ID CVE-2008-0054Type cveReporter cve@mitre.orgModified 2017-08-08T01:29:00
Description
Foundation in Apple Mac OS X 10.4.11 might allow context-dependent attackers to execute arbitrary code via a malformed selector name to the NSSelectorFromString API, which causes an "unexpected selector" to be used.
{"id": "CVE-2008-0054", "bulletinFamily": "NVD", "title": "CVE-2008-0054", "description": "Foundation in Apple Mac OS X 10.4.11 might allow context-dependent attackers to execute arbitrary code via a malformed selector name to the NSSelectorFromString API, which causes an \"unexpected selector\" to be used.", "published": "2008-03-18T23:44:00", "modified": "2017-08-08T01:29:00", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-0054", "reporter": "cve@mitre.org", "references": ["http://secunia.com/advisories/29420", "http://www.securityfocus.com/bid/28341", "http://docs.info.apple.com/article.html?artnum=307562", "https://exchange.xforce.ibmcloud.com/vulnerabilities/41355", "http://www.securityfocus.com/bid/28304", "http://www.vupen.com/english/advisories/2008/0924/references", "http://www.us-cert.gov/cas/techalerts/TA08-079A.html", "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html", "http://www.securitytracker.com/id?1019649"], "cvelist": ["CVE-2008-0054"], "type": "cve", "lastseen": "2019-05-29T18:09:24", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "6998670095aeaa24bf9e8372f5f60272"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "1aa9b0e33fc9edbd31d6b78863cf7767"}, {"key": "cpe23", "hash": "356a60ef80cb97085359f83eeae091b1"}, {"key": "cvelist", "hash": "7317ae9bcc72e4821b2ca0cbadefe694"}, {"key": "cvss", "hash": "2004c9f19f804139a2bd4b20151bd451"}, {"key": "cvss2", "hash": "1dc2f667d36e0cf0a1d1984879d6264c"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cwe", "hash": "226da5129ffaaee3d5b48e506b957d58"}, {"key": "description", "hash": "01d4875734b2e367cd9b0507d814516c"}, {"key": "href", "hash": "a9c51046cded2a10d7b838c1f56103d8"}, {"key": "modified", "hash": "8e72f3e50e5a936484a06c856be9ef13"}, {"key": "published", "hash": "ad72054e04303ebd40349999d90a1a68"}, {"key": "references", "hash": "1bfe843ceea2921282bbfeb28195e7f4"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "c005f435ead618e9a0908181a39a001b"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "79d358e98514d50904ec3a1f1f2fb6072d9d4ef1c0d81133b082a75a399ae459", "viewCount": 0, "enchantments": {"score": {"value": 6.8, "vector": "NONE", "modified": "2019-05-29T18:09:24"}, "dependencies": {"references": [{"type": "seebug", "idList": ["SSV:3063"]}, {"type": "nessus", "idList": ["MACOSX_SECUPD2008-002.NASL"]}], "modified": "2019-05-29T18:09:24"}, "vulnersScore": 6.8}, "objectVersion": "1.3", "cpe": ["cpe:/a:apple:mac_os_x_server:10.4.11", "cpe:/o:apple:mac_os_x:10.4.11", "cpe:/a:apple:mac_os_x:10.4.11", "cpe:/o:apple:mac_os_x_server:10.4.11"], "affectedSoftware": [{"name": "apple mac_os_x", "operator": "eq", "version": "10.4.11"}, {"name": "apple mac_os_x_server", "operator": "eq", "version": "10.4.11"}], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.4, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cpe23": ["cpe:2.3:o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*"], "cwe": ["CWE-20"]}
{"seebug": [{"lastseen": "2017-11-19T21:45:09", "bulletinFamily": "exploit", "description": "BUGTRAQ ID: 28304\r\nCVE(CAN) ID: CVE-2008-0044,CVE-2008-0045,CVE-2008-0048,CVE-2008-0049,CVE-2008-0057,CVE-2008-0997,CVE-2008-0046,CVE-2008-0051,CVE-2008-0052,CVE-2008-0053,CVE-2008-0054,CVE-2008-0055,CVE-2008-0056,CVE-2008-0058,CVE-2008-0059,CVE-2008-0060,CVE-2008-0987,CVE-2008-0988,CVE-2008-0989,CVE-2008-0990,CVE-2008-0992,CVE-2008-0993,CVE-2008-0994,CVE-2008-0995,CVE-2008-0996,CVE-2008-0998,CVE-2008-0999\r\n\r\nMac OS X\u662f\u82f9\u679c\u5bb6\u65cf\u673a\u5668\u6240\u4f7f\u7528\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nApple 2008-002\u5b89\u5168\u66f4\u65b0\u4fee\u590d\u4e86Mac OS X\u4e2d\u7684\u591a\u4e2a\u5b89\u5168\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u6216\u672c\u5730\u653b\u51fb\u8005\u53ef\u80fd\u5229\u7528\u8fd9\u4e9b\u6f0f\u6d1e\u9020\u6210\u591a\u79cd\u5a01\u80c1\u3002\r\n\r\nCVE-2008-0044\r\n\r\nAFP\u5ba2\u6237\u7aef\u5904\u7406afp:// URL\u65f6\u5b58\u5728\u6808\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u5982\u679c\u7528\u6237\u53d7\u9a97\u8fde\u63a5\u5230\u4e86\u6076\u610f\u7684AFP\u670d\u52a1\u5668\uff0c\u653b\u51fb\u8005\u5c31\u53ef\u80fd\u5bfc\u81f4\u5e94\u7528\u7a0b\u5e8f\u610f\u5916\u7ec8\u6b62\u6216\u6267\u884c\u4efb\u610f\u6307\u4ee4\u3002 \r\n\r\nCVE-2008-0045\r\n\r\nAFP\u670d\u52a1\u5668\u68c0\u67e5Kerberos\u4e3b\u57df\u540d\u7684\u65b9\u5f0f\u5b58\u5728\u9519\u8bef\uff0c\u5982\u679c\u5bf9AFP\u670d\u52a1\u5668\u4f7f\u7528\u4e86\u8de8\u57df\u8ba4\u8bc1\u7684\u8bdd\uff0c\u5c31\u53ef\u80fd\u5141\u8bb8\u975e\u6388\u6743\u8fde\u63a5\u5230\u670d\u52a1\u5668\u3002 \r\n\r\nCVE-2008-0048\r\n\r\nNSDocument API\u5904\u7406\u6587\u4ef6\u540d\u7684\u65b9\u5f0f\u5b58\u5728\u6808\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u4f46\u5728\u5927\u591a\u6570\u6587\u4ef6\u7cfb\u7edf\u4e0a\u8fd9\u4e2a\u6f0f\u6d1e\u4e0d\u53ef\u7528\u3002 \r\n\r\nCVE-2008-0049\r\n\r\nNSApplication\u4e2d\u7528\u4e8e\u7ebf\u7a0b\u95f4\u540c\u6b65\u7684mach\u7aef\u53e3\u65e0\u610f\u4e2d\u63d0\u4f9b\u7ed9\u4e86\u8fdb\u7a0b\u95f4\u901a\u8baf\uff0c\u5982\u679c\u5411\u540c\u4e00bootstrap\u540d\u79f0\u7a7a\u95f4\u7684\u7279\u6743\u5e94\u7528\u53d1\u9001\u4e86\u7279\u5236\u6d88\u606f\u7684\u8bdd\uff0c\u672c\u5730\u7528\u6237\u5c31\u53ef\u4ee5\u5bfc\u81f4\u4ee5\u76ee\u6807\u5e94\u7528\u7684\u6743\u9650\u6267\u884c\u4efb\u610f\u6307\u4ee4\u3002 \r\n\r\nCVE-2008-0057\r\n\r\n\u8001\u5f0f\u5e8f\u5217\u53f7\u683c\u5f0f\u7684\u89e3\u6790\u5668\u4e2d\u5b58\u5728\u591a\u4e2a\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u5982\u679c\u89e3\u6790\u4e86\u7279\u5236\u7684\u5e8f\u5217\u5316\u5c5e\u6027\u5217\u8868\u7684\u8bdd\uff0c\u5c31\u53ef\u4ee5\u89e6\u53d1\u5806\u6ea2\u51fa\uff0c\u5bfc\u81f4\u6267\u884c\u4efb\u610f\u6307\u4ee4\u3002\r\n\r\nCVE-2008-0997\r\n\r\nAppKit\u5904\u7406PPD\u6587\u4ef6\u7684\u65b9\u5f0f\u5b58\u5728\u6808\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u5982\u679c\u7528\u6237\u53d7\u9a97\u67e5\u8be2\u4e86\u7f51\u7edc\u6253\u5370\u673a\u7684\u8bdd\uff0c\u5c31\u4f1a\u5bfc\u81f4\u5e94\u7528\u7a0b\u5e8f\u610f\u5916\u7ec8\u6b62\u6216\u6267\u884c\u4efb\u610f\u6307\u4ee4\u3002\r\n\r\nCVE-2008-0046\r\n\r\n\u5728\u5fb7\u8bed\u7248\u7684\u5e94\u7528\u9632\u706b\u5899\u504f\u597d\u680f\u4e2d\u7684\u201c\u4e3a\u7279\u5b9a\u670d\u52a1\u548c\u5e94\u7528\u8bbe\u7f6e\u8bbf\u95ee\u201d\u952e\u88ab\u7ffb\u8bd1\u6210\u4e86Zugriff auf bestimmte Dienste und Programme festlegen\uff0c\u610f\u601d\u662f\u201c\u8bbe\u7f6e\u5230\u7279\u5b9a\u670d\u52a1\u548c\u5e94\u7528\u7684\u8bbf\u95ee\u201d\uff0c\u8fd9\u53ef\u80fd\u8bef\u5bfc\u7528\u6237\u8ba4\u4e3a\u4ec5\u6709\u5217\u51fa\u7684\u670d\u52a1\u624d\u5141\u8bb8\u63a5\u53d7\u5165\u7ad9\u8fde\u63a5\u3002 \r\n\r\nCVE-2008-0051\r\n\r\nCoreFoundation\u5904\u7406\u65f6\u533a\u6570\u636e\u7684\u65b9\u5f0f\u5b58\u5728\u6574\u6570\u6ea2\u51fa\uff0c\u5141\u8bb8\u672c\u5730\u7528\u6237\u4ee5\u7cfb\u7edf\u6743\u9650\u6267\u884c\u4efb\u610f\u6307\u4ee4\u3002\r\n\r\nCVE-2008-0052\r\n\r\n\u5982\u679cSafari\u542f\u7528\u4e86\u201c\u6253\u5f00\u5b89\u5168\u6587\u4ef6\u201d\u9009\u9879\u7684\u8bdd\uff0c\u5c31\u53ef\u80fd\u5728AppleWorks\u4e2d\u81ea\u52a8\u6253\u5f00\u540d\u79f0\u4ee5.ief\u7ed3\u5c3e\u7684\u6587\u4ef6\uff0c\u8fd9\u53ef\u80fd\u5bfc\u81f4\u7834\u574f\u5b89\u5168\u7b56\u7565\u3002\r\n\r\nCVE-2008-0053\r\n\r\nCUPS\u4e2d\u7684\u591a\u4e2a\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u53ef\u80fd\u5bfc\u81f4\u4ee5\u7cfb\u7edf\u6743\u9650\u6267\u884c\u4efb\u610f\u6307\u4ee4\u3002 \r\n\r\nCVE-2008-0054\r\n\r\nNSSelectorFromString API\u4e2d\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\uff0c\u5982\u679c\u5bf9\u5176\u4f20\u9001\u4e86\u7578\u5f62\u7684selector\u540d\u79f0\u5c31\u53ef\u80fd\u8fd4\u56de\u975e\u9884\u671f\u7684selector\uff0c\u5bfc\u81f4\u5e94\u7528\u7a0b\u5e8f\u610f\u5916\u7ec8\u6b62\u6216\u6267\u884c\u4efb\u610f\u6307\u4ee4\u3002\r\n\r\nCVE-2008-0055\r\n\r\n\u5728\u6267\u884c\u9012\u5f52\u6587\u4ef6\u62f7\u8d1d\u64cd\u4f5c\u65f6\uff0cNSFileManager\u521b\u5efa\u4e86\u5b8c\u5168\u53ef\u5199\u7684\u76ee\u5f55\uff0c\u4e4b\u540e\u624d\u9650\u5236\u4e86\u6743\u9650\uff0c\u8fd9\u5c31\u9020\u6210\u4e86\u672c\u5730\u7528\u6237\u53ef\u4ee5\u63a7\u5236\u76ee\u5f55\u5e76\u5e72\u9884\u4e4b\u540e\u64cd\u4f5c\u7684\u7ade\u4e89\u6761\u4ef6\uff0c\u5bfc\u81f4\u5c06\u6743\u9650\u63d0\u5347\u5230\u4f7f\u7528API\u5e94\u7528\u7a0b\u5e8f\u7684\u6743\u9650\u3002\r\n\r\nCVE-2008-0056\r\n\r\n\u975e\u9884\u671f\u7ed3\u6784\u7684\u8d85\u957f\u8def\u5f84\u540d\u4f1a\u5728NSFileManager\u4e2d\u89e6\u53d1\u6808\u6ea2\u51fa\uff0c\u5982\u679c\u4f7f\u7528NSFileManager\u63d0\u4f9b\u4e86\u7279\u5236\u7684\u7a0b\u5e8f\u8def\u5f84\u5c31\u53ef\u80fd\u5bfc\u81f4\u6267\u884c\u4efb\u610f\u6307\u4ee4\u3002\r\n\r\nCVE-2008-0058\r\n\r\nNSURLConnection\u7684\u7f13\u5b58\u7ba1\u7406\u4e2d\u5b58\u5728\u7ebf\u7a0b\u7ade\u4e89\u6761\u4ef6\uff0c\u5bfc\u81f4\u5df2\u6e05\u9664\u7684\u5bf9\u8c61\u63a5\u6536\u6d88\u606f\u3002\u6210\u529f\u5229\u7528\u8fd9\u4e2a\u6f0f\u6d1e\u53ef\u80fd\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u6216\u4ee5Safari\u6216\u5176\u4ed6\u4f7f\u7528NSURLConnection\u7a0b\u5e8f\u7684\u6743\u9650\u6267\u884c\u4efb\u610f\u6307\u4ee4\u3002 \r\n\r\nCVE-2008-0059\r\n\r\nNSXML\u4e2d\u5b58\u5728\u7ade\u4e89\u6761\u4ef6\u3002\u5982\u679c\u8bf1\u9a97\u7528\u6237\u5728\u4f7f\u7528NSXML\u7684\u5e94\u7528\u7a0b\u5e8f\u4e2d\u5904\u7406\u4e86XML\u6587\u4ef6\u7684\u8bdd\uff0c\u5c31\u53ef\u80fd\u5bfc\u81f4\u5e94\u7528\u7a0b\u5e8f\u610f\u5916\u7ec8\u6b62\u6216\u6267\u884c\u4efb\u610f\u6307\u4ee4\u3002\r\n\r\nCVE-2008-0060\r\n\r\n\u6076\u610f\u7684help:topic_list URL\u53ef\u80fd\u5411\u751f\u6210\u7684\u4e3b\u9898\u5217\u8868\u9875\u9762\u4e2d\u6ce8\u5165\u4efb\u610fHTML\u6216JavaScript\uff0c\u91cd\u65b0\u5b9a\u5411\u5230\u8fd0\u884cApplescript\u7684Help Viewer help:runscript\u94fe\u63a5\u3002\r\n\r\nCVE-2008-0987\r\n\r\nAdobe Digital Negative\uff08DNG\uff09\u56fe\u5f62\u6587\u4ef6\u5904\u7406\u4e2d\u5b58\u5728\u6808\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u5982\u679c\u7528\u6237\u53d7\u9a97\u6253\u5f00\u4e86\u6076\u610f\u7684\u56fe\u5f62\u6587\u4ef6\u7684\u8bdd\uff0c\u5c31\u53ef\u80fd\u5bfc\u81f4\u5e94\u7528\u7a0b\u5e8f\u610f\u5916\u7ec8\u6b62\u6216\u6267\u884c\u4efb\u610f\u6307\u4ee4\u3002\r\n\r\nCVE-2008-0988\r\n\r\nLibsystem\u7684strnstr(3)\u5b9e\u73b0\u4e2d\u5b58\u5728\u5355\u5b57\u8282\u9519\u8bef\uff0c\u4f7f\u7528strnstr API\u7684\u5e94\u7528\u7a0b\u5e8f\u53ef\u4ee5\u4ece\u7528\u6237\u6307\u5b9a\u7684\u9650\u5236\u8303\u56f4\u5916\u8bfb\u53d6\u4e00\u4e2a\u5b57\u8282\uff0c\u5bfc\u81f4\u5e94\u7528\u7a0b\u5e8f\u610f\u5916\u7ec8\u6b62\u3002\r\n\r\nCVE-2008-0989\r\n\r\nmDNSResponderHelper\u4e2d\u5b58\u5728\u683c\u5f0f\u4e32\u6f0f\u6d1e\uff0c\u5982\u679c\u5c06\u672c\u5730\u4e3b\u673a\u540d\u8bbe\u7f6e\u4e3a\u6076\u610f\u5b57\u7b26\u4e32\u7684\u8bdd\uff0c\u672c\u5730\u7528\u6237\u5c31\u53ef\u4ee5\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u6216\u4ee5DNSResponderHelper\u7684\u6743\u9650\u6267\u884c\u4efb\u610f\u6307\u4ee4\u3002 \r\n\r\nCVE-2008-0990\r\n\r\nnotifyd\u6ca1\u6709\u786e\u8ba4\u901a\u77e5\u6765\u81ea\u5185\u6838\u4fbf\u63a5\u53d7\u4e86Mach\u7aef\u53e3\u6b7b\u4ea1\u901a\u77e5\uff0c\u5982\u679c\u672c\u5730\u7528\u6237\u5411notifyd\u53d1\u9001\u4e86\u4f2a\u9020\u7684\u901a\u77e5\u7684\u8bdd\uff0c\u4f7f\u7528notify(3) API\u6ce8\u518c\u901a\u77e5\u7684\u5e94\u7528\u7a0b\u5e8f\u53ef\u80fd\u4e0d\u518d\u63a5\u53d7\u901a\u77e5\u3002 \r\n\r\nCVE-2008-0992\r\n\r\npax\u547d\u4ee4\u884c\u5de5\u5177\u6ca1\u6709\u68c0\u67e5\u8f93\u5165\u4e2d\u7684\u957f\u5ea6\u4fbf\u7528\u4f5c\u4e86\u6570\u7ec4\u7d22\u5f15\uff0c\u8fd9\u53ef\u80fd\u5bfc\u81f4\u5e94\u7528\u7a0b\u5e8f\u610f\u5916\u7ec8\u6b62\u6216\u6267\u884c\u4efb\u610f\u6307\u4ee4\u3002\r\n\r\nCVE-2008-0993\r\n\r\nPodcast Capture\u5e94\u7528\u901a\u8fc7\u53c2\u6570\u5411\u5b50\u4efb\u52a1\u63d0\u4f9b\u53e3\u4ee4\uff0c\u8fd9\u53ef\u80fd\u6cc4\u9732\u7ed9\u5176\u4ed6\u672c\u5730\u7528\u6237\u3002\r\n\r\nCVE-2008-0994\r\n\r\n\u5f53Preview\u901a\u8fc7\u52a0\u5bc6\u4fdd\u5b58PDF\u6587\u4ef6\u65f6\uff0c\u4f7f\u7528\u7684\u662f40\u4f4dRC4\u3002\u8fd9\u79cd\u52a0\u5bc6\u7b97\u6cd5\u53ef\u80fd\u88ab\u7834\u89e3\uff0c\u53ef\u8bbf\u95ee\u8be5\u6587\u4ef6\u7684\u7528\u6237\u53ef\u4ee5\u901a\u8fc7\u66b4\u529b\u731c\u6d4b\u67e5\u770b\u8fd9\u4e2a\u6587\u4ef6\u3002\r\n\r\nCVE-2008-0995\r\n\r\n\u6253\u5370PDF\u6587\u4ef6\u548c\u8bbe\u7f6eopen\u53e3\u4ee4\u4f7f\u7528\u7684\u662f40\u4f4dRC4\u3002\u8fd9\u79cd\u52a0\u5bc6\u7b97\u6cd5\u53ef\u80fd\u88ab\u7834\u89e3\uff0c\u53ef\u8bbf\u95ee\u8be5\u6587\u4ef6\u7684\u7528\u6237\u53ef\u4ee5\u901a\u8fc7\u66b4\u529b\u731c\u6d4b\u67e5\u770b\u8fd9\u4e2a\u6587\u4ef6\u3002\r\n\r\nCVE-2008-0996\r\n\r\n\u5904\u7406\u901a\u8fc7\u8ba4\u8bc1\u7684\u6253\u5370\u961f\u5217\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u5f53\u5bf9\u901a\u8fc7\u8ba4\u8bc1\u7684\u6253\u5370\u961f\u5217\u542f\u52a8\u4efb\u52a1\u65f6\uff0c\u5c31\u53ef\u80fd\u5c06\u7528\u4e8e\u8ba4\u8bc1\u7684\u51ed\u636e\u4fdd\u5b58\u5230\u78c1\u76d8\u3002 \r\n\r\nCVE-2008-0998\r\n\r\nNetCfgTool\u7279\u6743\u5de5\u5177\u4f7f\u7528\u5206\u5e03\u5f0f\u5bf9\u8c61\u4e0e\u672c\u5730\u673a\u5668\u4e0a\u7684\u4e0d\u53ef\u4fe1\u4efb\u5ba2\u6237\u7aef\u7a0b\u5e8f\u901a\u8baf\uff0c\u5982\u679c\u53d1\u9001\u4e86\u7279\u5236\u6d88\u606f\u7684\u8bdd\uff0c\u672c\u5730\u7528\u6237\u5c31\u53ef\u4ee5\u7ed5\u8fc7\u6388\u6743\u8fc7\u7a0b\u5bfc\u81f4\u4ee5\u7279\u6743\u7a0b\u5e8f\u7684\u6743\u9650\u6267\u884c\u4efb\u610f\u6307\u4ee4\u3002\r\n\r\nCVE-2008-0999\r\n\r\n\u5728\u5904\u7406\u901a\u7528\u78c1\u76d8\u683c\u5f0f\uff08UDF\uff09\u6587\u4ef6\u7cfb\u7edf\u65f6\u5b58\u5728\u7a7a\u6307\u9488\u5f15\u7528\uff0c\u5982\u679c\u7528\u6237\u53d7\u9a97\u6253\u5f00\u4e86\u6076\u610f\u7684\u78c1\u76d8\u955c\u50cf\u7684\u8bdd\uff0c\u5c31\u53ef\u80fd\u5bfc\u81f4\u7cfb\u7edf\u610f\u5916\u5173\u95ed\u3002\r\n\n\nApple Mac OS X 10.4.11\r\nApple MacOS X Server 10.5.2\r\nApple MacOS X Server 10.4.11\n Apple\r\n-----\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\n<a href=http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=18157&cat=57&platform=osx&method=sa/SecUpdSrvr2008-002PPC.dmg target=_blank>http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=18157&cat=57&platform=osx&method=sa/SecUpdSrvr2008-002PPC.dmg</a>\r\n<a href=http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=18157&cat=57&platform=osx&method=sa/SecUpdSrvr2008-002Univ.dmg target=_blank>http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=18157&cat=57&platform=osx&method=sa/SecUpdSrvr2008-002Univ.dmg</a>\r\n<a href=http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=18157&cat=57&platform=osx&method=sa/SecUpd2008-002.dmg target=_blank>http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=18157&cat=57&platform=osx&method=sa/SecUpd2008-002.dmg</a>", "modified": "2008-03-20T00:00:00", "published": "2008-03-20T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-3063", "id": "SSV:3063", "title": "Apple Mac OS X 2008-002\u66f4\u65b0\u4fee\u590d\u591a\u4e2a\u5b89\u5168\u6f0f\u6d1e", "type": "seebug", "sourceData": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": ""}], "nessus": [{"lastseen": "2019-02-21T01:10:47", "bulletinFamily": "scanner", "description": "The remote host is running a version of Mac OS X 10.5 or 10.4 that does not have the security update 2008-002 applied. \n\nThis update contains several security fixes for a number of programs.", "modified": "2018-07-14T00:00:00", "id": "MACOSX_SECUPD2008-002.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=31605", "published": "2008-03-19T00:00:00", "title": "Mac OS X Multiple Vulnerabilities (Security Update 2008-002)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\nif (!defined_func(\"bn_random\")) exit(0);\nif (NASL_LEVEL < 3004) exit(0);\n\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(31605);\n script_version (\"1.38\");\n script_cvs_date(\"Date: 2018/07/14 1:59:35\");\n\n script_cve_id(\"CVE-2005-3352\", \"CVE-2005-4077\", \"CVE-2006-3334\", \"CVE-2006-3747\", \"CVE-2006-5793\",\n \"CVE-2006-6481\", \"CVE-2007-0897\", \"CVE-2007-0898\", \"CVE-2007-1659\", \"CVE-2007-1660\",\n \"CVE-2007-1661\", \"CVE-2007-1662\", \"CVE-2007-1745\", \"CVE-2007-1997\", \"CVE-2007-2445\",\n \"CVE-2007-2799\", \"CVE-2007-3378\", \"CVE-2007-3725\", \"CVE-2007-3799\", \"CVE-2007-3847\",\n \"CVE-2007-4510\", \"CVE-2007-4560\", \"CVE-2007-4568\", \"CVE-2007-4752\", \"CVE-2007-4766\",\n \"CVE-2007-4767\", \"CVE-2007-4768\", \"CVE-2007-4887\", \"CVE-2007-4990\", \"CVE-2007-5000\",\n \"CVE-2007-5266\", \"CVE-2007-5267\", \"CVE-2007-5268\", \"CVE-2007-5269\", \"CVE-2007-5795\",\n \"CVE-2007-5901\", \"CVE-2007-5958\", \"CVE-2007-5971\", \"CVE-2007-6109\", \"CVE-2007-6203\",\n \"CVE-2007-6335\", \"CVE-2007-6336\", \"CVE-2007-6337\", \"CVE-2007-6388\", \"CVE-2007-6421\",\n \"CVE-2007-6427\", \"CVE-2007-6428\", \"CVE-2007-6429\", \"CVE-2008-0005\", \"CVE-2008-0006\",\n \"CVE-2008-0044\", \"CVE-2008-0045\", \"CVE-2008-0046\", \"CVE-2008-0047\", \"CVE-2008-0048\",\n \"CVE-2008-0049\", \"CVE-2008-0050\", \"CVE-2008-0051\", \"CVE-2008-0052\", \"CVE-2008-0053\",\n \"CVE-2008-0054\", \"CVE-2008-0055\", \"CVE-2008-0056\", \"CVE-2008-0057\", \"CVE-2008-0058\",\n \"CVE-2008-0059\", \"CVE-2008-0060\", \"CVE-2008-0062\", \"CVE-2008-0063\", \"CVE-2008-0318\",\n \"CVE-2008-0596\", \"CVE-2008-0728\", \"CVE-2008-0882\", \"CVE-2008-0987\", \"CVE-2008-0988\",\n \"CVE-2008-0989\", \"CVE-2008-0990\", \"CVE-2008-0992\", \"CVE-2008-0993\", \"CVE-2008-0994\",\n \"CVE-2008-0995\", \"CVE-2008-0996\", \"CVE-2008-0997\", \"CVE-2008-0998\", \"CVE-2008-0999\",\n \"CVE-2008-1000\");\n script_bugtraq_id(19204, 21078, 24268, 25398, 25439, 25489, 25498, 26346, 26750, 26838,\n 26927, 26946, 27234, 27236, 27751, 27988, 28278, 28303, 28304, 28307,\n 28320, 28323, 28334, 28339, 28340, 28341, 28343, 28344, 28345, 28357,\n 28358, 28359, 28363, 28364, 28365, 28367, 28368, 28371, 28371, 28372,\n 28374, 28375, 28384, 28385, 28386, 28387, 28388, 28389);\n\n script_name(english:\"Mac OS X Multiple Vulnerabilities (Security Update 2008-002)\");\n script_summary(english:\"Check for the presence of Security Update 2008-002\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a Mac OS X update that fixes various\nsecurity issues.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of Mac OS X 10.5 or 10.4 that\ndoes not have the security update 2008-002 applied. \n\nThis update contains several security fixes for a number of programs.\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://docs.info.apple.com/article.html?artnum=307562\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.securityfocus.com/advisories/14242\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Install Security Update 2008-002 or later.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'ClamAV Milter Blackhole-Mode Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(20, 22, 78, 79, 94, 119, 134, 189, 200, 255, 264, 362, 399);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2008/03/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value: \"2007/08/24\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2007/06/02\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n script_copyright(english:\"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.\");\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/MacOSX/packages\", \"Host/uname\");\n exit(0);\n}\n\n\nuname = get_kb_item(\"Host/uname\");\nif (!uname) exit(0);\n\nif (egrep(pattern:\"Darwin.* (8\\.[0-9]\\.|8\\.1[01]\\.)\", string:uname))\n{\n packages = get_kb_item(\"Host/MacOSX/packages\");\n if (!packages) exit(0);\n\n if (!egrep(pattern:\"^SecUpd(Srvr)?(2008-00[2-8]|2009-|20[1-9][0-9]-)\", string:packages))\n security_hole(0);\n}\nelse if (egrep(pattern:\"Darwin.* (9\\.[0-2]\\.)\", string:uname))\n{\n packages = get_kb_item(\"Host/MacOSX/packages/boms\");\n if (!packages) exit(0);\n\n if (!egrep(pattern:\"^com\\.apple\\.pkg\\.update\\.security\\.2008\\.002\\.bom\", string:packages))\n security_hole(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
