ID

VAR-200708-0453


CVE

CVE-2007-3742


TITLE

Apple Safari cross-domain HTTP redirection race condition

Trust: 0.8

sources: CERT/CC: VU#289988

DESCRIPTION

WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, does not properly handle the interaction between International Domain Name (IDN) support and Unicode fonts, which allows remote attackers to create a URL containing "look-alike characters" (homographs) and possibly perform phishing attacks. Apple Safari contains a race condition when handling HTTP redirection when updating pages. This can allow a cross-domain violation. Apple WebCore fails to properly serialize headers into an HTTP request, which can cause a cross-domain security violation. The Apple Webkit contains a memory corruption vulnerability.This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code. Apple's Safari contains a vulnerability that allows spoofing of URLs in the address bar. Apple's Safari is a web browser installed as default with Mac OS X. There is a problem in Safari where URLs displayed in the address bar could be spoofed to deceive Safari users. This could be conducted by using Unicode characters that look alike to ASCII characters as URL strings.As it is difficult for Safari users to tell whether the displayed URL is spoofed or not, an attacker could possibly conduct phising attacks. Attackers may exploit this vulnerability via a malicious webpage to spoof the contents and origin of a page that the victim may trust. Attackers may find this issue useful in phishing or other attacks that rely on content spoofing. This issue affects Apple Safari 3.0.2 for Windows; other versions may also be affected. The iPhone is reported to be affected in the APPLE-SA-2007-07-31 iPhone v1.0.1 Update security advisory. ---------------------------------------------------------------------- BETA test the new Secunia Personal Software Inspector! The Secunia PSI detects installed software on your computer and categorises it as either Insecure, End-of-Life, or Up-To-Date. Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors. Download the free PSI BETA from the Secunia website: https://psi.secunia.com/ ---------------------------------------------------------------------- TITLE: Apple iPhone Multiple Vulnerabilities SECUNIA ADVISORY ID: SA26287 VERIFY ADVISORY: http://secunia.com/advisories/26287/ CRITICAL: Highly critical IMPACT: Cross Site Scripting, Spoofing, DoS, System access WHERE: >From remote OPERATING SYSTEM: Apple iPhone 1.x http://secunia.com/product/15128/ DESCRIPTION: Some vulnerabilities have been reported in Apple iPhone, which can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, and potentially to compromise a vulnerable system. 2) A boundary error in the Perl Compatible Regular Expressions (PCRE) library used by the Javascript engine in Safari can be exploited to cause a heap-based buffer overflow when a user visits a malicious web page. Successful exploitation may allow execution of arbitrary code. 3) An HTTP injection issue in XMLHttpRequest can be exploited to inject arbitrary HTTP requests. 5) An invalid type conversion when rendering frame sets may allow execution of arbitrary code. For more information see vulnerability #1 in: SA25786 SOLUTION: Update to version 1.0.1 (downloadable and installable via iTunes). PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Lawrence Lai, Stan Switzer, and Ed Rowe of Adobe Systems, Inc. 2) The vendor credits Charlie Miller and Jake Honoroff of Independent Security Evaluators. 3) The vendor credits Richard Moore, Westpoint Ltd. 5) The vendor credits Rhys Kidd, Westnet. ORIGINAL ADVISORY: http://docs.info.apple.com/article.html?artnum=306173 OTHER REFERENCES: SA25786: http://secunia.com/advisories/25786/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 4.23

sources: NVD: CVE-2007-3742 // CERT/CC: VU#289988 // CERT/CC: VU#845708 // CERT/CC: VU#389868 // JVNDB: JVNDB-2007-000560 // BID: 24636 // VULHUB: VHN-27104 // PACKETSTORM: 58223

AFFECTED PRODUCTS

vendor:apple computermodel: - scope: - version: -

Trust: 2.4

vendor:applemodel:safariscope:lteversion:3.0.2

Trust: 1.0

vendor:applemodel:iphonescope:eqversion:v1.0

Trust: 0.8

vendor:applemodel:safariscope:lteversion:3.0.2 (mac os x, windows xp / vista)

Trust: 0.8

vendor:applemodel:safariscope:eqversion:for mac os x (mac os x 10.3.x and mac os x 10.4.x)

Trust: 0.8

vendor:applemodel:iphonescope:eqversion:1.0

Trust: 0.6

vendor:applemodel:safari beta for windowsscope:eqversion:3.0.2

Trust: 0.3

vendor:applemodel:safari betascope:eqversion:3.0.2

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:1

Trust: 0.3

vendor:applemodel:safari beta for windowsscope:neversion:3.0.3

Trust: 0.3

vendor:applemodel:safari betascope:neversion:3.0.3

Trust: 0.3

vendor:applemodel:iphonescope:neversion:1.0.1

Trust: 0.3

sources: CERT/CC: VU#289988 // CERT/CC: VU#845708 // CERT/CC: VU#389868 // BID: 24636 // JVNDB: JVNDB-2007-000560 // CNNVD: CNNVD-200708-036 // NVD: CVE-2007-3742

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2007-3742
value: MEDIUM

Trust: 1.0

CARNEGIE MELLON: VU#289988
value: 0.47

Trust: 0.8

CARNEGIE MELLON: VU#845708
value: 0.57

Trust: 0.8

CARNEGIE MELLON: VU#389868
value: 2.55

Trust: 0.8

IPA: JVNDB-2007-000560
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200708-036
value: MEDIUM

Trust: 0.6

VULHUB: VHN-27104
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2007-3742
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

IPA: JVNDB-2007-000560
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-27104
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#289988 // CERT/CC: VU#845708 // CERT/CC: VU#389868 // VULHUB: VHN-27104 // JVNDB: JVNDB-2007-000560 // CNNVD: CNNVD-200708-036 // NVD: CVE-2007-3742

PROBLEMTYPE DATA

problemtype:CWE-59

Trust: 1.9

problemtype:CWE-16

Trust: 1.1

problemtype:CWE-399

Trust: 0.8

sources: VULHUB: VHN-27104 // JVNDB: JVNDB-2007-000560 // NVD: CVE-2007-3742

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200708-036

TYPE

configuration error

Trust: 0.6

sources: CNNVD: CNNVD-200708-036

CONFIGURATIONS

sources: JVNDB: JVNDB-2007-000560

PATCH

title:Safari 3 Beta Update 3.0.3url:http://docs.info.apple.com/article.html?artnum=306174-en

Trust: 0.8

sources: JVNDB: JVNDB-2007-000560

EXTERNAL IDS

db:SECUNIAid:26287

Trust: 4.2

db:NVDid:CVE-2007-3742

Trust: 2.8

db:BIDid:24636

Trust: 2.8

db:SECTRACKid:1018488

Trust: 1.7

db:VUPENid:ADV-2007-2730

Trust: 1.7

db:VUPENid:ADV-2007-2731

Trust: 1.7

db:SECUNIAid:25786

Trust: 1.6

db:XFid:35716

Trust: 1.4

db:CERT/CCid:VU#289988

Trust: 0.8

db:CERT/CCid:VU#845708

Trust: 0.8

db:CERT/CCid:VU#389868

Trust: 0.8

db:JVNid:JVN16018033

Trust: 0.8

db:JVNDBid:JVNDB-2007-000560

Trust: 0.8

db:CNNVDid:CNNVD-200708-036

Trust: 0.7

db:VULHUBid:VHN-27104

Trust: 0.1

db:PACKETSTORMid:58223

Trust: 0.1

sources: CERT/CC: VU#289988 // CERT/CC: VU#845708 // CERT/CC: VU#389868 // VULHUB: VHN-27104 // BID: 24636 // JVNDB: JVNDB-2007-000560 // PACKETSTORM: 58223 // CNNVD: CNNVD-200708-036 // NVD: CVE-2007-3742

REFERENCES

url:http://docs.info.apple.com/article.html?artnum=306173

Trust: 3.4

url:http://secunia.com/advisories/26287/

Trust: 2.5

url:http://www.securityfocus.com/bid/24636

Trust: 2.5

url:http://secunia.com/advisories/25786/

Trust: 1.7

url:http://docs.info.apple.com/article.html?artnum=306174

Trust: 1.7

url:http://isc.sans.org/diary.html?storyid=3214

Trust: 1.7

url:http://www.securitytracker.com/id?1018488

Trust: 1.7

url:http://secunia.com/advisories/26287

Trust: 1.7

url:http://developer.apple.com/opensource/internet/webkit.html

Trust: 1.6

url:http://docs.info.apple.com/article.html?artnum=305759

Trust: 1.6

url:http://www.frsirt.com/english/advisories/2007/2730

Trust: 1.4

url:http://xforce.iss.net/xforce/xfdb/35716

Trust: 1.4

url:http://www.vupen.com/english/advisories/2007/2730

Trust: 1.1

url:http://www.vupen.com/english/advisories/2007/2731

Trust: 1.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/35716

Trust: 1.1

url:http://www.apple.com/safari/download/

Trust: 0.8

url:http://www.mozilla.org/projects/security/components/same-origin.html

Trust: 0.8

url:http://docs.info.apple.com/article.html?artnum=61798

Trust: 0.8

url:http://www.cert.org/tech_tips/securing_browser/#safari

Trust: 0.8

url:http://developer.apple.com/internet/webcontent/xmlhttpreq.html

Trust: 0.8

url:http://www.westpoint.ltd.uk/advisories/wp-07-0002.txt

Trust: 0.8

url:http://webkit.opendarwin.org/

Trust: 0.8

url:http://lists.apple.com/archives/security-announce/2007/jun/msg00004.html

Trust: 0.8

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3742

Trust: 0.8

url:http://jvn.jp/en/jp/jvn16018033/index.html

Trust: 0.8

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-3742

Trust: 0.8

url:http://www.frsirt.com/english/advisories/2007/2731

Trust: 0.6

url:http://www.apple.com/safari/

Trust: 0.3

url:/archive/1/472234

Trust: 0.3

url:http://secunia.com/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/product/15128/

Trust: 0.1

url:https://psi.secunia.com/

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://secunia.com/about_secunia_advisories/

Trust: 0.1

sources: CERT/CC: VU#289988 // CERT/CC: VU#845708 // CERT/CC: VU#389868 // VULHUB: VHN-27104 // BID: 24636 // JVNDB: JVNDB-2007-000560 // PACKETSTORM: 58223 // CNNVD: CNNVD-200708-036 // NVD: CVE-2007-3742

CREDITS

Robert Swiecki reported this issue.

Trust: 0.3

sources: BID: 24636

SOURCES

db:CERT/CCid:VU#289988
db:CERT/CCid:VU#845708
db:CERT/CCid:VU#389868
db:VULHUBid:VHN-27104
db:BIDid:24636
db:JVNDBid:JVNDB-2007-000560
db:PACKETSTORMid:58223
db:CNNVDid:CNNVD-200708-036
db:NVDid:CVE-2007-3742

LAST UPDATE DATE

2024-11-23T21:12:50.790000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#289988date:2007-09-21T00:00:00
db:CERT/CCid:VU#845708date:2008-09-08T00:00:00
db:CERT/CCid:VU#389868date:2008-06-04T00:00:00
db:VULHUBid:VHN-27104date:2017-07-29T00:00:00
db:BIDid:24636date:2007-08-01T12:45:00
db:JVNDBid:JVNDB-2007-000560date:2008-05-21T00:00:00
db:CNNVDid:CNNVD-200708-036date:2007-08-06T00:00:00
db:NVDid:CVE-2007-3742date:2024-11-21T00:33:57.320

SOURCES RELEASE DATE

db:CERT/CCid:VU#289988date:2007-06-25T00:00:00
db:CERT/CCid:VU#845708date:2007-06-22T00:00:00
db:CERT/CCid:VU#389868date:2007-06-22T00:00:00
db:VULHUBid:VHN-27104date:2007-08-03T00:00:00
db:BIDid:24636date:2007-06-25T00:00:00
db:JVNDBid:JVNDB-2007-000560date:2008-05-21T00:00:00
db:PACKETSTORMid:58223date:2007-08-08T04:01:26
db:CNNVDid:CNNVD-200708-036date:2007-06-25T00:00:00
db:NVDid:CVE-2007-3742date:2007-08-03T20:17:00