Sign-up

ID

VAR-200811-0014


CVE

CVE-2008-3623


TITLE

Multiple PHP XML-RPC implementations vulnerable to code injection

Trust: 0.8

sources: CERT/CC: VU#442845

DESCRIPTION

Heap-based buffer overflow in CoreGraphics in Apple Safari before 3.2 on Windows, in iPhone OS 1.0 through 2.2.1, and in iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted image, related to improper handling of color spaces. A vulnerability in a common PHP extension module could allow a remote attacker to execute code on a vulnerable system. Apple Safari of CoreGraphics Contains a heap-based buffer overflow vulnerability due to a flaw in image processing.Arbitrary code is executed or service operation is interrupted by a third party (DoS) There is a possibility of being put into a state. Apple Safari is prone to three security vulnerabilities. Attackers may exploit these issues to execute arbitrary code or obtain sensitive information. Other attacks are also possible. These issues affect versions prior to Safari 3.2 running on Apple Mac OS X 10.4.11 and 10.5.5, Microsoft Windows XP, and Windows Vista. Safari is the web browser bundled by default in the Apple family machine operating system. A stack overflow vulnerability exists in CoreGraphics' handling of color spaces. ---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secunia_vacancies/ ---------------------------------------------------------------------- TITLE: Nucleus XML-RPC PHP Code Execution Vulnerability SECUNIA ADVISORY ID: SA15895 VERIFY ADVISORY: http://secunia.com/advisories/15895/ CRITICAL: Highly critical IMPACT: System access WHERE: >From remote SOFTWARE: Nucleus 3.x http://secunia.com/product/3699/ DESCRIPTION: A vulnerability has been reported in Nucleus, which can be exploited by malicious people to compromise a vulnerable system. For more information: SA15852 SOLUTION: Update to version 3.21. http://sourceforge.net/project/showfiles.php?group_id=66479 OTHER REFERENCES: SA15852: http://secunia.com/advisories/15852/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.79

sources: NVD: CVE-2008-3623 // CERT/CC: VU#442845 // JVNDB: JVNDB-2008-001960 // BID: 32291 // VULHUB: VHN-33748 // PACKETSTORM: 38388

AFFECTED PRODUCTS

vendor:applemodel:safariscope:eqversion:3.1.1

Trust: 1.3

vendor:applemodel:safariscope:eqversion:2.0.4

Trust: 1.3

vendor:applemodel:safariscope:eqversion:2.0.3

Trust: 1.3

vendor:applemodel:safariscope:eqversion:2.0.2

Trust: 1.3

vendor:applemodel:safariscope:eqversion:2.0.1

Trust: 1.3

vendor:applemodel:safariscope:eqversion:1.3.1

Trust: 1.3

vendor:applemodel:safariscope:eqversion:1.3

Trust: 1.3

vendor:applemodel:safariscope:eqversion:1.2.3

Trust: 1.3

vendor:applemodel:safariscope:eqversion:1.2.2

Trust: 1.3

vendor:applemodel:safariscope:eqversion:1.2.1

Trust: 1.3

vendor:applemodel:safariscope:eqversion:1.2

Trust: 1.3

vendor:applemodel:safariscope:eqversion:1.1

Trust: 1.3

vendor:applemodel:safariscope:eqversion:1.0

Trust: 1.3

vendor:applemodel:safariscope:eqversion:3.1

Trust: 1.3

vendor:applemodel:safariscope:eqversion:3

Trust: 1.3

vendor:applemodel:safariscope:eqversion:2.0_pre

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.3.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.1.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:2.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:0.8

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.4

Trust: 1.0

vendor:applemodel:safariscope:lteversion:3.1.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.3

Trust: 1.0

vendor:applemodel:safariscope:eqversion:2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:0.9

Trust: 1.0

vendor:applemodel:safariscope:eqversion:2.0.4_419.3

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.4_beta

Trust: 1.0

vendor:applemodel:safariscope:eqversion:*

Trust: 1.0

vendor:applemodel:safariscope:eqversion:2.0.3_417.9.3

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.0.3

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.2.5

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.2.4

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.2

Trust: 1.0

vendor:drupalmodel: - scope: - version: -

Trust: 0.8

vendor:gentoo linuxmodel: - scope: - version: -

Trust: 0.8

vendor:mandrivamodel: - scope: - version: -

Trust: 0.8

vendor:pear xml rpcmodel: - scope: - version: -

Trust: 0.8

vendor:phpxmlrpcmodel: - scope: - version: -

Trust: 0.8

vendor:postnukemodel: - scope: - version: -

Trust: 0.8

vendor:red hatmodel: - scope: - version: -

Trust: 0.8

vendor:serendipitymodel: - scope: - version: -

Trust: 0.8

vendor:trustix secure linuxmodel: - scope: - version: -

Trust: 0.8

vendor:ubuntu linuxmodel: - scope: - version: -

Trust: 0.8

vendor:wordpressmodel: - scope: - version: -

Trust: 0.8

vendor:xoopsmodel: - scope: - version: -

Trust: 0.8

vendor:phpmyfaqmodel: - scope: - version: -

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:v10.4.11

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:v10.5 to v10.5.5

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.4.11

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.5 to v10.5.5

Trust: 0.8

vendor:applemodel:iosscope:eqversion:1.0 to 2.2.1

Trust: 0.8

vendor:applemodel:ios for ipod touchscope:eqversion:1.1 to 2.2.1

Trust: 0.8

vendor:applemodel:safariscope:eqversion:3 (mac os x 10.5)

Trust: 0.8

vendor:applemodel:safariscope:eqversion:3 (windows)

Trust: 0.8

vendor:microsoftmodel:windows vistascope:eqversion: -

Trust: 0.6

vendor:microsoftmodel:windowsscope:eqversion:xp

Trust: 0.6

vendor:microsoftmodel:windowsscope:eqversion:vista

Trust: 0.6

vendor:applemodel:safari for windowsscope:eqversion:3.1.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:3.1.2

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:3.1.1

Trust: 0.3

vendor:applemodel:safari beta for windowsscope:eqversion:3.0.4

Trust: 0.3

vendor:applemodel:safari beta for windowsscope:eqversion:3.0.3

Trust: 0.3

vendor:applemodel:safari betascope:eqversion:3.0.3

Trust: 0.3

vendor:applemodel:safari beta for windowsscope:eqversion:3.0.2

Trust: 0.3

vendor:applemodel:safari betascope:eqversion:3.0.2

Trust: 0.3

vendor:applemodel:safari beta for windowsscope:eqversion:3.0.1

Trust: 0.3

vendor:applemodel:safari betascope:eqversion:3.0.1

Trust: 0.3

vendor:applemodel:safari betascope:eqversion:2

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:3.1

Trust: 0.3

vendor:applemodel:safari beta for windowsscope:eqversion:3

Trust: 0.3

vendor:applemodel:safari betascope:eqversion:3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.5

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.11

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.11

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:2.2.1

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:2.0.2

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:2.0.1

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:1.1.4

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:1.1.3

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:1.1.2

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:1.1.1

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:2.2

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:2.1

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:2.0

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:1.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:2.2.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:2.0.2

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:2.0.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:1.1.4

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:1.1.3

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:1.1.2

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:1.1.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:1.0.2

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:1.0.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:2.2

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:2.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:2.0

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:1.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:1

Trust: 0.3

vendor:applemodel:safariscope:neversion:3.2

Trust: 0.3

vendor:applemodel:mac os serverscope:neversion:x10.5.6

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.5.6

Trust: 0.3

vendor:applemodel:ipod touchscope:neversion:3.0

Trust: 0.3

vendor:applemodel:iphonescope:neversion:3.0

Trust: 0.3

sources: CERT/CC: VU#442845 // BID: 32291 // JVNDB: JVNDB-2008-001960 // CNNVD: CNNVD-200811-245 // NVD: CVE-2008-3623

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2008-3623
value: HIGH

Trust: 1.0

CARNEGIE MELLON: VU#442845
value: 20.75

Trust: 0.8

NVD: CVE-2008-3623
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200811-245
value: CRITICAL

Trust: 0.6

VULHUB: VHN-33748
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2008-3623
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-33748
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#442845 // VULHUB: VHN-33748 // JVNDB: JVNDB-2008-001960 // CNNVD: CNNVD-200811-245 // NVD: CVE-2008-3623

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-33748 // JVNDB: JVNDB-2008-001960 // NVD: CVE-2008-3623

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200811-245

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200811-245

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2008-001960

PATCH
title:HT3338url:http://support.apple.com/kb/HT3338
Trust: 0.8
title:HT3639url:http://support.apple.com/kb/HT3639
Trust: 0.8
title:HT3298url:http://support.apple.com/kb/HT3298
Trust: 0.8
title:HT3338url:http://support.apple.com/kb/HT3338?viewlocale=ja_JP
Trust: 0.8
title:HT3639url:http://support.apple.com/kb/HT3639?viewlocale=ja_JP
Trust: 0.8
title:TA08-350Aurl:http://software.fujitsu.com/jp/security/vulnerabilities/ta08-350a.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2008-001960

EXTERNAL IDS
db:BIDid:32291
Trust: 2.8
db:NVDid:CVE-2008-3623
Trust: 2.8
db:USCERTid:TA08-350A
Trust: 2.5
db:VUPENid:ADV-2008-3444
Trust: 2.5
db:SECUNIAid:33179
Trust: 2.5
db:VUPENid:ADV-2009-1621
Trust: 1.7
db:SECTRACKid:1021225
Trust: 1.1
db:SECUNIAid:32706
Trust: 1.1
db:SECUNIAid:15895
Trust: 0.9
db:SECUNIAid:15810
Trust: 0.8
db:SECUNIAid:15922
Trust: 0.8
db:SECUNIAid:15852
Trust: 0.8
db:SECUNIAid:15855
Trust: 0.8
db:SECUNIAid:15861
Trust: 0.8
db:SECUNIAid:15862
Trust: 0.8
db:SECUNIAid:15872
Trust: 0.8
db:SECUNIAid:15883
Trust: 0.8
db:SECUNIAid:15884
Trust: 0.8
db:BIDid:14088
Trust: 0.8
db:SECTRACKid:1014327
Trust: 0.8
db:CERT/CCid:VU#442845
Trust: 0.8
db:USCERTid:SA08-350A
Trust: 0.8
db:JVNDBid:JVNDB-2008-001960
Trust: 0.8
db:CNNVDid:CNNVD-200811-245
Trust: 0.7
db:CERT/CCid:TA08-350A
Trust: 0.6
db:APPLEid:APPLE-SA-2009-06-17-1
Trust: 0.6
db:APPLEid:APPLE-SA-2008-11-13
Trust: 0.6
db:APPLEid:APPLE-SA-2008-12-15
Trust: 0.6
db:VULHUBid:VHN-33748
Trust: 0.1
db:PACKETSTORMid:38388
Trust: 0.1
sources:
            
            
            CERT/CC: VU#442845 // 
            
            
            
            VULHUB: VHN-33748 // 
            
            
            
            BID: 32291 // 
            
            
            
            JVNDB: JVNDB-2008-001960 // 
            
            
            
            PACKETSTORM: 38388 // 
            
            
            
            CNNVD: CNNVD-200811-245 // 
            
            
            
            NVD: CVE-2008-3623

REFERENCES
url:http://www.securityfocus.com/bid/32291
Trust: 2.5
url:http://www.us-cert.gov/cas/techalerts/ta08-350a.html
Trust: 2.5
url:http://secunia.com/advisories/33179
Trust: 2.5
url:http://support.apple.com/kb/ht3298
Trust: 2.0
url:http://www.vupen.com/english/advisories/2008/3444
Trust: 1.9
url:http://lists.apple.com/archives/security-announce//2008/nov/msg00001.html
Trust: 1.7
url:http://lists.apple.com/archives/security-announce//2008//dec/msg00000.html
Trust: 1.7
url:http://lists.apple.com/archives/security-announce/2009/jun/msg00005.html
Trust: 1.7
url:http://support.apple.com/kb/ht3338
Trust: 1.7
url:http://support.apple.com/kb/ht3639
Trust: 1.7
url:http://www.vupen.com/english/advisories/2009/1621
Trust: 1.7
url:http://www.securitytracker.com/id?1021225
Trust: 1.1
url:http://secunia.com/advisories/32706
Trust: 1.1
url:http://secunia.com/advisories/15895/
Trust: 0.9
url:http://secunia.com/advisories/15852/
Trust: 0.9
url:http://www.hardened-php.net/advisory-022005.php
Trust: 0.8
url:http://secunia.com/advisories/15861/
Trust: 0.8
url:http://secunia.com/advisories/15862/
Trust: 0.8
url:http://secunia.com/advisories/15884/
Trust: 0.8
url:http://secunia.com/advisories/15883/
Trust: 0.8
url:http://news.postnuke.com/modules.php?op=modload&name=news&file=article&sid=2699
Trust: 0.8
url:http://secunia.com/advisories/15855/
Trust: 0.8
url:http://secunia.com/advisories/15810/
Trust: 0.8
url:http://secunia.com/advisories/15872/
Trust: 0.8
url:http://secunia.com/advisories/15922/
Trust: 0.8
url:http://securitytracker.com/alerts/2005/jun/1014327.html
Trust: 0.8
url:http://www.gulftech.org/?node=research&article_id=00088-07022005
Trust: 0.8
url:http://www.gulftech.org/?node=research&article_id=00087-07012005
Trust: 0.8
url:http://www.securityfocus.com/bid/14088
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3623
Trust: 0.8
url:http://jvn.jp/cert/jvnta08-350a/
Trust: 0.8
url:http://jvn.jp/tr/trta08-350a
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-3623
Trust: 0.8
url:http://www.us-cert.gov/cas/alerts/sa08-350a.html
Trust: 0.8
url:http://www.frsirt.com/english/advisories/2008/3444
Trust: 0.6
url:http://www.apple.com/safari/
Trust: 0.3
url:http://support.apple.com/kb/ht3318
Trust: 0.3
url:http://secunia.com/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/product/3699/
Trust: 0.1
url:http://sourceforge.net/project/showfiles.php?group_id=66479
Trust: 0.1
url:http://secunia.com/secunia_vacancies/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            CERT/CC: VU#442845 // 
            
            
            
            VULHUB: VHN-33748 // 
            
            
            
            BID: 32291 // 
            
            
            
            JVNDB: JVNDB-2008-001960 // 
            
            
            
            PACKETSTORM: 38388 // 
            
            
            
            CNNVD: CNNVD-200811-245 // 
            
            
            
            NVD: CVE-2008-3623

CREDITS
Billy Rios
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200811-245

SOURCES
db:CERT/CCid:VU#442845
db:VULHUBid:VHN-33748
db:BIDid:32291
db:JVNDBid:JVNDB-2008-001960
db:PACKETSTORMid:38388
db:CNNVDid:CNNVD-200811-245
db:NVDid:CVE-2008-3623

LAST UPDATE DATE
2024-09-19T19:28:13.050000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#442845date:2007-03-09T00:00:00
db:VULHUBid:VHN-33748date:2018-10-30T00:00:00
db:BIDid:32291date:2009-06-17T23:39:00
db:JVNDBid:JVNDB-2008-001960date:2009-07-24T00:00:00
db:CNNVDid:CNNVD-200811-245date:2021-07-14T00:00:00
db:NVDid:CVE-2008-3623date:2018-10-30T16:25:48.967

SOURCES RELEASE DATE
db:CERT/CCid:VU#442845date:2005-07-06T00:00:00
db:VULHUBid:VHN-33748date:2008-11-17T00:00:00
db:BIDid:32291date:2008-11-13T00:00:00
db:JVNDBid:JVNDB-2008-001960date:2008-12-15T00:00:00
db:PACKETSTORMid:38388date:2005-07-01T23:31:00
db:CNNVDid:CNNVD-200811-245date:2008-11-17T00:00:00
db:NVDid:CVE-2008-3623date:2008-11-17T18:18:47.767