Sign-up

ID

VAR-200811-0321


CVE

CVE-2008-4216


TITLE

Multiple PHP XML-RPC implementations vulnerable to code injection

Trust: 0.8

sources: CERT/CC: VU#442845

DESCRIPTION

The plug-in interface in WebKit in Apple Safari before 3.2 does not prevent plug-ins from accessing local URLs, which allows remote attackers to obtain sensitive information via vectors that "launch local files.". A vulnerability in a common PHP extension module could allow a remote attacker to execute code on a vulnerable system. Apple Safari is prone to three security vulnerabilities. Attackers may exploit these issues to execute arbitrary code or obtain sensitive information. Other attacks are also possible. These issues affect versions prior to Safari 3.2 running on Apple Mac OS X 10.4.11 and 10.5.5, Microsoft Windows XP, and Windows Vista. Safari is the web browser bundled by default in the Apple family machine operating system. ---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secunia_vacancies/ ---------------------------------------------------------------------- TITLE: Nucleus XML-RPC PHP Code Execution Vulnerability SECUNIA ADVISORY ID: SA15895 VERIFY ADVISORY: http://secunia.com/advisories/15895/ CRITICAL: Highly critical IMPACT: System access WHERE: >From remote SOFTWARE: Nucleus 3.x http://secunia.com/product/3699/ DESCRIPTION: A vulnerability has been reported in Nucleus, which can be exploited by malicious people to compromise a vulnerable system. For more information: SA15852 SOLUTION: Update to version 3.21. http://sourceforge.net/project/showfiles.php?group_id=66479 OTHER REFERENCES: SA15852: http://secunia.com/advisories/15852/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.79

sources: NVD: CVE-2008-4216 // CERT/CC: VU#442845 // JVNDB: JVNDB-2008-001962 // BID: 32291 // VULHUB: VHN-34341 // PACKETSTORM: 38388

AFFECTED PRODUCTS

vendor:applemodel:safariscope:eqversion:1.2.1

Trust: 1.9

vendor:applemodel:safariscope:eqversion:1.2

Trust: 1.9

vendor:applemodel:safariscope:eqversion:1.0

Trust: 1.9

vendor:applemodel:safariscope:eqversion:1.0.3

Trust: 1.6

vendor:applemodel:safariscope:eqversion:1.1.1

Trust: 1.6

vendor:applemodel:safariscope:eqversion:0.9

Trust: 1.6

vendor:applemodel:safariscope:eqversion:0.8

Trust: 1.6

vendor:applemodel:safariscope:eqversion:3.1.1

Trust: 1.3

vendor:applemodel:safariscope:eqversion:2.0.4

Trust: 1.3

vendor:applemodel:safariscope:eqversion:2.0.3

Trust: 1.3

vendor:applemodel:safariscope:eqversion:2.0.2

Trust: 1.3

vendor:applemodel:safariscope:eqversion:2.0.1

Trust: 1.3

vendor:applemodel:safariscope:eqversion:1.3.1

Trust: 1.3

vendor:applemodel:safariscope:eqversion:1.3

Trust: 1.3

vendor:applemodel:safariscope:eqversion:1.2.3

Trust: 1.3

vendor:applemodel:safariscope:eqversion:1.2.2

Trust: 1.3

vendor:applemodel:safariscope:eqversion:1.1

Trust: 1.3

vendor:applemodel:safariscope:eqversion:3.1

Trust: 1.3

vendor:applemodel:safariscope:eqversion:3

Trust: 1.3

vendor:applemodel:safariscope:eqversion:2.0_pre

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.3.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:2.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.4

Trust: 1.0

vendor:applemodel:safariscope:lteversion:3.1.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.3

Trust: 1.0

vendor:applemodel:safariscope:eqversion:2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:2.0.4_419.3

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.4_beta

Trust: 1.0

vendor:applemodel:safariscope:eqversion:*

Trust: 1.0

vendor:applemodel:safariscope:eqversion:2.0.3_417.9.3

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.2.5

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.2.4

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.2

Trust: 1.0

vendor:drupalmodel: - scope: - version: -

Trust: 0.8

vendor:gentoo linuxmodel: - scope: - version: -

Trust: 0.8

vendor:mandrivamodel: - scope: - version: -

Trust: 0.8

vendor:pear xml rpcmodel: - scope: - version: -

Trust: 0.8

vendor:phpxmlrpcmodel: - scope: - version: -

Trust: 0.8

vendor:postnukemodel: - scope: - version: -

Trust: 0.8

vendor:red hatmodel: - scope: - version: -

Trust: 0.8

vendor:serendipitymodel: - scope: - version: -

Trust: 0.8

vendor:trustix secure linuxmodel: - scope: - version: -

Trust: 0.8

vendor:ubuntu linuxmodel: - scope: - version: -

Trust: 0.8

vendor:wordpressmodel: - scope: - version: -

Trust: 0.8

vendor:xoopsmodel: - scope: - version: -

Trust: 0.8

vendor:phpmyfaqmodel: - scope: - version: -

Trust: 0.8

vendor:applemodel:safariscope:eqversion:3 (mac os x 10.5)

Trust: 0.8

vendor:applemodel:safariscope:eqversion:3 (windows)

Trust: 0.8

vendor:applemodel:safariscope:eqversion:windows

Trust: 0.6

vendor:applemodel:safari for windowsscope:eqversion:3.1.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:3.1.2

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:3.1.1

Trust: 0.3

vendor:applemodel:safari beta for windowsscope:eqversion:3.0.4

Trust: 0.3

vendor:applemodel:safari beta for windowsscope:eqversion:3.0.3

Trust: 0.3

vendor:applemodel:safari betascope:eqversion:3.0.3

Trust: 0.3

vendor:applemodel:safari beta for windowsscope:eqversion:3.0.2

Trust: 0.3

vendor:applemodel:safari betascope:eqversion:3.0.2

Trust: 0.3

vendor:applemodel:safari beta for windowsscope:eqversion:3.0.1

Trust: 0.3

vendor:applemodel:safari betascope:eqversion:3.0.1

Trust: 0.3

vendor:applemodel:safari betascope:eqversion:2

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:3.1

Trust: 0.3

vendor:applemodel:safari beta for windowsscope:eqversion:3

Trust: 0.3

vendor:applemodel:safari betascope:eqversion:3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.5

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.11

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.11

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:2.2.1

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:2.0.2

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:2.0.1

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:1.1.4

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:1.1.3

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:1.1.2

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:1.1.1

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:2.2

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:2.1

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:2.0

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:1.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:2.2.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:2.0.2

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:2.0.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:1.1.4

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:1.1.3

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:1.1.2

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:1.1.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:1.0.2

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:1.0.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:2.2

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:2.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:2.0

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:1.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:1

Trust: 0.3

vendor:applemodel:safariscope:neversion:3.2

Trust: 0.3

vendor:applemodel:mac os serverscope:neversion:x10.5.6

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.5.6

Trust: 0.3

vendor:applemodel:ipod touchscope:neversion:3.0

Trust: 0.3

vendor:applemodel:iphonescope:neversion:3.0

Trust: 0.3

sources: CERT/CC: VU#442845 // BID: 32291 // JVNDB: JVNDB-2008-001962 // CNNVD: CNNVD-200811-247 // NVD: CVE-2008-4216

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2008-4216
value: MEDIUM

Trust: 1.0

CARNEGIE MELLON: VU#442845
value: 20.75

Trust: 0.8

NVD: CVE-2008-4216
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200811-247
value: MEDIUM

Trust: 0.6

VULHUB: VHN-34341
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2008-4216
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-34341
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#442845 // VULHUB: VHN-34341 // JVNDB: JVNDB-2008-001962 // CNNVD: CNNVD-200811-247 // NVD: CVE-2008-4216

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-34341 // JVNDB: JVNDB-2008-001962 // NVD: CVE-2008-4216

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200811-247

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-200811-247

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2008-001962

PATCH
title:HT3298url:http://support.apple.com/kb/HT3298
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2008-001962

EXTERNAL IDS
db:NVDid:CVE-2008-4216
Trust: 2.8
db:BIDid:32291
Trust: 2.8
db:SECUNIAid:32706
Trust: 1.1
db:SECTRACKid:1021227
Trust: 1.1
db:SECUNIAid:15895
Trust: 0.9
db:SECUNIAid:15810
Trust: 0.8
db:SECUNIAid:15922
Trust: 0.8
db:SECUNIAid:15852
Trust: 0.8
db:SECUNIAid:15855
Trust: 0.8
db:SECUNIAid:15861
Trust: 0.8
db:SECUNIAid:15862
Trust: 0.8
db:SECUNIAid:15872
Trust: 0.8
db:SECUNIAid:15883
Trust: 0.8
db:SECUNIAid:15884
Trust: 0.8
db:BIDid:14088
Trust: 0.8
db:SECTRACKid:1014327
Trust: 0.8
db:CERT/CCid:VU#442845
Trust: 0.8
db:JVNDBid:JVNDB-2008-001962
Trust: 0.8
db:CNNVDid:CNNVD-200811-247
Trust: 0.7
db:APPLEid:APPLE-SA-2008-11-13
Trust: 0.6
db:VULHUBid:VHN-34341
Trust: 0.1
db:PACKETSTORMid:38388
Trust: 0.1
sources:
            
            
            CERT/CC: VU#442845 // 
            
            
            
            VULHUB: VHN-34341 // 
            
            
            
            BID: 32291 // 
            
            
            
            JVNDB: JVNDB-2008-001962 // 
            
            
            
            PACKETSTORM: 38388 // 
            
            
            
            CNNVD: CNNVD-200811-247 // 
            
            
            
            NVD: CVE-2008-4216

REFERENCES
url:http://www.securityfocus.com/bid/32291
Trust: 2.5
url:http://support.apple.com/kb/ht3298
Trust: 2.0
url:http://lists.apple.com/archives/security-announce//2008/nov/msg00001.html
Trust: 1.7
url:http://www.securitytracker.com/id?1021227
Trust: 1.1
url:http://secunia.com/advisories/32706
Trust: 1.1
url:http://secunia.com/advisories/15895/
Trust: 0.9
url:http://secunia.com/advisories/15852/
Trust: 0.9
url:http://www.hardened-php.net/advisory-022005.php
Trust: 0.8
url:http://secunia.com/advisories/15861/
Trust: 0.8
url:http://secunia.com/advisories/15862/
Trust: 0.8
url:http://secunia.com/advisories/15884/
Trust: 0.8
url:http://secunia.com/advisories/15883/
Trust: 0.8
url:http://news.postnuke.com/modules.php?op=modload&name=news&file=article&sid=2699
Trust: 0.8
url:http://secunia.com/advisories/15855/
Trust: 0.8
url:http://secunia.com/advisories/15810/
Trust: 0.8
url:http://secunia.com/advisories/15872/
Trust: 0.8
url:http://secunia.com/advisories/15922/
Trust: 0.8
url:http://securitytracker.com/alerts/2005/jun/1014327.html
Trust: 0.8
url:http://www.gulftech.org/?node=research&article_id=00088-07022005
Trust: 0.8
url:http://www.gulftech.org/?node=research&article_id=00087-07012005
Trust: 0.8
url:http://www.securityfocus.com/bid/14088
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-4216
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-4216
Trust: 0.8
url:http://www.apple.com/safari/
Trust: 0.3
url:http://support.apple.com/kb/ht3318
Trust: 0.3
url:http://secunia.com/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/product/3699/
Trust: 0.1
url:http://sourceforge.net/project/showfiles.php?group_id=66479
Trust: 0.1
url:http://secunia.com/secunia_vacancies/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            CERT/CC: VU#442845 // 
            
            
            
            VULHUB: VHN-34341 // 
            
            
            
            BID: 32291 // 
            
            
            
            JVNDB: JVNDB-2008-001962 // 
            
            
            
            PACKETSTORM: 38388 // 
            
            
            
            CNNVD: CNNVD-200811-247 // 
            
            
            
            NVD: CVE-2008-4216

CREDITS
Billy Rios
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200811-247

SOURCES
db:CERT/CCid:VU#442845
db:VULHUBid:VHN-34341
db:BIDid:32291
db:JVNDBid:JVNDB-2008-001962
db:PACKETSTORMid:38388
db:CNNVDid:CNNVD-200811-247
db:NVDid:CVE-2008-4216

LAST UPDATE DATE
2024-09-19T21:26:53.030000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#442845date:2007-03-09T00:00:00
db:VULHUBid:VHN-34341date:2012-10-31T00:00:00
db:BIDid:32291date:2009-06-17T23:39:00
db:JVNDBid:JVNDB-2008-001962date:2008-12-15T00:00:00
db:CNNVDid:CNNVD-200811-247date:2008-11-17T00:00:00
db:NVDid:CVE-2008-4216date:2012-10-31T03:04:05.640

SOURCES RELEASE DATE
db:CERT/CCid:VU#442845date:2005-07-06T00:00:00
db:VULHUBid:VHN-34341date:2008-11-17T00:00:00
db:BIDid:32291date:2008-11-13T00:00:00
db:JVNDBid:JVNDB-2008-001962date:2008-12-15T00:00:00
db:PACKETSTORMid:38388date:2005-07-01T23:31:00
db:CNNVDid:CNNVD-200811-247date:2008-11-17T00:00:00
db:NVDid:CVE-2008-4216date:2008-11-17T18:18:47.890