ID

VAR-200802-0011


CVE

CVE-2008-0039


TITLE

Apple Mac OS X fails to properly handle a crafted URL

Trust: 0.8

sources: CERT/CC: VU#774345

DESCRIPTION

Unspecified vulnerability in Mail in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary commands via a crafted file:// URL. Apple Mac OS X is prone to multiple security vulnerabilities. Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers. Apple Mac OS X 10.5.1 and prior versions are vulnerable to these issues. I. Further details are available in the US-CERT Vulnerability Notes Database. These products include Samba and X11. II. Impact The impacts of these vulnerabilities vary. III. These and other updates are available via Software Update or via Apple Downloads. IV. Please send email to <cert@cert.org> with "TA08-043B Feedback VU#774345" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2008 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History February 12, 2008: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBR7HyXPRFkHkM87XOAQLgawf/WfBp5mjT+DZriprWRqe1HM4Z9SSe/5Dg jMgSlX1j/YJC7FgZfjJvriQ+yXeOnhwvKggfTbkJWej+0AeRbyIUFWD/ZTh2Qylp /1vBehJW9nhT2yMT65/gT/MnbArN11AILkfSGr4W6xLPMR2zq0HsrP2SxYlAVkSO PPlo0KhWWATcjHjJEacdmry4fR6iv6xA0gFjWN6i18VX5LSMOEyO3LpDt+Rk8fet r7Pwi/QEr/nipEEw8R8Jg9+LT8dqQL1t+yhTa5pV1rceuEb3Cz67paHAqRneldW9 SAl/TPznmYCCMHqyOfHdRBUVvOxI09OPjHYkf7ghv5e06LqbfVMZug== =qwP5 -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. 1) An unspecified error exists within Foundation in Safari's handling of URLs. This can be exploited to cause a memory corruption when a user is enticed to access a specially crafted URL. Successful exploitation may allow execution of arbitrary code. 2) A weakness exists due to Launch Services allowing users to start uninstalled applications from a Time Machine Backup. 4) An unspecified error exists within NFS when handling mbuf chains. This can be exploited to cause a memory corruption and allows a system shutdown and potential execution of arbitrary code. 5) The problem is that Parental Controls contacts www.apple.com when a site is unblocked and allows for detection of computers running Parental Controls. 6) A boundary error in Samba can be exploited by malicious people to compromise a vulnerable system. For more information: SA27760 7) An input validation error exists in Terminal when processing URL schemes. This can be exploited to launch an application with arbitrary command line parameters and may allow execution of arbitrary code when a user visits a specially crafted web page. 8) Multiple vulnerabilities in X11 X Font Server can be exploited by malicious, local users to gain escalated privileges. For more information: SA27040 9) An error exists in X11, which causes certain settings ("Allow connections from network client") not to be applied. Security Update 2008-001 (PPC): http://www.apple.com/support/downloads/securityupdate2008001ppc.html Security Update 2008-001 (Universal): http://www.apple.com/support/downloads/securityupdate2008001universal.html Mac OS X 10.5.2 Combo Update: http://www.apple.com/support/downloads/macosx1052comboupdate.html Mac OS X Server 10.5.2 Combo Update: http://www.apple.com/support/downloads/macosxserver1052comboupdate.html PROVIDED AND/OR DISCOVERED BY: 2) The vendor credits Steven Fisher of Discovery Software Ltd. and Ian Coutier. 4) The vendor credits Oleg Drokin, Sun Microsystems. 5) The vendor credits Jesse Pearson. 6) Alin Rad Pop, Secunia Research. 7) The vendor credits Olli Leppanen of Digital Film Finland, and Brian Mastenbrook. ORIGINAL ADVISORY: Apple: http://docs.info.apple.com/article.html?artnum=307430 OTHER REFERENCES: SA27040: http://secunia.com/advisories/27040/ SA27760: http://secunia.com/advisories/27760/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.88

sources: NVD: CVE-2008-0039 // CERT/CC: VU#774345 // JVNDB: JVNDB-2008-001085 // BID: 27736 // VULHUB: VHN-30164 // PACKETSTORM: 63540 // PACKETSTORM: 63584

AFFECTED PRODUCTS

vendor:applemodel:mailscope:eqversion:*

Trust: 1.0

vendor:apple computermodel: - scope: - version: -

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:v10.4.11

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.4.11

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.4.11

Trust: 0.6

vendor:applemodel:mac os serverscope:eqversion:x10.5.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.11

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.10

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.9

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.8

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.7

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.6

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.5

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.11

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.10

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.9

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.8

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.7

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5

Trust: 0.3

vendor:applemodel:mac os serverscope:neversion:x10.5.2

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.5.2

Trust: 0.3

sources: CERT/CC: VU#774345 // BID: 27736 // JVNDB: JVNDB-2008-001085 // CNNVD: CNNVD-200802-223 // NVD: CVE-2008-0039

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2008-0039
value: MEDIUM

Trust: 1.0

CARNEGIE MELLON: VU#774345
value: 20.20

Trust: 0.8

NVD: CVE-2008-0039
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200802-223
value: MEDIUM

Trust: 0.6

VULHUB: VHN-30164
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2008-0039
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-30164
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#774345 // VULHUB: VHN-30164 // JVNDB: JVNDB-2008-001085 // CNNVD: CNNVD-200802-223 // NVD: CVE-2008-0039

PROBLEMTYPE DATA

problemtype:CWE-94

Trust: 1.9

sources: VULHUB: VHN-30164 // JVNDB: JVNDB-2008-001085 // NVD: CVE-2008-0039

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200802-223

TYPE

code injection

Trust: 0.6

sources: CNNVD: CNNVD-200802-223

CONFIGURATIONS

[
  {
    "CVE_data_version": "4.0",
    "nodes": [
      {
        "operator": "OR",
        "cpe_match": [
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:apple:mac_os_x"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:apple:mac_os_x_server"
          }
        ]
      }
    ]
  }
]

sources: JVNDB: JVNDB-2008-001085

PATCH

title:Security Update 2008-001url:http://docs.info.apple.com/article.html?artnum=307430-en

Trust: 0.8

title:Security Update 2008-001url:http://docs.info.apple.com/article.html?artnum=307430-ja

Trust: 0.8

title:TA08-043Burl:http://software.fujitsu.com/jp/security/vulnerabilities/ta08-043b.html

Trust: 0.8

sources: JVNDB: JVNDB-2008-001085

EXTERNAL IDS

db:NVDid:CVE-2008-0039

Trust: 2.8

db:BIDid:27736

Trust: 2.8

db:SECUNIAid:28891

Trust: 2.6

db:USCERTid:TA08-043B

Trust: 2.6

db:SECTRACKid:1019361

Trust: 2.5

db:VUPENid:ADV-2008-0495

Trust: 1.7

db:CERT/CCid:VU#774345

Trust: 1.1

db:USCERTid:SA08-043B

Trust: 0.8

db:JVNDBid:JVNDB-2008-001085

Trust: 0.8

db:APPLEid:APPLE-SA-2008-02-11

Trust: 0.6

db:CERT/CCid:TA08-043B

Trust: 0.6

db:CNNVDid:CNNVD-200802-223

Trust: 0.6

db:VULHUBid:VHN-30164

Trust: 0.1

db:PACKETSTORMid:63540

Trust: 0.1

db:PACKETSTORMid:63584

Trust: 0.1

sources: CERT/CC: VU#774345 // VULHUB: VHN-30164 // BID: 27736 // JVNDB: JVNDB-2008-001085 // PACKETSTORM: 63540 // PACKETSTORM: 63584 // CNNVD: CNNVD-200802-223 // NVD: CVE-2008-0039

REFERENCES

url:http://docs.info.apple.com/article.html?artnum=307430

Trust: 2.9

url:http://www.securityfocus.com/bid/27736

Trust: 2.5

url:http://www.us-cert.gov/cas/techalerts/ta08-043b.html

Trust: 2.5

url:http://www.securitytracker.com/id?1019361

Trust: 2.5

url:http://secunia.com/advisories/28891

Trust: 2.5

url:http://lists.apple.com/archives/security-announce/2008/feb/msg00002.html

Trust: 1.7

url:http://www.vupen.com/english/advisories/2008/0495/references

Trust: 1.1

url:http://docs.info.apple.com/article.html?artnum=307109

Trust: 0.8

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0039

Trust: 0.8

url:http://www.frsirt.com/english/advisories/2008/0495

Trust: 0.8

url:http://jvn.jp/cert/jvnta08-043b/index.html

Trust: 0.8

url:http://jvn.jp/tr/trta08-043b/index.html

Trust: 0.8

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-0039

Trust: 0.8

url:http://www.us-cert.gov/cas/alerts/sa08-043b.html

Trust: 0.8

url:http://www.frsirt.com/english/advisories/2008/0495/references

Trust: 0.6

url:http://www.apple.com/macosx/

Trust: 0.3

url:http://www.kb.cert.org/vuls/id/774345

Trust: 0.3

url:http://docs.info.apple.com/article.html?artnum=307109>

Trust: 0.1

url:http://www.samba.org/samba/history/security.html>

Trust: 0.1

url:http://www.us-cert.gov/cas/techalerts/ta08-043b.html>

Trust: 0.1

url:http://www.x.org/wiki/development/security>

Trust: 0.1

url:http://docs.info.apple.com/article.html?artnum=307430>

Trust: 0.1

url:http://www.apple.com/support/downloads/>

Trust: 0.1

url:http://docs.info.apple.com/article.html?artnum=106704>

Trust: 0.1

url:http://www.us-cert.gov/cas/signup.html>.

Trust: 0.1

url:http://www.us-cert.gov/legal.html>

Trust: 0.1

url:http://www.kb.cert.org/vuls/byid?searchview&query=apple_security_update_2008_001>

Trust: 0.1

url:http://secunia.com/secunia_security_advisories/

Trust: 0.1

url:http://www.apple.com/support/downloads/macosx1052comboupdate.html

Trust: 0.1

url:https://psi.secunia.com/?page=changelog

Trust: 0.1

url:https://psi.secunia.com/

Trust: 0.1

url:http://secunia.com/advisories/27760/

Trust: 0.1

url:http://secunia.com/advisories/27040/

Trust: 0.1

url:http://www.apple.com/support/downloads/securityupdate2008001universal.html

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://secunia.com/product/96/

Trust: 0.1

url:http://www.apple.com/support/downloads/securityupdate2008001ppc.html

Trust: 0.1

url:http://secunia.com/advisories/28891/

Trust: 0.1

url:http://secunia.com/about_secunia_advisories/

Trust: 0.1

url:http://www.apple.com/support/downloads/macosxserver1052comboupdate.html

Trust: 0.1

sources: CERT/CC: VU#774345 // VULHUB: VHN-30164 // BID: 27736 // JVNDB: JVNDB-2008-001085 // PACKETSTORM: 63540 // PACKETSTORM: 63584 // CNNVD: CNNVD-200802-223 // NVD: CVE-2008-0039

CREDITS

Brian Mastenbrook Steven Fisher Oleg Drokin Jesse Pearson Olli Leppanen

Trust: 0.6

sources: CNNVD: CNNVD-200802-223

SOURCES

db:CERT/CCid:VU#774345
db:VULHUBid:VHN-30164
db:BIDid:27736
db:JVNDBid:JVNDB-2008-001085
db:PACKETSTORMid:63540
db:PACKETSTORMid:63584
db:CNNVDid:CNNVD-200802-223
db:NVDid:CVE-2008-0039

LAST UPDATE DATE

2024-11-23T19:57:37.046000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#774345date:2008-02-12T00:00:00
db:VULHUBid:VHN-30164date:2011-03-08T00:00:00
db:BIDid:27736date:2008-02-13T00:46:00
db:JVNDBid:JVNDB-2008-001085date:2008-02-25T00:00:00
db:CNNVDid:CNNVD-200802-223date:2008-09-05T00:00:00
db:NVDid:CVE-2008-0039date:2024-11-21T00:41:01.240

SOURCES RELEASE DATE

db:CERT/CCid:VU#774345date:2008-02-12T00:00:00
db:VULHUBid:VHN-30164date:2008-02-12T00:00:00
db:BIDid:27736date:2008-02-11T00:00:00
db:JVNDBid:JVNDB-2008-001085date:2008-02-25T00:00:00
db:PACKETSTORMid:63540date:2008-02-12T22:23:40
db:PACKETSTORMid:63584date:2008-02-13T21:32:17
db:CNNVDid:CNNVD-200802-223date:2008-01-15T00:00:00
db:NVDid:CVE-2008-0039date:2008-02-12T20:00:00