Details of VAR-200711-0064

ID

VAR-200711-0064

CVE

CVE-2007-6165

TITLE

Apple Safari WebKit component vulnerable to buffer overflow

Trust: 0.8

sources: CERT/CC: VU#351217

DESCRIPTION

Mail in Apple Mac OS X Leopard (10.5.1) allows user-assisted remote attackers to execute arbitrary code via an AppleDouble attachment containing an apparently-safe file type and script in a resource fork, which does not warn the user that a separate program is going to be executed. NOTE: this is a regression error related to CVE-2006-0395. Apple Safari is vulnerable to a stack-based buffer overflow. This may allow a remote attacker to execute arbitrary code on a vulnerable system. Mac OS X In this file system, a file consists of information called resource fork and data fork. RFC 1740 So, to handle this file structure by email MIME format (AppleSingle format, AppleDoube format ) Is defined. Apple Mail Is AppleDouble Parses resource forks when processing format attachments. This issue affects the Mail application when handling email attachments. This will compromise the application and possibly the underlying operating system. This issue affects Mac OS X 10.5. Although the issues seem similar in nature, this may not be the very same underlying vulnerability. We will update this BID as more information emerges. UPDATE (November 21, 2007): Reports indicate that this issue occurs because of an error in the application's quarantine feature. We have not confirmed this information. UPDATE (December 17, 2007): This vulnerability stems from an unspecified implementation issue in the Launch Services application. http://www.securityfocus.com/bid/16907. Apple Mail is the mail client bundled with the Apple operating system. If the user is logged on with administrative privileges, the attacker could take complete control of an affected system. Solution Since there is no known patch for this issue at this time, US-CERT is recommending a workaround. Workaround Disable "Open 'safe' files after downloading" Disable the option to "Open 'safe' files after downloading," as specified in the document "Securing Your Web Browser." Appendix A. Impacts of other vulnerabilities include bypassing security restrictions and denial of service. I. As further information becomes available, we will publish individual Vulnerability Notes. In addition, more information about VU#999708 is available in US-CERT Technical Cyber Security Alert TA06-053A. II. Impact The impacts of these vulnerabilities vary. III. Solution Install an update Install the update as described in Apple Security Update 2006-001. In addition, this update is available via Apple Update. Appendix A. Please send email to <cert@cert.org> with "TA06-062A Feedback VU#351217" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2006 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History March 3, 2006: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBRAiYnH0pj593lg50AQIdzggAxPbhEKlYyJUdTNqDBGSI+GAQ2oRY9WFx i+2yy5B34IvwyWt04Wb9PxgbCeWHbw9zc8X5xRPZEA/nVQWX/nnz20Tnap8ZRZUC bqlzo9pz2P+TOm3SBKUlZ+Rl0xTUTBJus78oiczzLu/Fy1oB8obC3qfwNDdrykXc i2MupUdRbZ5azrzDmzJGZktpVwJjM9UbXypbwsa1vg5+pAcRf4N0939kcjBML6LH B1jKz3PF0DLX/THj0sAq5PwiE82jCtop1hpD8zVWJOLGX1lbxhcHVLbiFiKaaF7u lKvIAf6ec9h+MQDwAnuA2uaYaQSwofCiWdOPAlueMzq23Ultlinz4g== =5Ooe -----END PGP SIGNATURE-----

Trust: 4.32

sources: NVD: CVE-2007-6165 // CERT/CC: VU#351217 // CERT/CC: VU#433819 // CERT/CC: VU#176732 // JVNDB: JVNDB-2007-001015 // BID: 26510 // VULHUB: VHN-29527 // PACKETSTORM: 44162 // PACKETSTORM: 44362

AFFECTED PRODUCTS

vendor:	apple computer	model:	-	scope:	-	version:	-	Trust: 2.4
vendor:	apple	model:	mac os x	scope:	eq	version:	10.5	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.5 mounted on apple mail	Trust: 0.8
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5.1	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5	Trust: 0.3

sources: CERT/CC: VU#351217 // CERT/CC: VU#433819 // CERT/CC: VU#176732 // BID: 26510 // JVNDB: JVNDB-2007-001015 // CNNVD: CNNVD-200711-390 // NVD: CVE-2007-6165

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2007-6165
value:	HIGH
Trust: 1.0
CARNEGIE MELLON:	VU#351217
value:	17.21
Trust: 0.8
CARNEGIE MELLON:	VU#433819
value:	9.28
Trust: 0.8
CARNEGIE MELLON:	VU#176732
value:	17.21
Trust: 0.8
NVD:	CVE-2007-6165
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200711-390
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-29527
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2007-6165
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-29527
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#351217 // CERT/CC: VU#433819 // CERT/CC: VU#176732 // VULHUB: VHN-29527 // JVNDB: JVNDB-2007-001015 // CNNVD: CNNVD-200711-390 // NVD: CVE-2007-6165

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.9
problemtype:	CWE-264	Trust: 1.9

sources: VULHUB: VHN-29527 // JVNDB: JVNDB-2007-001015 // NVD: CVE-2007-6165

THREAT TYPE

remote

Trust: 0.8

sources: PACKETSTORM: 44162 // PACKETSTORM: 44362 // CNNVD: CNNVD-200711-390

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-200711-390

CONFIGURATIONS

sources: JVNDB: JVNDB-2007-001015

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-29527

PATCH

title:	Security Update 2007-009	url:	http://docs.info.apple.com/article.html?artnum=307179-en	Trust: 0.8
title:	Security Update 2007-009	url:	http://docs.info.apple.com/article.html?artnum=307179-ja	Trust: 0.8
title:	TA07-352A	url:	http://software.fujitsu.com/jp/security/vulnerabilities/ta07-352a.html	Trust: 0.8

sources: JVNDB: JVNDB-2007-001015

EXTERNAL IDS

db:	SECUNIA	id:	27785	Trust: 3.3
db:	CERT/CC	id:	VU#433819	Trust: 3.3
db:	NVD	id:	CVE-2007-6165	Trust: 2.8
db:	BID	id:	26510	Trust: 2.8
db:	USCERT	id:	TA07-352A	Trust: 2.5
db:	SECUNIA	id:	28136	Trust: 1.7
db:	VUPEN	id:	ADV-2007-4238	Trust: 1.7
db:	VUPEN	id:	ADV-2007-3958	Trust: 1.7
db:	SECTRACK	id:	1019106	Trust: 1.7
db:	SECUNIA	id:	19064	Trust: 1.6
db:	CERT/CC	id:	VU#351217	Trust: 0.9
db:	USCERT	id:	TA06-062A	Trust: 0.9
db:	CERT/CC	id:	VU#176732	Trust: 0.9
db:	SECUNIA	id:	18220	Trust: 0.8
db:	USCERT	id:	SA07-352A	Trust: 0.8
db:	JVNDB	id:	JVNDB-2007-001015	Trust: 0.8
db:	CERT/CC	id:	TA07-352A	Trust: 0.6
db:	APPLE	id:	APPLE-SA-2007-12-17	Trust: 0.6
db:	CNNVD	id:	CNNVD-200711-390	Trust: 0.6
db:	USCERT	id:	TA06-053A	Trust: 0.2
db:	CERT/CC	id:	VU#999708	Trust: 0.2
db:	SEEBUG	id:	SSVID-84148	Trust: 0.1
db:	EXPLOIT-DB	id:	30781	Trust: 0.1
db:	EXPLOIT-DB	id:	16870	Trust: 0.1
db:	VULHUB	id:	VHN-29527	Trust: 0.1
db:	PACKETSTORM	id:	44162	Trust: 0.1
db:	PACKETSTORM	id:	44362	Trust: 0.1

sources: CERT/CC: VU#351217 // CERT/CC: VU#433819 // CERT/CC: VU#176732 // VULHUB: VHN-29527 // BID: 26510 // JVNDB: JVNDB-2007-001015 // PACKETSTORM: 44162 // PACKETSTORM: 44362 // CNNVD: CNNVD-200711-390 // NVD: CVE-2007-6165

REFERENCES

url:	http://www.securityfocus.com/bid/26510	Trust: 2.5
url:	http://www.us-cert.gov/cas/techalerts/ta07-352a.html	Trust: 2.5
url:	http://www.kb.cert.org/vuls/id/433819	Trust: 2.5
url:	http://secunia.com/advisories/27785	Trust: 2.5
url:	http://docs.info.apple.com/article.html?artnum=303382	Trust: 2.4
url:	http://www.heise-security.co.uk/news/99257	Trust: 2.0
url:	http://lists.apple.com/archives/security-announce/2007/dec/msg00002.html	Trust: 1.7
url:	http://docs.info.apple.com/article.html?artnum=307179	Trust: 1.7
url:	http://securitytracker.com/id?1019106	Trust: 1.7
url:	http://secunia.com/advisories/28136	Trust: 1.7
url:	http://secunia.com/advisories/19064/	Trust: 1.6
url:	http://www.frsirt.com/english/advisories/2007/3958	Trust: 1.4
url:	http://www.vupen.com/english/advisories/2007/3958	Trust: 1.1
url:	http://www.vupen.com/english/advisories/2007/4238	Trust: 1.1
url:	http://security-protocols.com/advisory/sp-x22-advisory.txt	Trust: 0.8
url:	http://secunia.com/advisories/18220/	Trust: 0.8
url:	http://webkit.opendarwin.org/	Trust: 0.8
url:	http://www.heise-security.co.uk/news/99257	Trust: 0.8
url:	http://secunia.com/advisories/27785/	Trust: 0.8
url:	http://www.us-cert.gov/cas/techalerts/ta06-062a.html	Trust: 0.8
url:	http://www.cert.org/homeusers/email-attachments.html	Trust: 0.8
url:	http://www.apple.com/macosx/features/mail.html	Trust: 0.8
url:	http://tools.ietf.org/html/rfc1740	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-6165	Trust: 0.8
url:	http://www.jpcert.or.jp/wr/2007/wr074701.txt	Trust: 0.8
url:	http://jvn.jp/cert/jvnta07-352a/index.html	Trust: 0.8
url:	http://jvn.jp/cert/jvnvu%23433819/index.html	Trust: 0.8
url:	http://jvn.jp/tr/trta07-352a/index.html	Trust: 0.8
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-6165	Trust: 0.8
url:	http://www.us-cert.gov/cas/alerts/sa07-352a.html	Trust: 0.8
url:	http://www.frsirt.com/english/advisories/2007/4238	Trust: 0.6
url:	http://software.cisco.com/download/navigator.html?mdfid=283613663	Trust: 0.3
url:	http://www.heise-security.co.uk/services/emailcheck/demos/go.shtml?mail=apple	Trust: 0.3
url:	http://www.kb.cert.org/vuls/id/999708>	Trust: 0.2
url:	http://www.us-cert.gov/cas/techalerts/ta06-053a.html>	Trust: 0.2
url:	http://www.us-cert.gov/cas/signup.html>.	Trust: 0.2
url:	http://www.us-cert.gov/legal.html>	Trust: 0.2
url:	http://www.apple.com/macosx/features/safari/>	Trust: 0.1
url:	http://www.us-cert.gov/reading_room/securing_browser/#sgeneral>	Trust: 0.1
url:	http://www.kb.cert.org/vuls/id/176732>	Trust: 0.1
url:	http://www.us-cert.gov/cas/techalerts/ta06-062a.html>	Trust: 0.1
url:	http://docs.info.apple.com/article.html?artnum=106704>	Trust: 0.1
url:	http://www.kb.cert.org/vuls/id/351217>	Trust: 0.1
url:	http://www.us-cert.gov/reading_room/securing_browser/#safari>	Trust: 0.1
url:	http://docs.info.apple.com/article.html?artnum=303382>	Trust: 0.1

CREDITS

heise Security

Trust: 0.6

sources: CNNVD: CNNVD-200711-390

SOURCES

db:	CERT/CC	id:	VU#351217
db:	CERT/CC	id:	VU#433819
db:	CERT/CC	id:	VU#176732
db:	VULHUB	id:	VHN-29527
db:	BID	id:	26510
db:	JVNDB	id:	JVNDB-2007-001015
db:	PACKETSTORM	id:	44162
db:	PACKETSTORM	id:	44362
db:	CNNVD	id:	CNNVD-200711-390
db:	NVD	id:	CVE-2007-6165

LAST UPDATE DATE

2024-11-08T19:48:04.979000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#351217	date:	2006-03-06T00:00:00
db:	CERT/CC	id:	VU#433819	date:	2007-11-27T00:00:00
db:	CERT/CC	id:	VU#176732	date:	2006-03-03T00:00:00
db:	VULHUB	id:	VHN-29527	date:	2011-10-06T00:00:00
db:	BID	id:	26510	date:	2007-12-18T20:06:00
db:	JVNDB	id:	JVNDB-2007-001015	date:	2007-12-20T00:00:00
db:	CNNVD	id:	CNNVD-200711-390	date:	2007-11-29T00:00:00
db:	NVD	id:	CVE-2007-6165	date:	2011-10-06T04:00:00

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#351217	date:	2006-03-03T00:00:00
db:	CERT/CC	id:	VU#433819	date:	2007-11-27T00:00:00
db:	CERT/CC	id:	VU#176732	date:	2006-03-03T00:00:00
db:	VULHUB	id:	VHN-29527	date:	2007-11-29T00:00:00
db:	BID	id:	26510	date:	2007-11-20T00:00:00
db:	JVNDB	id:	JVNDB-2007-001015	date:	2007-12-20T00:00:00
db:	PACKETSTORM	id:	44162	date:	2006-02-26T03:08:24
db:	PACKETSTORM	id:	44362	date:	2006-03-06T09:45:32
db:	CNNVD	id:	CNNVD-200711-390	date:	2007-11-28T00:00:00
db:	NVD	id:	CVE-2007-6165	date:	2007-11-29T01:46:00