ID

VAR-200711-0064


CVE

CVE-2007-6165


TITLE

Apple Safari WebKit component vulnerable to buffer overflow

Trust: 0.8

sources: CERT/CC: VU#351217

DESCRIPTION

Mail in Apple Mac OS X Leopard (10.5.1) allows user-assisted remote attackers to execute arbitrary code via an AppleDouble attachment containing an apparently-safe file type and script in a resource fork, which does not warn the user that a separate program is going to be executed. NOTE: this is a regression error related to CVE-2006-0395. Apple Safari is vulnerable to a stack-based buffer overflow. This may allow a remote attacker to execute arbitrary code on a vulnerable system. Mac OS X In this file system, a file consists of information called resource fork and data fork. RFC 1740 So, to handle this file structure by email MIME format (AppleSingle format, AppleDoube format ) Is defined. Apple Mail Is AppleDouble Parses resource forks when processing format attachments. This issue affects the Mail application when handling email attachments. This will compromise the application and possibly the underlying operating system. This issue affects Mac OS X 10.5. Although the issues seem similar in nature, this may not be the very same underlying vulnerability. We will update this BID as more information emerges. UPDATE (November 21, 2007): Reports indicate that this issue occurs because of an error in the application's quarantine feature. We have not confirmed this information. UPDATE (December 17, 2007): This vulnerability stems from an unspecified implementation issue in the Launch Services application. http://www.securityfocus.com/bid/16907. Apple Mail is the mail client bundled with the Apple operating system. If the user is logged on with administrative privileges, the attacker could take complete control of an affected system. Solution Since there is no known patch for this issue at this time, US-CERT is recommending a workaround. Workaround Disable "Open 'safe' files after downloading" Disable the option to "Open 'safe' files after downloading," as specified in the document "Securing Your Web Browser." Appendix A. Impacts of other vulnerabilities include bypassing security restrictions and denial of service. I. As further information becomes available, we will publish individual Vulnerability Notes. In addition, more information about VU#999708 is available in US-CERT Technical Cyber Security Alert TA06-053A. II. Impact The impacts of these vulnerabilities vary. III. Solution Install an update Install the update as described in Apple Security Update 2006-001. In addition, this update is available via Apple Update. Appendix A. Please send email to <cert@cert.org> with "TA06-062A Feedback VU#351217" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2006 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History March 3, 2006: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBRAiYnH0pj593lg50AQIdzggAxPbhEKlYyJUdTNqDBGSI+GAQ2oRY9WFx i+2yy5B34IvwyWt04Wb9PxgbCeWHbw9zc8X5xRPZEA/nVQWX/nnz20Tnap8ZRZUC bqlzo9pz2P+TOm3SBKUlZ+Rl0xTUTBJus78oiczzLu/Fy1oB8obC3qfwNDdrykXc i2MupUdRbZ5azrzDmzJGZktpVwJjM9UbXypbwsa1vg5+pAcRf4N0939kcjBML6LH B1jKz3PF0DLX/THj0sAq5PwiE82jCtop1hpD8zVWJOLGX1lbxhcHVLbiFiKaaF7u lKvIAf6ec9h+MQDwAnuA2uaYaQSwofCiWdOPAlueMzq23Ultlinz4g== =5Ooe -----END PGP SIGNATURE-----

Trust: 4.32

sources: NVD: CVE-2007-6165 // CERT/CC: VU#351217 // CERT/CC: VU#433819 // CERT/CC: VU#176732 // JVNDB: JVNDB-2007-001015 // BID: 26510 // VULHUB: VHN-29527 // PACKETSTORM: 44162 // PACKETSTORM: 44362

AFFECTED PRODUCTS

vendor:apple computermodel: - scope: - version: -

Trust: 2.4

vendor:applemodel:mac os xscope:eqversion:10.5

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.5 mounted on apple mail

Trust: 0.8

vendor:applemodel:mac os serverscope:eqversion:x10.5.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5

Trust: 0.3

sources: CERT/CC: VU#351217 // CERT/CC: VU#433819 // CERT/CC: VU#176732 // BID: 26510 // JVNDB: JVNDB-2007-001015 // CNNVD: CNNVD-200711-390 // NVD: CVE-2007-6165

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2007-6165
value: HIGH

Trust: 1.0

CARNEGIE MELLON: VU#351217
value: 17.21

Trust: 0.8

CARNEGIE MELLON: VU#433819
value: 9.28

Trust: 0.8

CARNEGIE MELLON: VU#176732
value: 17.21

Trust: 0.8

NVD: CVE-2007-6165
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200711-390
value: CRITICAL

Trust: 0.6

VULHUB: VHN-29527
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2007-6165
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-29527
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#351217 // CERT/CC: VU#433819 // CERT/CC: VU#176732 // VULHUB: VHN-29527 // JVNDB: JVNDB-2007-001015 // CNNVD: CNNVD-200711-390 // NVD: CVE-2007-6165

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-29527 // JVNDB: JVNDB-2007-001015 // NVD: CVE-2007-6165

THREAT TYPE

remote

Trust: 0.8

sources: PACKETSTORM: 44162 // PACKETSTORM: 44362 // CNNVD: CNNVD-200711-390

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-200711-390

CONFIGURATIONS

sources: JVNDB: JVNDB-2007-001015

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-29527

PATCH

title:Security Update 2007-009url:http://docs.info.apple.com/article.html?artnum=307179-en

Trust: 0.8

title:Security Update 2007-009url:http://docs.info.apple.com/article.html?artnum=307179-ja

Trust: 0.8

title:TA07-352Aurl:http://software.fujitsu.com/jp/security/vulnerabilities/ta07-352a.html

Trust: 0.8

sources: JVNDB: JVNDB-2007-001015

EXTERNAL IDS

db:SECUNIAid:27785

Trust: 3.3

db:CERT/CCid:VU#433819

Trust: 3.3

db:NVDid:CVE-2007-6165

Trust: 2.8

db:BIDid:26510

Trust: 2.8

db:USCERTid:TA07-352A

Trust: 2.5

db:SECUNIAid:28136

Trust: 1.7

db:VUPENid:ADV-2007-4238

Trust: 1.7

db:VUPENid:ADV-2007-3958

Trust: 1.7

db:SECTRACKid:1019106

Trust: 1.7

db:SECUNIAid:19064

Trust: 1.6

db:CERT/CCid:VU#351217

Trust: 0.9

db:USCERTid:TA06-062A

Trust: 0.9

db:CERT/CCid:VU#176732

Trust: 0.9

db:SECUNIAid:18220

Trust: 0.8

db:USCERTid:SA07-352A

Trust: 0.8

db:JVNDBid:JVNDB-2007-001015

Trust: 0.8

db:CERT/CCid:TA07-352A

Trust: 0.6

db:APPLEid:APPLE-SA-2007-12-17

Trust: 0.6

db:CNNVDid:CNNVD-200711-390

Trust: 0.6

db:USCERTid:TA06-053A

Trust: 0.2

db:CERT/CCid:VU#999708

Trust: 0.2

db:SEEBUGid:SSVID-84148

Trust: 0.1

db:EXPLOIT-DBid:30781

Trust: 0.1

db:EXPLOIT-DBid:16870

Trust: 0.1

db:VULHUBid:VHN-29527

Trust: 0.1

db:PACKETSTORMid:44162

Trust: 0.1

db:PACKETSTORMid:44362

Trust: 0.1

sources: CERT/CC: VU#351217 // CERT/CC: VU#433819 // CERT/CC: VU#176732 // VULHUB: VHN-29527 // BID: 26510 // JVNDB: JVNDB-2007-001015 // PACKETSTORM: 44162 // PACKETSTORM: 44362 // CNNVD: CNNVD-200711-390 // NVD: CVE-2007-6165

REFERENCES

url:http://www.securityfocus.com/bid/26510

Trust: 2.5

url:http://www.us-cert.gov/cas/techalerts/ta07-352a.html

Trust: 2.5

url:http://www.kb.cert.org/vuls/id/433819

Trust: 2.5

url:http://secunia.com/advisories/27785

Trust: 2.5

url:http://docs.info.apple.com/article.html?artnum=303382

Trust: 2.4

url:http://www.heise-security.co.uk/news/99257

Trust: 2.0

url:http://lists.apple.com/archives/security-announce/2007/dec/msg00002.html

Trust: 1.7

url:http://docs.info.apple.com/article.html?artnum=307179

Trust: 1.7

url:http://securitytracker.com/id?1019106

Trust: 1.7

url:http://secunia.com/advisories/28136

Trust: 1.7

url:http://secunia.com/advisories/19064/

Trust: 1.6

url:http://www.frsirt.com/english/advisories/2007/3958

Trust: 1.4

url:http://www.vupen.com/english/advisories/2007/3958

Trust: 1.1

url:http://www.vupen.com/english/advisories/2007/4238

Trust: 1.1

url:http://security-protocols.com/advisory/sp-x22-advisory.txt

Trust: 0.8

url:http://secunia.com/advisories/18220/

Trust: 0.8

url:http://webkit.opendarwin.org/

Trust: 0.8

url:http://www.heise-security.co.uk/news/99257

Trust: 0.8

url:http://secunia.com/advisories/27785/

Trust: 0.8

url:http://www.us-cert.gov/cas/techalerts/ta06-062a.html

Trust: 0.8

url:http://www.cert.org/homeusers/email-attachments.html

Trust: 0.8

url:http://www.apple.com/macosx/features/mail.html

Trust: 0.8

url:http://tools.ietf.org/html/rfc1740

Trust: 0.8

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-6165

Trust: 0.8

url:http://www.jpcert.or.jp/wr/2007/wr074701.txt

Trust: 0.8

url:http://jvn.jp/cert/jvnta07-352a/index.html

Trust: 0.8

url:http://jvn.jp/cert/jvnvu%23433819/index.html

Trust: 0.8

url:http://jvn.jp/tr/trta07-352a/index.html

Trust: 0.8

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-6165

Trust: 0.8

url:http://www.us-cert.gov/cas/alerts/sa07-352a.html

Trust: 0.8

url:http://www.frsirt.com/english/advisories/2007/4238

Trust: 0.6

url:http://software.cisco.com/download/navigator.html?mdfid=283613663

Trust: 0.3

url:http://www.heise-security.co.uk/services/emailcheck/demos/go.shtml?mail=apple

Trust: 0.3

url:http://www.kb.cert.org/vuls/id/999708>

Trust: 0.2

url:http://www.us-cert.gov/cas/techalerts/ta06-053a.html>

Trust: 0.2

url:http://www.us-cert.gov/cas/signup.html>.

Trust: 0.2

url:http://www.us-cert.gov/legal.html>

Trust: 0.2

url:http://www.apple.com/macosx/features/safari/>

Trust: 0.1

url:http://www.us-cert.gov/reading_room/securing_browser/#sgeneral>

Trust: 0.1

url:http://www.kb.cert.org/vuls/id/176732>

Trust: 0.1

url:http://www.us-cert.gov/cas/techalerts/ta06-062a.html>

Trust: 0.1

url:http://docs.info.apple.com/article.html?artnum=106704>

Trust: 0.1

url:http://www.kb.cert.org/vuls/id/351217>

Trust: 0.1

url:http://www.us-cert.gov/reading_room/securing_browser/#safari>

Trust: 0.1

url:http://docs.info.apple.com/article.html?artnum=303382>

Trust: 0.1

sources: CERT/CC: VU#351217 // CERT/CC: VU#433819 // CERT/CC: VU#176732 // VULHUB: VHN-29527 // BID: 26510 // JVNDB: JVNDB-2007-001015 // PACKETSTORM: 44162 // PACKETSTORM: 44362 // CNNVD: CNNVD-200711-390 // NVD: CVE-2007-6165

CREDITS

heise Security

Trust: 0.6

sources: CNNVD: CNNVD-200711-390

SOURCES

db:CERT/CCid:VU#351217
db:CERT/CCid:VU#433819
db:CERT/CCid:VU#176732
db:VULHUBid:VHN-29527
db:BIDid:26510
db:JVNDBid:JVNDB-2007-001015
db:PACKETSTORMid:44162
db:PACKETSTORMid:44362
db:CNNVDid:CNNVD-200711-390
db:NVDid:CVE-2007-6165

LAST UPDATE DATE

2024-12-25T22:44:37.293000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#351217date:2006-03-06T00:00:00
db:CERT/CCid:VU#433819date:2007-11-27T00:00:00
db:CERT/CCid:VU#176732date:2006-03-03T00:00:00
db:VULHUBid:VHN-29527date:2011-10-06T00:00:00
db:BIDid:26510date:2007-12-18T20:06:00
db:JVNDBid:JVNDB-2007-001015date:2007-12-20T00:00:00
db:CNNVDid:CNNVD-200711-390date:2007-11-29T00:00:00
db:NVDid:CVE-2007-6165date:2024-11-21T00:39:30.143

SOURCES RELEASE DATE

db:CERT/CCid:VU#351217date:2006-03-03T00:00:00
db:CERT/CCid:VU#433819date:2007-11-27T00:00:00
db:CERT/CCid:VU#176732date:2006-03-03T00:00:00
db:VULHUBid:VHN-29527date:2007-11-29T00:00:00
db:BIDid:26510date:2007-11-20T00:00:00
db:JVNDBid:JVNDB-2007-001015date:2007-12-20T00:00:00
db:PACKETSTORMid:44162date:2006-02-26T03:08:24
db:PACKETSTORMid:44362date:2006-03-06T09:45:32
db:CNNVDid:CNNVD-200711-390date:2007-11-28T00:00:00
db:NVDid:CVE-2007-6165date:2007-11-29T01:46:00