Sign-up

ID

VAR-200807-0284


CVE

CVE-2008-2304


TITLE

Apple Core Image Fun House In .funhouse Buffer overflow vulnerability in processing

Trust: 0.8

sources: JVNDB: JVNDB-2008-001518

DESCRIPTION

Buffer overflow in Apple Core Image Fun House 2.0 and earlier in CoreImage Examples in Xcode tools before 3.1 allows user-assisted attackers to execute arbitrary code or cause a denial of service (application crash) via a .funhouse file with a string XML element that contains many characters. Apple Xcode Core Image Fun House is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. An attacker can exploit this issue by enticing an unsuspecting victim to open a malicious '.funhouse' file. Successfully exploiting this issue will allow the attacker to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition. Apple Xcode 2.0 through 3.0 are vulnerable. Xcode is the development tool used on Apple machines. The Xcode tools include a sample app called Core Image Fun House for working with content with the .funhouse extension. ---------------------------------------------------------------------- Want a new job? http://secunia.com/secunia_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/ International Partner Manager - Project Sales in the IT-Security Industry: http://corporate.secunia.com/about_secunia/64/ ---------------------------------------------------------------------- TITLE: Apple Xcode tools Vulnerability and Security Issue SECUNIA ADVISORY ID: SA31060 VERIFY ADVISORY: http://secunia.com/advisories/31060/ CRITICAL: Moderately critical IMPACT: Exposure of sensitive information, System access WHERE: >From remote SOFTWARE: Apple Xcode 2.x http://secunia.com/product/10144/ Apple Xcode 3.x http://secunia.com/product/19297/ DESCRIPTION: A vulnerability and a security issue have been reported in Xcode tools, which can be exploited by malicious people to disclose sensitive information or to compromise a user's system. 1) A boundary error in the handling of .funhouse files in CoreImage Examples can be exploited to cause a buffer overflow when a user is tricked into opening a specially crafted .funhouse file. Successful exploitation allows execution of arbitrary code. 2) An error in WebObjects exists within the handling of session IDs where the session ID is always appended to the URL generated by WOHyperlink. This may lead to the disclosure of session IDs when generating URLs to other web sites. The vulnerability and security issue is reported in versions prior to 3.1. SOLUTION: Update to version 3.1. PROVIDED AND/OR DISCOVERED BY: 1) Kevin Finisterre, Netragard 2) Reported by the vendor. ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT2352 Netragard: http://www.netragard.com/pdfs/research/NETRAGARD-20080630-FUNHOUSE.txt ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2008-2304 // JVNDB: JVNDB-2008-001518 // BID: 30189 // VULHUB: VHN-32429 // PACKETSTORM: 68151

AFFECTED PRODUCTS

vendor:applemodel:core image fun housescope:lteversion:2.0

Trust: 1.0

vendor:applemodel:xcodescope:ltversion:3.1

Trust: 0.8

vendor:applemodel:core image fun housescope:eqversion:2.0

Trust: 0.6

vendor:applemodel:xcodescope:eqversion:2.4.1

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:2.3

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:2.2

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:2.1

Trust: 0.3

vendor:applemodel:xcodescope:eqversion:2.0

Trust: 0.3

vendor:applemodel:core image fun housescope:eqversion:0

Trust: 0.3

vendor:applemodel:xcodescope:neversion:3.1

Trust: 0.3

sources: BID: 30189 // JVNDB: JVNDB-2008-001518 // CNNVD: CNNVD-200807-216 // NVD: CVE-2008-2304

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2008-2304
value: MEDIUM

Trust: 1.0

NVD: CVE-2008-2304
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200807-216
value: MEDIUM

Trust: 0.6

VULHUB: VHN-32429
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2008-2304
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-32429
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-32429 // JVNDB: JVNDB-2008-001518 // CNNVD: CNNVD-200807-216 // NVD: CVE-2008-2304

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-32429 // JVNDB: JVNDB-2008-001518 // NVD: CVE-2008-2304

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200807-216

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-200807-216

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2008-001518

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-32429

PATCH
title:Xcode tools 3.1url:http://support.apple.com/kb/HT2352
Trust: 0.8
title:Xcode tools 3.1url:http://support.apple.com/kb/HT2352?viewlocale=ja_JP&locale=ja_JP
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2008-001518

EXTERNAL IDS
db:NVDid:CVE-2008-2304
Trust: 2.8
db:SECTRACKid:1020472
Trust: 2.5
db:BIDid:30189
Trust: 2.0
db:SECUNIAid:31060
Trust: 1.8
db:VUPENid:ADV-2008-2093
Trust: 1.7
db:SREASONid:3988
Trust: 1.7
db:EXPLOIT-DBid:6043
Trust: 1.7
db:JVNDBid:JVNDB-2008-001518
Trust: 0.8
db:MILW0RMid:6043
Trust: 0.6
db:APPLEid:APPLE-SA-2008-07-11
Trust: 0.6
db:XFid:43733
Trust: 0.6
db:BUGTRAQid:20080711 [NETRAGARD SECURITY ADVISORY][APPLE CORE IMAGE FUN HOUSE <= 2.0 OS X -- ARBITRARY CODE EXECUTION][NETRAGARD-20080711]
Trust: 0.6
db:CNNVDid:CNNVD-200807-216
Trust: 0.6
db:SEEBUGid:SSVID-65579
Trust: 0.1
db:VULHUBid:VHN-32429
Trust: 0.1
db:PACKETSTORMid:68151
Trust: 0.1
sources:
            
            
            VULHUB: VHN-32429 // 
            
            
            
            BID: 30189 // 
            
            
            
            JVNDB: JVNDB-2008-001518 // 
            
            
            
            PACKETSTORM: 68151 // 
            
            
            
            CNNVD: CNNVD-200807-216 // 
            
            
            
            NVD: CVE-2008-2304

REFERENCES
url:http://www.securitytracker.com/id?1020472
Trust: 2.5
url:http://support.apple.com/kb/ht2352
Trust: 2.1
url:http://lists.apple.com/archives/security-announce//2008/jul/msg00002.html
Trust: 1.7
url:http://www.securityfocus.com/bid/30189
Trust: 1.7
url:http://secunia.com/advisories/31060
Trust: 1.7
url:http://securityreason.com/securityalert/3988
Trust: 1.7
url:http://www.securityfocus.com/archive/1/494230/100/0/threaded
Trust: 1.1
url:https://www.exploit-db.com/exploits/6043
Trust: 1.1
url:http://www.vupen.com/english/advisories/2008/2093/references
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/43733
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-2304
Trust: 0.8
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-2304
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/43733
Trust: 0.6
url:http://www.securityfocus.com/archive/1/archive/1/494230/100/0/threaded
Trust: 0.6
url:http://www.milw0rm.com/exploits/6043
Trust: 0.6
url:http://www.frsirt.com/english/advisories/2008/2093/references
Trust: 0.6
url:http://developer.apple.com/macosx/coreimage.html
Trust: 0.3
url:/archive/1/494230
Trust: 0.3
url:http://secunia.com/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/product/19297/
Trust: 0.1
url:http://secunia.com/advisories/31060/
Trust: 0.1
url:http://secunia.com/hardcore_disassembler_and_reverse_engineer/
Trust: 0.1
url:http://www.netragard.com/pdfs/research/netragard-20080630-funhouse.txt
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/product/10144/
Trust: 0.1
url:http://secunia.com/secunia_security_specialist/
Trust: 0.1
url:http://corporate.secunia.com/about_secunia/64/
Trust: 0.1
url:http://secunia.com/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-32429 // 
            
            
            
            BID: 30189 // 
            
            
            
            JVNDB: JVNDB-2008-001518 // 
            
            
            
            PACKETSTORM: 68151 // 
            
            
            
            CNNVD: CNNVD-200807-216 // 
            
            
            
            NVD: CVE-2008-2304

CREDITS
Kevin Finisterreā€» dotslash@snosoft.com
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200807-216

SOURCES
db:VULHUBid:VHN-32429
db:BIDid:30189
db:JVNDBid:JVNDB-2008-001518
db:PACKETSTORMid:68151
db:CNNVDid:CNNVD-200807-216
db:NVDid:CVE-2008-2304

LAST UPDATE DATE
2024-08-14T13:17:51.286000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-32429date:2018-10-11T00:00:00
db:BIDid:30189date:2008-07-14T16:59:00
db:JVNDBid:JVNDB-2008-001518date:2008-08-01T00:00:00
db:CNNVDid:CNNVD-200807-216date:2009-01-29T00:00:00
db:NVDid:CVE-2008-2304date:2018-10-11T20:40:06.703

SOURCES RELEASE DATE
db:VULHUBid:VHN-32429date:2008-07-14T00:00:00
db:BIDid:30189date:2008-07-11T00:00:00
db:JVNDBid:JVNDB-2008-001518date:2008-08-01T00:00:00
db:PACKETSTORMid:68151date:2008-07-15T00:11:26
db:CNNVDid:CNNVD-200807-216date:2008-07-14T00:00:00
db:NVDid:CVE-2008-2304date:2008-07-14T18:41:00