Sign-up

ID

VAR-200908-0272


CVE

CVE-2009-2194


TITLE

Apple Mac OS Service disruption related to file descriptor sharing (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2009-002005

DESCRIPTION

Apple Mac OS X 10.5 before 10.5.8 does not properly share file descriptors over local sockets, which allows local users to cause a denial of service (system crash) by placing file descriptors in messages sent to a socket that has no receiver, related to a "synchronization issue.". Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2009-003. The update addresses new vulnerabilities that affect the CFNetwork, ColorSync, CoreTypes, Dock, Image RAW, ImageIO, launchd, Login Window, MobileMe, Kernel, and XQuery components of Mac OS X. The advisory also contains security updates for seven previously reported issues. I. II. Impact The impact of these vulnerabilities vary. Potential consequences include arbitrary code execution, sensitive information disclosure, denial of service, or privilege escalation. III. These and other updates are available via Software Update or via Apple Downloads. IV. Please send email to <cert@cert.org> with "TA09-218A Feedback VU#426517" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2009 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History August 06, 2009: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBSnsainIHljM+H4irAQLe2wgAg9ZJq3PGtU+CYHa6+n9Gli9l/NeIXQBb JhKvrXwFYp1uCCs5bVlZ/80Wuq6BJgkv1kojnV6zhqZA7VkPQEhjGofvcUs9MsO8 jXQ6JPdZRd6jWmB4pFHPAD5NOpBV2fJN+JQQuep9xwlap/hITfZfj24+nVFciwXo PdsptiEvpPcfsdan5ScQB+36MC4fRixUAgV+oWHDTgZJEaO1J2/5QiMK7+jWanXH 3jD6FIVdbJQcUmMDGle7RvURSuiX4jFq3D+lweDCtLwX576qx9m6QRbvnxaX8bfU HFcStLJRmi2kFEMiqga83lIyhSB1g1t+rWy5MBH+xml0MSYO7V7z6w== =A6S1 -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. 1) An error in bzip2 can be exploited to terminate an application using the library via a specially crafted archive. For more information: SA29410 2) An error in CFNetwork can be exploited by a malicious website to control the URL displayed in a certificate warning when Safari follows a redirect from a trusted website. 3) An error when processing ColorSync profiles embedded in a specially crafted image can be exploited to cause a heap-based buffer overflow and potentially execute arbitrary code. 4) An error when handling unsafe content types can be exploited to execute a malicious JavaScript payload when a specially crafted file is manually opened. 5) An error when processing four-finger Multi-Touch gestures can be exploited by a person with physical access to a locked system to manage applications or use Expose. NOTE: This vulnerability only affects system having a Multi-Touch trackpad. 6) An error when processing Canon RAW images can be exploited to cause a stack-based buffer overflow and potentially execute arbitrary code. 7) An error in ImageIO when processing OpenEXR images can be exploited to cause a heap-based buffer overflow and potentially execute arbitrary code. 8) Multiple errors in ImageIO when processing OpenEXR images can be exploited to corrupt memory and potentially execute arbitrary code. For more information: SA36030 9) A boundary error in ImageIO when processing EXIF metadata can be exploited to cause a buffer overflow and potentially execute arbitrary code via a specially crafted image. 10) An error in ImageIO when processing PNG images can be exploited to dereference an uninitialised pointer and potentially execute arbitrary code. 11) An error in the "fcntl()" kernel implementation can be exploited to corrupt kernel memory and execute arbitrary code with system privileges via e.g. a specially crafted TIOCGWINSZ "fnctl()" call. 12) An error in launchd when servicing via inetd can be exploited to cause a service hang by opening an overly large number of connections. 13) A format string error in Login Window when handling application names can be exploited to potentially execute arbitrary code. 14) The MobileMe preference pane fails to properly delete all credentials when signing out. This can be exploited to access previously signed in systems from the same local user account. 15) An error in the kernel when processing AppleTalk response packets can be exploited to cause a buffer overflow and potentially execute arbitrary code with system privileges. 17) A boundary error in the PCRE library used by XQuery can be exploited to cause a buffer overflow and potentially execute arbitrary code. of Johns Hopkins University, HiNRG The vendor also credits: 2) Kevin Day of Your.Org and Jason Mueller of Indiana University 4) Brian Mastenbrook, and Clint Ruoho of Laconic Security 6) Chris Ries of Carnegie Mellon University Computing Services 7) Lurene Grenier of Sourcefire VRT, and Chris Ries of Carnegie Mellon University Computing Services 10) Tavis Ormandy of the Google Security Team 13) Alfredo Pesoli of 0xcafebabe.it 15) Ilja van Sprundel from IOActive 16) Bennet Yee of Google Inc. CHANGELOG: 2009-08-06: Added link to "Original Advisory". ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT3757 Chris Evans: http://scary.beasts.org/security/CESA-2009-011.html OTHER REFERENCES: SA28923: http://secunia.com/advisories/28923/ SA29410: http://secunia.com/advisories/29410/ SA36030: http://secunia.com/advisories/36030/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.16

sources: NVD: CVE-2009-2194 // JVNDB: JVNDB-2009-002005 // BID: 35954 // VULHUB: VHN-39640 // PACKETSTORM: 80118 // PACKETSTORM: 80117

AFFECTED PRODUCTS

vendor:applemodel:mac os x serverscope:eqversion:10.5.6

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.5.7

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.5.2

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.5.1

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.5.4

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.5

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.5.5

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.5.0

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.5.7

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.5.3

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.5.3

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.5.6

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.5.5

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.5.4

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.5.2

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.5

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.5.0

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.5.1

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:v10.5 to v10.5.7

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.5 to v10.5.7

Trust: 0.8

vendor:applemodel:safari for windowsscope:eqversion:4.0.5

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.0.5

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:4.0.4

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.0.4

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:4.0.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.0.3

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:4.0.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.0.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.0.1

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.7

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.6

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.5

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.11

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.10

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.9

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.8

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.7

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.6

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.5

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.7

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.11

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.10

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.9

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.8

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.7

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:3.1.3

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:3.1.2

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:3.1.1

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:2.2.1

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:2.0.2

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:2.0.1

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:3.0

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:2.2

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:2.1

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:2.0

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:3.1.3

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:3.1.2

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:3.0.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:2.2.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:2.0.2

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:2.0.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:3.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:3.0

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:2.2

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:2.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:2.0

Trust: 0.3

vendor:applemodel:safari for windowsscope:neversion:5.0

Trust: 0.3

vendor:applemodel:safariscope:neversion:5.0

Trust: 0.3

vendor:applemodel:safariscope:neversion:4.1

Trust: 0.3

vendor:applemodel:mac os serverscope:neversion:x10.5.8

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.5.8

Trust: 0.3

vendor:applemodel:iosscope:neversion:4

Trust: 0.3

sources: BID: 35954 // JVNDB: JVNDB-2009-002005 // CNNVD: CNNVD-200908-529 // NVD: CVE-2009-2194

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2009-2194
value: MEDIUM

Trust: 1.0

NVD: CVE-2009-2194
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200908-529
value: MEDIUM

Trust: 0.6

VULHUB: VHN-39640
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2009-2194
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-39640
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-39640 // JVNDB: JVNDB-2009-002005 // CNNVD: CNNVD-200908-529 // NVD: CVE-2009-2194

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-Other

Trust: 0.8

sources: JVNDB: JVNDB-2009-002005 // NVD: CVE-2009-2194

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-200908-529

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200908-529

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2009-002005

PATCH
title:HT3757url:http://support.apple.com/kb/HT3757
Trust: 0.8
title:HT3757url:http://support.apple.com/kb/HT3757?viewlocale=ja_JP
Trust: 0.8
title:TA09-218Aurl:http://software.fujitsu.com/jp/security/vulnerabilities/ta09-218a.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2009-002005

EXTERNAL IDS
db:BIDid:35954
Trust: 2.8
db:NVDid:CVE-2009-2194
Trust: 2.8
db:USCERTid:TA09-218A
Trust: 2.6
db:SECUNIAid:36096
Trust: 2.6
db:VUPENid:ADV-2009-2172
Trust: 2.5
db:SECTRACKid:1022672
Trust: 2.5
db:OSVDBid:56836
Trust: 2.5
db:XFid:52439
Trust: 1.4
db:USCERTid:SA09-218A
Trust: 0.8
db:JVNDBid:JVNDB-2009-002005
Trust: 0.8
db:CNNVDid:CNNVD-200908-529
Trust: 0.7
db:APPLEid:APPLE-SA-2009-08-05-1
Trust: 0.6
db:VULHUBid:VHN-39640
Trust: 0.1
db:PACKETSTORMid:80118
Trust: 0.1
db:PACKETSTORMid:80117
Trust: 0.1
sources:
            
            
            VULHUB: VHN-39640 // 
            
            
            
            BID: 35954 // 
            
            
            
            JVNDB: JVNDB-2009-002005 // 
            
            
            
            PACKETSTORM: 80118 // 
            
            
            
            PACKETSTORM: 80117 // 
            
            
            
            CNNVD: CNNVD-200908-529 // 
            
            
            
            NVD: CVE-2009-2194

REFERENCES
url:http://www.securityfocus.com/bid/35954
Trust: 2.5
url:http://www.us-cert.gov/cas/techalerts/ta09-218a.html
Trust: 2.5
url:http://osvdb.org/56836
Trust: 2.5
url:http://www.securitytracker.com/id?1022672
Trust: 2.5
url:http://secunia.com/advisories/36096
Trust: 2.5
url:http://www.vupen.com/english/advisories/2009/2172
Trust: 2.5
url:http://support.apple.com/kb/ht3757
Trust: 1.8
url:http://lists.apple.com/archives/security-announce/2009/aug/msg00001.html
Trust: 1.7
url:http://xforce.iss.net/xforce/xfdb/52439
Trust: 1.4
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/52439
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2194
Trust: 0.8
url:https://jvn.jp/cert/jvnta09-218a/index.html
Trust: 0.8
url:http://jvn.jp/tr/jvntr-2009-20
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-2194
Trust: 0.8
url:http://www.us-cert.gov/cas/alerts/sa09-218a.html
Trust: 0.8
url:http://www.apple.com/macosx/
Trust: 0.3
url:https://support.apple.com/kb/ht1338?viewlocale=en_us>
Trust: 0.1
url:http://support.apple.com/kb/ht3757>
Trust: 0.1
url:http://www.us-cert.gov/legal.html>
Trust: 0.1
url:http://support.apple.com/downloads/>
Trust: 0.1
url:http://www.us-cert.gov/cas/signup.html>.
Trust: 0.1
url:http://www.us-cert.gov/cas/techalerts/ta09-218a.html>
Trust: 0.1
url:http://secunia.com/advisories/36030/
Trust: 0.1
url:http://support.apple.com/downloads/dl868/en_us/macosxserverupdcombo10.5.8.dmg
Trust: 0.1
url:http://secunia.com/advisories/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/advisories/29410/
Trust: 0.1
url:http://secunia.com/advisories/about_secunia_advisories/
Trust: 0.1
url:http://secunia.com/advisories/36096/
Trust: 0.1
url:http://secunia.com/advisories/business_solutions/
Trust: 0.1
url:http://support.apple.com/downloads/dl869/en_us/secupdsrvr2009-003univ.dmg
Trust: 0.1
url:http://support.apple.com/downloads/dl870/en_us/secupdsrvr2009-003ppc.dmg
Trust: 0.1
url:http://support.apple.com/downloads/dl872/en_us/secupd2009-003intel.dmg
Trust: 0.1
url:http://support.apple.com/downloads/dl867/en_us/macosxserverupd10.5.8.dmg
Trust: 0.1
url:http://support.apple.com/downloads/dl866/en_us/macosxupdcombo10.5.8.dmg
Trust: 0.1
url:http://support.apple.com/downloads/dl865/en_us/macosxupd10.5.8.dmg
Trust: 0.1
url:http://scary.beasts.org/security/cesa-2009-011.html
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://support.apple.com/downloads/dl871/en_us/secupd2009-003ppc.dmg
Trust: 0.1
url:http://secunia.com/advisories/28923/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-39640 // 
            
            
            
            BID: 35954 // 
            
            
            
            JVNDB: JVNDB-2009-002005 // 
            
            
            
            PACKETSTORM: 80118 // 
            
            
            
            PACKETSTORM: 80117 // 
            
            
            
            CNNVD: CNNVD-200908-529 // 
            
            
            
            NVD: CVE-2009-2194

CREDITS
Ilja van
Chris Evans※ chris@ferret.lmh.ox.ac.uk
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200908-529

SOURCES
db:VULHUBid:VHN-39640
db:BIDid:35954
db:JVNDBid:JVNDB-2009-002005
db:PACKETSTORMid:80118
db:PACKETSTORMid:80117
db:CNNVDid:CNNVD-200908-529
db:NVDid:CVE-2009-2194

LAST UPDATE DATE
2024-11-23T20:20:22.817000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-39640date:2017-08-17T00:00:00
db:BIDid:35954date:2010-06-21T22:28:00
db:JVNDBid:JVNDB-2009-002005date:2009-09-15T00:00:00
db:CNNVDid:CNNVD-200908-529date:2009-08-19T00:00:00
db:NVDid:CVE-2009-2194date:2024-11-21T01:04:20.483

SOURCES RELEASE DATE
db:VULHUBid:VHN-39640date:2009-08-06T00:00:00
db:BIDid:35954date:2009-08-05T00:00:00
db:JVNDBid:JVNDB-2009-002005date:2009-09-15T00:00:00
db:PACKETSTORMid:80118date:2009-08-07T15:36:13
db:PACKETSTORMid:80117date:2009-08-07T07:36:28
db:CNNVDid:CNNVD-200908-529date:2009-08-06T00:00:00
db:NVDid:CVE-2009-2194date:2009-08-06T16:30:00.483