Sign-up

ID

VAR-200809-0006


CVE

CVE-2008-2329


TITLE

Apple Mac OS X file sharing allows authenticated remote access to files and directories

Trust: 0.8

sources: CERT/CC: VU#126787

DESCRIPTION

Directory Services in Apple Mac OS X 10.5 through 10.5.4, when Active Directory is used, allows attackers to enumerate user names via wildcard characters in the Login Window. Apple Mac OS X Leopard does not accurately reflect which files and directories are available via sharing. A vulnerability in a common PHP extension module could allow a remote attacker to execute code on a vulnerable system. The advisory also contains security updates for 17 previously reported issues. If wildcard characters are provided in the Username field, a list of Active Directory usernames will be displayed. ---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secunia_vacancies/ ---------------------------------------------------------------------- TITLE: phpPgAds XML-RPC PHP Code Execution Vulnerability SECUNIA ADVISORY ID: SA15884 VERIFY ADVISORY: http://secunia.com/advisories/15884/ CRITICAL: Highly critical IMPACT: System access WHERE: >From remote SOFTWARE: phpPgAds 2.x http://secunia.com/product/4577/ DESCRIPTION: A vulnerability has been reported in phpPgAds, which can be exploited by malicious people to compromise a vulnerable system. For more information: SA15852 SOLUTION: Update to version 2.0.5. http://sourceforge.net/project/showfiles.php?group_id=36679 OTHER REFERENCES: SA15852: http://secunia.com/advisories/15852/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 3.51

sources: NVD: CVE-2008-2329 // CERT/CC: VU#126787 // CERT/CC: VU#442845 // JVNDB: JVNDB-2008-001714 // BID: 31189 // VULHUB: VHN-32454 // PACKETSTORM: 38390

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:eqversion:10.5.4

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.5

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.5.2

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.5.1

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.5.2

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.5.1

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.5.4

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.5

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.5.3

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.5.3

Trust: 1.6

vendor:apple computermodel: - scope: - version: -

Trust: 0.8

vendor:drupalmodel: - scope: - version: -

Trust: 0.8

vendor:gentoo linuxmodel: - scope: - version: -

Trust: 0.8

vendor:mandrivamodel: - scope: - version: -

Trust: 0.8

vendor:pear xml rpcmodel: - scope: - version: -

Trust: 0.8

vendor:phpxmlrpcmodel: - scope: - version: -

Trust: 0.8

vendor:postnukemodel: - scope: - version: -

Trust: 0.8

vendor:red hatmodel: - scope: - version: -

Trust: 0.8

vendor:serendipitymodel: - scope: - version: -

Trust: 0.8

vendor:trustix secure linuxmodel: - scope: - version: -

Trust: 0.8

vendor:ubuntu linuxmodel: - scope: - version: -

Trust: 0.8

vendor:wordpressmodel: - scope: - version: -

Trust: 0.8

vendor:xoopsmodel: - scope: - version: -

Trust: 0.8

vendor:phpmyfaqmodel: - scope: - version: -

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:v10.5 to v10.5.4

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.5 to v10.5.4

Trust: 0.8

vendor:applemodel:safariscope:eqversion:3.1.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:3.1.1

Trust: 0.3

vendor:applemodel:safari betascope:eqversion:3.0.3

Trust: 0.3

vendor:applemodel:safari betascope:eqversion:3.0.2

Trust: 0.3

vendor:applemodel:safari betascope:eqversion:3.0.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:3.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:3.1

Trust: 0.3

vendor:applemodel:safari betascope:eqversion:3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.11

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.11

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5

Trust: 0.3

vendor:applemodel:ilifescope:eqversion:8.0

Trust: 0.3

vendor:applemodel:aperturescope:eqversion:2

Trust: 0.3

vendor:applemodel:mac os serverscope:neversion:x10.5.5

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.5.5

Trust: 0.3

vendor:applemodel:ilife supportscope:neversion:8.3.1

Trust: 0.3

sources: CERT/CC: VU#126787 // CERT/CC: VU#442845 // BID: 31189 // JVNDB: JVNDB-2008-001714 // CNNVD: CNNVD-200809-209 // NVD: CVE-2008-2329

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2008-2329
value: LOW

Trust: 1.0

CARNEGIE MELLON: VU#126787
value: 1.01

Trust: 0.8

CARNEGIE MELLON: VU#442845
value: 20.75

Trust: 0.8

NVD: CVE-2008-2329
value: LOW

Trust: 0.8

CNNVD: CNNVD-200809-209
value: LOW

Trust: 0.6

VULHUB: VHN-32454
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2008-2329
severity: LOW
baseScore: 1.9
vectorString: AV:L/AC:M/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.4
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-32454
severity: LOW
baseScore: 1.9
vectorString: AV:L/AC:M/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.4
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#126787 // CERT/CC: VU#442845 // VULHUB: VHN-32454 // JVNDB: JVNDB-2008-001714 // CNNVD: CNNVD-200809-209 // NVD: CVE-2008-2329

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-32454 // JVNDB: JVNDB-2008-001714 // NVD: CVE-2008-2329

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-200809-209

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-200809-209

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2008-001714

PATCH
title:Security Update 2008-006url:http://support.apple.com/kb/HT3137
Trust: 0.8
title:Security Update 2008-006url:http://support.apple.com/kb/HT3137?viewlocale=ja_JP
Trust: 0.8
title:TA08-260Aurl:http://software.fujitsu.com/jp/security/vulnerabilities/ta08-260a.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2008-001714

EXTERNAL IDS
db:BIDid:31189
Trust: 2.8
db:NVDid:CVE-2008-2329
Trust: 2.8
db:SECTRACKid:1020874
Trust: 2.5
db:SECUNIAid:31882
Trust: 2.5
db:USCERTid:TA08-260A
Trust: 2.5
db:VUPENid:ADV-2008-2584
Trust: 1.7
db:XFid:45163
Trust: 1.4
db:CERT/CCid:VU#126787
Trust: 1.1
db:SECUNIAid:15884
Trust: 0.9
db:SECUNIAid:15810
Trust: 0.8
db:SECUNIAid:15922
Trust: 0.8
db:SECUNIAid:15852
Trust: 0.8
db:SECUNIAid:15855
Trust: 0.8
db:SECUNIAid:15861
Trust: 0.8
db:SECUNIAid:15862
Trust: 0.8
db:SECUNIAid:15872
Trust: 0.8
db:SECUNIAid:15883
Trust: 0.8
db:SECUNIAid:15895
Trust: 0.8
db:BIDid:14088
Trust: 0.8
db:SECTRACKid:1014327
Trust: 0.8
db:CERT/CCid:VU#442845
Trust: 0.8
db:USCERTid:SA08-260A
Trust: 0.8
db:JVNDBid:JVNDB-2008-001714
Trust: 0.8
db:CERT/CCid:TA08-260A
Trust: 0.6
db:APPLEid:APPLE-SA-2008-09-15
Trust: 0.6
db:CNNVDid:CNNVD-200809-209
Trust: 0.6
db:VULHUBid:VHN-32454
Trust: 0.1
db:PACKETSTORMid:38390
Trust: 0.1
sources:
            
            
            CERT/CC: VU#126787 // 
            
            
            
            CERT/CC: VU#442845 // 
            
            
            
            VULHUB: VHN-32454 // 
            
            
            
            BID: 31189 // 
            
            
            
            JVNDB: JVNDB-2008-001714 // 
            
            
            
            PACKETSTORM: 38390 // 
            
            
            
            CNNVD: CNNVD-200809-209 // 
            
            
            
            NVD: CVE-2008-2329

REFERENCES
url:http://www.securityfocus.com/bid/31189
Trust: 2.5
url:http://www.us-cert.gov/cas/techalerts/ta08-260a.html
Trust: 2.5
url:http://securitytracker.com/id?1020874
Trust: 2.5
url:http://secunia.com/advisories/31882
Trust: 2.5
url:http://lists.apple.com/archives/security-announce//2008/sep/msg00005.html
Trust: 1.7
url:http://www.frsirt.com/english/advisories/2008/2584
Trust: 1.4
url:http://xforce.iss.net/xforce/xfdb/45163
Trust: 1.4
url:http://www.vupen.com/english/advisories/2008/2584
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/45163
Trust: 1.1
url:http://secunia.com/advisories/15884/
Trust: 0.9
url:http://secunia.com/advisories/15852/
Trust: 0.9
url:about vulnerability notes
Trust: 0.8
url:contact us about this vulnerability
Trust: 0.8
url:provide a vendor statement
Trust: 0.8
url:http://www.hardened-php.net/advisory-022005.php
Trust: 0.8
url:http://secunia.com/advisories/15861/
Trust: 0.8
url:http://secunia.com/advisories/15862/
Trust: 0.8
url:http://secunia.com/advisories/15895/
Trust: 0.8
url:http://secunia.com/advisories/15883/
Trust: 0.8
url:http://news.postnuke.com/modules.php?op=modload&name=news&file=article&sid=2699
Trust: 0.8
url:http://secunia.com/advisories/15855/
Trust: 0.8
url:http://secunia.com/advisories/15810/
Trust: 0.8
url:http://secunia.com/advisories/15872/
Trust: 0.8
url:http://secunia.com/advisories/15922/
Trust: 0.8
url:http://securitytracker.com/alerts/2005/jun/1014327.html
Trust: 0.8
url:http://www.gulftech.org/?node=research&article_id=00088-07022005
Trust: 0.8
url:http://www.gulftech.org/?node=research&article_id=00087-07012005
Trust: 0.8
url:http://www.securityfocus.com/bid/14088
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-2329
Trust: 0.8
url:http://jvn.jp/cert/jvnta08-260a/index.html
Trust: 0.8
url:http://jvn.jp/tr/trta08-260a
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-2329
Trust: 0.8
url:http://www.us-cert.gov/cas/alerts/sa08-260a.html
Trust: 0.8
url:http://support.apple.com/kb/ht3137
Trust: 0.3
url:http://www.apple.com/macosx/
Trust: 0.3
url:http://www.kb.cert.org/vuls/id/126787
Trust: 0.3
url:http://secunia.com/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/product/4577/
Trust: 0.1
url:http://secunia.com/secunia_vacancies/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://sourceforge.net/project/showfiles.php?group_id=36679
Trust: 0.1
url:http://secunia.com/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            CERT/CC: VU#126787 // 
            
            
            
            CERT/CC: VU#442845 // 
            
            
            
            VULHUB: VHN-32454 // 
            
            
            
            BID: 31189 // 
            
            
            
            JVNDB: JVNDB-2008-001714 // 
            
            
            
            PACKETSTORM: 38390 // 
            
            
            
            CNNVD: CNNVD-200809-209 // 
            
            
            
            NVD: CVE-2008-2329

CREDITS
Pete Finnigan※ pete@peterfinnigan.demon.co.uk※Esteban Martinez FayoJoxean Koret※ joxeankoret@yahoo.es※Alexander Kornbrust※ ak@red-database-security.com※Amichai Shulman※ shulman@imperva.com
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200809-209

SOURCES
db:CERT/CCid:VU#126787
db:CERT/CCid:VU#442845
db:VULHUBid:VHN-32454
db:BIDid:31189
db:JVNDBid:JVNDB-2008-001714
db:PACKETSTORMid:38390
db:CNNVDid:CNNVD-200809-209
db:NVDid:CVE-2008-2329

LAST UPDATE DATE
2024-09-20T22:15:37.225000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#126787date:2008-10-14T00:00:00
db:CERT/CCid:VU#442845date:2007-03-09T00:00:00
db:VULHUBid:VHN-32454date:2017-08-08T00:00:00
db:BIDid:31189date:2008-11-13T22:34:00
db:JVNDBid:JVNDB-2008-001714date:2008-10-08T00:00:00
db:CNNVDid:CNNVD-200809-209date:2008-11-15T00:00:00
db:NVDid:CVE-2008-2329date:2017-08-08T01:30:57.323

SOURCES RELEASE DATE
db:CERT/CCid:VU#126787date:2008-09-16T00:00:00
db:CERT/CCid:VU#442845date:2005-07-06T00:00:00
db:VULHUBid:VHN-32454date:2008-09-16T00:00:00
db:BIDid:31189date:2008-09-15T00:00:00
db:JVNDBid:JVNDB-2008-001714date:2008-10-08T00:00:00
db:PACKETSTORMid:38390date:2005-07-01T23:31:00
db:CNNVDid:CNNVD-200809-209date:2008-09-16T00:00:00
db:NVDid:CVE-2008-2329date:2008-09-16T23:00:00.960