Sign-up

ID

VAR-201110-0440


CVE

CVE-2011-3217


TITLE

Apple Mac OS X of MediaKit Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2011-002483

DESCRIPTION

MediaKit in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted disk image. Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2011-006. The update addresses new vulnerabilities that affect Application Firewall, ATS, CFNetwork, CoreMedia, CoreProcesses, CoreStorage, File Systems, IOGraphics, Kernel, MediaKit, Open Directory, QuickTime, SMB File Server, User Documentation, and libsecurity. These issues affect OS X prior to 10.7.2. Successful exploits may allow attackers to execute arbitrary code in the context of the currently logged-in user; failed exploit attempts will cause denial-of-service conditions. Apple has released updates to address these vulnerabilities. I. Apple has released updates to address these vulnerabilities. II. III. This advisory describes any known issues related to the updates and the specific impacts for each vulnerability. Administrators are encouraged to note these issues and impacts and test for any potentially adverse effects before wide-scale deployment. IV. Please send email to <cert@cert.org> with "TA11-286A Feedback VU#421739" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2011 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History October 13, 2011: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBTpb8zj/GkGVXE7GMAQI21Af/SHWzIangqPW9vtuG/MQWSBMy9nG4wIZS DUEAWBEMPTKF3fLrIy6TVpRLN3q/q4dCYXzM4lec4IzKvEbV/bUyg15xEfYdxB0v s/vARGNwf7tjSbjo+PaHLuSZ1HLn/GLO3CXaf+ut/Kb8y9Fsir5klMgrCX/N0JkY dLoV9R6zGs1aQzmF9ULB1IQ2/lUkg6CGnyARh0prfhRFwKfu7NZXb8yz5ex68q6V NF6j9l+XK0Cl4K7R+0ESD4e47jLCg6iN175O8VzrlxiRvBRAyTaFycdMB4uSkmii xu8SqU2QFhsIJy8J+i1Bb6kuWkaxAnUbxO4tRrmXoqTXl9m0CtpnWA== =3Wp2 -----END PGP SIGNATURE-----

Trust: 2.34

sources: NVD: CVE-2011-3217 // JVNDB: JVNDB-2011-002483 // BID: 50085 // BID: 50117 // VULHUB: VHN-51162 // PACKETSTORM: 105790

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:eqversion:10.0.4

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.1

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.0.0

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.1.0

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.0.1

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.1.1

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.1.2

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.0

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.0.3

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.0.2

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.4.7

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.6.5

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.6.1

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.3.2

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.0.2

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.4.3

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.2.2

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.1.2

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.4.4

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.5.2

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.3

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.4.9

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.5.0

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.1.4

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.4

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.0.4

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.6.3

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.3.8

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.2.0

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.3.5

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.3.7

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.4.11

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.3.1

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.4.6

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.1.5

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.3.9

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.5

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.2.3

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.4.2

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.6.6

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.3.3

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.5.1

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.4.7

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.4.5

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.6.1

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.6.5

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.5.4

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.5.3

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.4.3

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.2.4

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.6.0

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.3

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.2.3

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.4.9

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.5.8

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.6.3

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.5.0

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.2.8

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.3.8

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.4.8

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.4.1

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.2.5

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.3.5

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.5.5

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.4.10

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.3.7

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.1.0

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.3.4

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.1.5

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.3.9

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.4.6

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.4.5

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.1.3

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.2

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.5.3

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.5.6

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.5.4

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.2.4

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.6.7

Trust: 1.0

vendor:applemodel:mac os x serverscope:lteversion:10.6.8

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.6.0

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.3.6

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.5.8

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.2.6

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.4.0

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.2.1

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.0.3

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.2.8

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.4.8

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.2.5

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.4.1

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.5.5

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.4.10

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.6.4

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.3.4

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.6.2

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.1.1

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.2.7

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.5.7

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.0

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.3.0

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.0.0

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.1.3

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.2

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.5.6

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.6.7

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.3.2

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.3.6

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.0.1

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.2.6

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.2.1

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.4.0

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.2.2

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.4.4

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.5.2

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.1.4

Trust: 1.0

vendor:applemodel:mac os xscope:lteversion:10.6.8

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.6.4

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.4

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.2.0

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.6.2

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.2.7

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.1

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.5.7

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.4.11

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.3.1

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.3.0

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.5

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.6.6

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.4.2

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.3.3

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.5.1

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:v10.6.8

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.6.8

Trust: 0.8

vendor:applemodel:mac osscope:eqversion:x10.6

Trust: 0.6

vendor:applemodel:mac os serverscope:eqversion:x10.6

Trust: 0.6

vendor:applemodel:mac osscope:eqversion:x10.6.1

Trust: 0.6

vendor:applemodel:mac os serverscope:eqversion:x10.6.6

Trust: 0.6

vendor:applemodel:mac os serverscope:eqversion:x10.6.1

Trust: 0.6

vendor:applemodel:mac os serverscope:eqversion:x10.6.8

Trust: 0.6

vendor:applemodel:mac osscope:neversion:x10.7.2

Trust: 0.6

vendor:applemodel:mac osscope:eqversion:x10.6.2

Trust: 0.6

vendor:applemodel:mac os serverscope:neversion:x10.7.2

Trust: 0.6

vendor:applemodel:mac os serverscope:eqversion:x10.6.2

Trust: 0.6

vendor:applemodel:mac os serverscope:eqversion:x10.6.7

Trust: 0.6

vendor:applemodel:mac osscope:eqversion:x10.6.5

Trust: 0.6

vendor:applemodel:mac osscope:eqversion:x10.6.4

Trust: 0.6

vendor:applemodel:mac osscope:eqversion:x10.6.3

Trust: 0.6

vendor:applemodel:mac os serverscope:eqversion:x10.6.5

Trust: 0.6

vendor:applemodel:mac os serverscope:eqversion:x10.6.4

Trust: 0.6

vendor:applemodel:mac os serverscope:eqversion:x10.6.3

Trust: 0.6

vendor:applemodel:mac os serverscope:eqversion:x10.7.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.7

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.8

Trust: 0.3

sources: BID: 50085 // BID: 50117 // JVNDB: JVNDB-2011-002483 // CNNVD: CNNVD-201110-313 // NVD: CVE-2011-3217

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2011-3217
value: MEDIUM

Trust: 1.0

NVD: CVE-2011-3217
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201110-313
value: MEDIUM

Trust: 0.6

VULHUB: VHN-51162
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2011-3217
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-51162
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-51162 // JVNDB: JVNDB-2011-002483 // CNNVD: CNNVD-201110-313 // NVD: CVE-2011-3217

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-51162 // JVNDB: JVNDB-2011-002483 // NVD: CVE-2011-3217

THREAT TYPE

network

Trust: 0.6

sources: BID: 50085 // BID: 50117

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201110-313

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2011-002483

PATCH
title:HT5002url:http://support.apple.com/kb/HT5002
Trust: 0.8
title:MacOSXUpd10.7.2url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=40902
Trust: 0.6
title:MacOSXServerUpd10.7.2url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=40901
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2011-002483 // 
            
            
            
            CNNVD: CNNVD-201110-313

EXTERNAL IDS
db:NVDid:CVE-2011-3217
Trust: 3.1
db:BIDid:50085
Trust: 1.4
db:USCERTid:TA11-286A
Trust: 0.9
db:JVNDBid:JVNDB-2011-002483
Trust: 0.8
db:CNNVDid:CNNVD-201110-313
Trust: 0.7
db:SECUNIAid:46417
Trust: 0.6
db:APPLEid:APPLE-SA-2011-10-12-3
Trust: 0.6
db:BIDid:50117
Trust: 0.4
db:VULHUBid:VHN-51162
Trust: 0.1
db:PACKETSTORMid:105790
Trust: 0.1
sources:
            
            
            VULHUB: VHN-51162 // 
            
            
            
            BID: 50085 // 
            
            
            
            BID: 50117 // 
            
            
            
            JVNDB: JVNDB-2011-002483 // 
            
            
            
            PACKETSTORM: 105790 // 
            
            
            
            CNNVD: CNNVD-201110-313 // 
            
            
            
            NVD: CVE-2011-3217

REFERENCES
url:http://lists.apple.com/archives/security-announce/2011//oct/msg00003.html
Trust: 1.7
url:http://support.apple.com/kb/ht5002
Trust: 1.7
url:http://www.securityfocus.com/bid/50085
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3217
Trust: 0.8
url:http://jvn.jp/cert/jvnvu971123
Trust: 0.8
url:https://jvn.jp/cert/jvnta11-286a
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3217
Trust: 0.8
url:http://www.us-cert.gov/cas/techalerts/ta11-286a.html
Trust: 0.8
url:http://www.apple.com/macosx/
Trust: 0.6
url:http://secunia.com/advisories/46417
Trust: 0.6
url:http://www.us-cert.gov/cas/techalerts/ta11-286a.html>
Trust: 0.1
url:http://support.apple.com/kb/ht1338>
Trust: 0.1
url:http://support.apple.com/kb/ht5002>
Trust: 0.1
url:http://www.us-cert.gov/cas/signup.html>.
Trust: 0.1
url:http://www.us-cert.gov/legal.html>
Trust: 0.1
sources:
            
            
            VULHUB: VHN-51162 // 
            
            
            
            BID: 50085 // 
            
            
            
            BID: 50117 // 
            
            
            
            JVNDB: JVNDB-2011-002483 // 
            
            
            
            PACKETSTORM: 105790 // 
            
            
            
            CNNVD: CNNVD-201110-313 // 
            
            
            
            NVD: CVE-2011-3217

CREDITS
Anonymous, Apple, Will Dormann of the CERT/CC, Steven Michaud of Mozilla, Martin Tessarek, Steve Riggins of Geeks R Us, Justin C. Walker, Stephen Creswell, Erling Ellingsen of Facebook, Clint Tseng of the University of Washington, Michael
Kobb, Adam Kemp,
Trust: 0.3
sources:
            
            
            BID: 50085

SOURCES
db:VULHUBid:VHN-51162
db:BIDid:50085
db:BIDid:50117
db:JVNDBid:JVNDB-2011-002483
db:PACKETSTORMid:105790
db:CNNVDid:CNNVD-201110-313
db:NVDid:CVE-2011-3217

LAST UPDATE DATE
2024-11-23T20:09:02.477000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-51162date:2012-01-14T00:00:00
db:BIDid:50085date:2011-10-12T00:00:00
db:BIDid:50117date:2015-03-19T09:28:00
db:JVNDBid:JVNDB-2011-002483date:2011-10-25T00:00:00
db:CNNVDid:CNNVD-201110-313date:2011-10-17T00:00:00
db:NVDid:CVE-2011-3217date:2024-11-21T01:30:00.233

SOURCES RELEASE DATE
db:VULHUBid:VHN-51162date:2011-10-14T00:00:00
db:BIDid:50085date:2011-10-12T00:00:00
db:BIDid:50117date:2011-10-12T00:00:00
db:JVNDBid:JVNDB-2011-002483date:2011-10-25T00:00:00
db:PACKETSTORMid:105790date:2011-10-14T05:50:20
db:CNNVDid:CNNVD-201110-313date:2011-10-17T00:00:00
db:NVDid:CVE-2011-3217date:2011-10-14T10:55:08.667