828	Trust: 0.8
db:	CNNVD	id:	CNNVD-200508-216	Trust: 0.7
db:	CERT/CC	id:	TA05-229A	Trust: 0.6
db:	APPLE	id:	APPLE-SA-2005-08-17	Trust: 0.6
db:	APPLE	id:	APPLE-SA-2005-08-15	Trust: 0.6
db:	BID	id:	14567	Trust: 0.3
db:	VULHUB	id:	VHN-13727	Trust: 0.1
db:	PACKETSTORM	id:	39394	Trust: 0.1
db:	PACKETSTORM	id:	39463	Trust: 0.1

sources: CERT/CC: VU#461412 // CERT/CC: VU#709220 // CERT/CC: VU#435188 // CERT/CC: VU#172948 // CERT/CC: VU#420316 // CERT/CC: VU#913820 // VULHUB: VHN-13727 // BID: 14567 // JVNDB: JVNDB-2005-000828 // PACKETSTORM: 39394 // PACKETSTORM: 39463 // CNNVD: CNNVD-200508-216 // NVD: CVE-2005-2518

REFERENCES

url:	http://docs.info.apple.com/article.html?artnum=302163	Trust: 3.3
url:	http://secunia.com/advisories/16449/	Trust: 2.5
url:	http://www.kb.cert.org/vuls/id/461412	Trust: 2.5
url:	http://secunia.com/advisories/16449/	Trust: 2.4
url:	http://lists.apple.com/archives/security-announce/2005/aug/msg00000.html	Trust: 1.7
url:	http://lists.apple.com/archives/security-announce/2005//aug/msg00001.html	Trust: 1.7
url:	http://www.us-cert.gov/cas/techalerts/ta05-229a.html	Trust: 1.7
url:	http://securitytracker.com/id?1014709	Trust: 1.7
url:	http://www.auscert.org.au/5391	Trust: 1.6
url:	http://www.ciac.org/ciac/bulletins/p-276.shtml	Trust: 1.6
url:	http://webkit.opendarwin.org/	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-2518	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=2005-2501	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-2501	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-2502	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2005-2522	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2005-2516	Trust: 0.8
url:	http://jvn.jp/cert/jvnta05-229a/	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2005-2502	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2005-2522	Trust: 0.8
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2005-2501	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2005-2516	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2005-2518	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2005-2501	Trust: 0.8
url:	http://www.kb.cert.org/vuls/id/435188	Trust: 0.8
url:	http://www.kb.cert.org/vuls/id/172948	Trust: 0.8
url:	http://www.kb.cert.org/vuls/id/709220	Trust: 0.8
url:	http://www.kb.cert.org/vuls/id/913820	Trust: 0.8
url:	http://www.kb.cert.org/vuls/id/420316	Trust: 0.8
url:	http://www.info.apple.com/usen/security/security_updates.html	Trust: 0.3
url:	http://www.suresec.org/advisories/adv5.pdf	Trust: 0.3
url:	http://www.apple.com	Trust: 0.3
url:	http://secunia.com/advisories/14547/	Trust: 0.1
url:	http://secunia.com/advisories/15949/	Trust: 0.1
url:	http://secunia.com/advisories/13592/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/advisories/11139/	Trust: 0.1
url:	http://www.apple.com/support/downloads/securityupdate2005007macosx1042client.html	Trust: 0.1
url:	http://secunia.com/advisories/16041/	Trust: 0.1
url:	http://secunia.com/advisories/12787/	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1
url:	http://secunia.com/secunia_vacancies/	Trust: 0.1
url:	http://secunia.com/advisories/14460/	Trust: 0.1
url:	http://secunia.com/advisories/15721/	Trust: 0.1
url:	http://secunia.com/advisories/13045/	Trust: 0.1
url:	http://www.apple.com/support/downloads/securityupdate2005007macosx1039client.html	Trust: 0.1
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/advisories/16137/	Trust: 0.1
url:	http://secunia.com/advisories/16058/	Trust: 0.1
url:	http://www.apple.com/support/downloads/securityupdate2005007macosx1039server.html	Trust: 0.1
url:	http://secunia.com/product/96/	Trust: 0.1
url:	http://www.apple.com/support/downloads/securityupdate2005007macosx1042server.html	Trust: 0.1
url:	http://www.kb.cert.org/vuls/id/172948>	Trust: 0.1
url:	http://www.us-cert.gov/cas/techalerts/ta05-229a.html>	Trust: 0.1
url:	http://docs.info.apple.com/article.html?artnum=302163>	Trust: 0.1
url:	http://www.kb.cert.org/vuls/id/420316>	Trust: 0.1
url:	http://www.kb.cert.org/vuls/id/913820>	Trust: 0.1
url:	http://www.kb.cert.org/vuls/id/435188>	Trust: 0.1
url:	http://www.us-cert.gov/cas/>	Trust: 0.1
url:	http://docs.info.apple.com/article.html?artnum=106704>	Trust: 0.1
url:	http://www.kb.cert.org/vuls/id/461412>	Trust: 0.1
url:	http://www.kb.cert.org/vuls/id/709220>	Trust: 0.1
url:	http://www.us-cert.gov/legal.html>	Trust: 0.1

sources: CERT/CC: VU#461412 // CERT/CC: VU#709220 // CERT/CC: VU#435188 // CERT/CC: VU#172948 // CERT/CC: VU#420316 // CERT/CC: VU#913820 // VULHUB: VHN-13727 // BID: 14567 // JVNDB: JVNDB-2005-000828 // PACKETSTORM: 39394 // PACKETSTORM: 39463 // CNNVD: CNNVD-200508-216 // NVD: CVE-2005-2518

CREDITS

OpenSSL Security Advisory

Trust: 0.6

sources: CNNVD: CNNVD-200508-216

SOURCES

db:	CERT/CC	id:	VU#461412
db:	CERT/CC	id:	VU#709220
db:	CERT/CC	id:	VU#435188
db:	CERT/CC	id:	VU#172948
db:	CERT/CC	id:	VU#420316
db:	CERT/CC	id:	VU#913820
db:	VULHUB	id:	VHN-13727
db:	BID	id:	14567
db:	JVNDB	id:	JVNDB-2005-000828
db:	PACKETSTORM	id:	39394
db:	PACKETSTORM	id:	39463
db:	CNNVD	id:	CNNVD-200508-216
db:	NVD	id:	CVE-2005-2518

LAST UPDATE DATE

2024-08-14T12:20:08.487000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#461412	date:	2005-08-17T00:00:00
db:	CERT/CC	id:	VU#709220	date:	2005-08-17T00:00:00
db:	CERT/CC	id:	VU#435188	date:	2005-08-18T00:00:00
db:	CERT/CC	id:	VU#172948	date:	2005-08-17T00:00:00
db:	CERT/CC	id:	VU#420316	date:	2005-08-17T00:00:00
db:	CERT/CC	id:	VU#913820	date:	2005-08-17T00:00:00
db:	VULHUB	id:	VHN-13727	date:	2008-09-05T00:00:00
db:	BID	id:	14567	date:	2006-05-05T23:10:00
db:	JVNDB	id:	JVNDB-2005-000828	date:	2009-04-03T00:00:00
db:	CNNVD	id:	CNNVD-200508-216	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2005-2518	date:	2008-09-05T20:51:58.333

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#461412	date:	2005-08-17T00:00:00
db:	CERT/CC	id:	VU#709220	date:	2005-08-17T00:00:00
db:	CERT/CC	id:	VU#435188	date:	2005-08-17T00:00:00
db:	CERT/CC	id:	VU#172948	date:	2005-08-17T00:00:00
db:	CERT/CC	id:	VU#420316	date:	2005-08-17T00:00:00
db:	CERT/CC	id:	VU#913820	date:	2005-08-17T00:00:00
db:	VULHUB	id:	VHN-13727	date:	2005-08-19T00:00:00
db:	BID	id:	14567	date:	2005-08-15T00:00:00
db:	JVNDB	id:	JVNDB-2005-000828	date:	2009-04-03T00:00:00
db:	PACKETSTORM	id:	39394	date:	2005-08-17T03:29:45
db:	PACKETSTORM	id:	39463	date:	2005-08-18T07:35:42
db:	CNNVD	id:	CNNVD-200508-216	date:	2003-07-18T00:00:00
db:	NVD	id:	CVE-2005-2518	date:	2005-08-19T04:00:00