ID CVE-2009-1723 Type cve Reporter cve@mitre.org Modified 2017-08-17T01:30:00
Description
CFNetwork in Apple Mac OS X 10.5 before 10.5.8 places an incorrect URL in a certificate warning in certain 302 redirection scenarios, which makes it easier for remote attackers to trick a user into visiting an arbitrary https web site by leveraging an open redirect vulnerability, a different issue than CVE-2009-2062.
{"id": "CVE-2009-1723", "bulletinFamily": "NVD", "title": "CVE-2009-1723", "description": "CFNetwork in Apple Mac OS X 10.5 before 10.5.8 places an incorrect URL in a certificate warning in certain 302 redirection scenarios, which makes it easier for remote attackers to trick a user into visiting an arbitrary https web site by leveraging an open redirect vulnerability, a different issue than CVE-2009-2062.", "published": "2009-08-06T15:30:00", "modified": "2017-08-17T01:30:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1723", "reporter": "cve@mitre.org", "references": ["http://www.vupen.com/english/advisories/2009/2172", "http://support.apple.com/kb/HT4225", "http://osvdb.org/56846", "http://www.us-cert.gov/cas/techalerts/TA09-218A.html", "http://www.securityfocus.com/bid/35954", "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html", "https://exchange.xforce.ibmcloud.com/vulnerabilities/52418", "http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html", "http://secunia.com/advisories/36096", "http://support.apple.com/kb/HT3757"], "cvelist": ["CVE-2009-1723"], "type": "cve", "lastseen": "2020-10-03T11:54:13", "edition": 3, "viewCount": 4, "enchantments": {"dependencies": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:22251", "SECURITYVULNS:VULN:10120"]}, {"type": "nessus", "idList": ["MACOSX_10_5_8.NASL"]}, {"type": "seebug", "idList": ["SSV:11998"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310102036", "OPENVAS:102036"]}], "modified": "2020-10-03T11:54:13", "rev": 2}, "score": {"value": 5.1, "vector": "NONE", "modified": "2020-10-03T11:54:13", "rev": 2}, "vulnersScore": 5.1}, "cpe": ["cpe:/o:apple:mac_os_x_server:10.5.3", "cpe:/o:apple:mac_os_x_server:10.5.1", "cpe:/o:apple:mac_os_x_server:10.5.0", "cpe:/o:apple:mac_os_x:10.5.0", "cpe:/o:apple:mac_os_x:10.5.1", "cpe:/o:apple:mac_os_x:10.5.7", "cpe:/o:apple:mac_os_x:10.5.4", "cpe:/o:apple:mac_os_x_server:10.5.5", "cpe:/o:apple:mac_os_x:10.5.5", "cpe:/o:apple:mac_os_x_server:10.5", "cpe:/o:apple:mac_os_x:10.5.3", "cpe:/o:apple:mac_os_x:10.5", "cpe:/o:apple:mac_os_x_server:10.5.2", "cpe:/o:apple:mac_os_x_server:10.5.4", "cpe:/a:apple:mac_os_x:10.5.6", "cpe:/o:apple:mac_os_x_server:10.5.6", "cpe:/o:apple:mac_os_x:10.5.6", "cpe:/o:apple:mac_os_x:10.5.2", "cpe:/o:apple:mac_os_x_server:10.5.7"], "affectedSoftware": [{"cpeName": "apple:mac_os_x", "name": "apple mac os x", "operator": "eq", "version": "10.5.3"}, {"cpeName": "apple:mac_os_x_server", "name": "apple mac os x server", "operator": "eq", "version": "10.5.6"}, {"cpeName": "apple:mac_os_x", "name": "apple mac os x", "operator": "eq", "version": "10.5.7"}, {"cpeName": "apple:mac_os_x", "name": "apple mac os x", "operator": "eq", "version": "10.5"}, {"cpeName": "apple:mac_os_x_server", "name": "apple mac os x server", "operator": "eq", "version": "10.5.2"}, {"cpeName": "apple:mac_os_x", "name": "apple mac os x", "operator": "eq", "version": "10.5.2"}, {"cpeName": "apple:mac_os_x", "name": "apple mac os x", "operator": "eq", "version": "10.5.2"}, {"cpeName": "apple:mac_os_x", "name": "apple mac os x", "operator": "eq", "version": "10.5.1"}, {"cpeName": "apple:mac_os_x_server", "name": "apple mac os x server", "operator": "eq", "version": "10.5"}, {"cpeName": "apple:mac_os_x", "name": "apple mac os x", "operator": "eq", "version": "10.5.0"}, {"cpeName": "apple:mac_os_x_server", "name": "apple mac os x server", "operator": "eq", "version": "10.5.7"}, {"cpeName": "apple:mac_os_x_server", "name": "apple mac os x server", "operator": "eq", "version": "10.5.1"}, {"cpeName": "apple:mac_os_x", "name": "apple mac os x", "operator": "eq", "version": "10.5.5"}, {"cpeName": "apple:mac_os_x_server", "name": "apple mac os x server", "operator": "eq", "version": "10.5.0"}, {"cpeName": "apple:mac_os_x_server", "name": "apple mac os x server", "operator": "eq", "version": "10.5.5"}, {"cpeName": "apple:mac_os_x_server", "name": "apple mac os x server", "operator": "eq", "version": "10.5.3"}, {"cpeName": "apple:mac_os_x", "name": "apple mac os x", "operator": "eq", "version": "10.5.6"}, {"cpeName": "apple:mac_os_x", "name": "apple mac os x", "operator": "eq", "version": "10.5.6"}, {"cpeName": "apple:mac_os_x_server", "name": "apple mac os x server", "operator": "eq", "version": "10.5.4"}, {"cpeName": "apple:mac_os_x", "name": "apple mac os x", "operator": "eq", "version": "10.5.4"}], "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {}, "cpe23": ["cpe:2.3:o:apple:mac_os_x_server:10.5.7:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.5.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.5.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.5.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.5.2:2008-002:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.5.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.5.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.5.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.5.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.5.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.5.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.5.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.5.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:apple:mac_os_x:10.5.6:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x_server:10.5.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.5.6:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.5.7:*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-Other"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5.2:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apple:mac_os_x:10.5.6:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.5:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5.3:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5.7:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5.6:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.5.4:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.5.1:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.5.7:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.5.6:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5.5:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5.4:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.5.5:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5.0:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5.2:2008-002:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5.1:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.5.0:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.5.3:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.5.2:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}}
{"securityvulns": [{"lastseen": "2018-08-31T11:09:33", "bulletinFamily": "software", "cvelist": ["CVE-2009-2192", "CVE-2009-1235", "CVE-2009-1721", "CVE-2009-2194", "CVE-2009-0040", "CVE-2009-2193", "CVE-2009-2190", "CVE-2009-1726", "CVE-2009-1728", "CVE-2009-1720", "CVE-2009-1722", "CVE-2008-0674", "CVE-2009-1727", "CVE-2009-0151", "CVE-2009-1723", "CVE-2009-2191", "CVE-2009-2188"], "description": "Privilege escalations, multiple DoS conditions, buffer overflow in AppleTalk client, Safari certificate spoofing, multiple vulnerabilities on images parsing.", "edition": 1, "modified": "2009-08-07T00:00:00", "published": "2009-08-07T00:00:00", "id": "SECURITYVULNS:VULN:10120", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:10120", "title": "Apple Mac OS X multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:31", "bulletinFamily": "software", "cvelist": ["CVE-2009-2192", "CVE-2008-1372", "CVE-2009-1235", "CVE-2009-1721", "CVE-2009-2194", "CVE-2009-0040", "CVE-2009-2193", "CVE-2009-2190", "CVE-2009-1726", "CVE-2009-1728", "CVE-2009-1720", "CVE-2009-1722", "CVE-2008-0674", "CVE-2009-1727", "CVE-2009-0151", "CVE-2009-1723", "CVE-2009-2191", "CVE-2009-2188"], "description": "About the security content of Security Update 2009-003 / Mac OS X v10.5.8\r\n\r\n * Last Modified: August 05, 2009\r\n * Article: HT3757\r\n\r\nSummary\r\n\r\nThis document describes the security content of Security Update 2009-003 / Mac OS X v10.5.8, which can be downloaded and installed via Software Update preferences, or from Apple Downloads.\r\n\r\nFor the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.\r\n\r\nFor information about the Apple Product Security PGP Key, see "How to use the Apple Product Security PGP Key."\r\n\r\nWhere possible, CVE IDs are used to reference the vulnerabilities for further information.\r\n\r\nTo learn about other Security Updates, see "Apple Security Updates."\r\nProducts Affected\r\n\r\nProduct Security\r\nSecurity Update 2009-003 / Mac OS X v10.5.8\r\n\r\n *\r\n\r\n bzip2\r\n\r\n CVE-ID: CVE-2008-1372\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.7, Mac OS X Server v10.5 through v10.5.7\r\n\r\n Impact: Decompressing maliciously crafted data may lead to an unexpected application termination\r\n\r\n Description: An out-of-bounds memory access exists in bzip2. Opening a maliciously crafted compressed file may lead to an unexpected application termination. This update addresses the issue by updating bzip2 to version 1.0.5. Further information is available via the bzip2 web site at http://bzip.org/\r\n\r\n *\r\n\r\n CFNetwork\r\n\r\n CVE-ID: CVE-2009-1723\r\n\r\n Available for: Mac OS X v10.5 through v10.5.7, Mac OS X Server v10.5 through v10.5.7\r\n\r\n Impact: A maliciously crafted website may control the displayed website URL in a certificate warning\r\n\r\n Description: When Safari reaches a website via a 302 redirection and a certificate warning is displayed, the warning will contain the original website URL instead of the current website URL. This may allow a maliciously crafted website that is reached via an open redirector on a user-trusted website to control the displayed website URL in a certificate warning. This issue was addressed by returning the correct URL in the underlying CFNetwork layer. This issue does not affect systems prior to Mac OS X v10.5. Credit to Kevin Day of Your.Org, and Jason Mueller of Indiana University for reporting this issue.\r\n\r\n *\r\n\r\n ColorSync\r\n\r\n CVE-ID: CVE-2009-1726\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.7, Mac OS X Server v10.5 through v10.5.7\r\n\r\n Impact: Viewing a maliciously crafted image with an embedded ColorSync profile may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A heap buffer overflow exists in the handling of images with an embedded ColorSync profile. Opening a maliciously crafted image with an embedded ColorSync profile may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of ColorSync profiles. Credit to Chris Evans of the Google Security Team for reporting this issue.\r\n\r\n *\r\n\r\n CoreTypes\r\n\r\n CVE-ID: CVE-2009-1727\r\n\r\n Available for: Mac OS X v10.5 through v10.5.7, Mac OS X Server v10.5 through v10.5.7\r\n\r\n Impact: Users are not warned before opening certain potentially unsafe content types\r\n\r\n Description: This update extends the system's list of content types that will be flagged as potentially unsafe under certain circumstances, such as when they are downloaded from a web page. While these content types are not automatically launched, if manually opened they could lead to the execution of a malicious JavaScript payload. This update improves the system's ability to notify users before handling content types used by Safari. Credit to Brian Mastenbrook, and Clint Ruoho of Laconic Security for reporting this issue.\r\n\r\n *\r\n\r\n Dock\r\n\r\n CVE-ID: CVE-2009-0151\r\n\r\n Available for: Mac OS X v10.5 through v10.5.7, Mac OS X Server v10.5 through v10.5.7\r\n\r\n Impact: A person with physical access to a locked system may use four-finger Multi-Touch gestures\r\n\r\n Description: The screen saver does not block four-finger Multi-Touch gestures, which may allow a person with physical access to a locked system to manage applications or use Expose. This update addresses the issue by properly blocking Multi-Touch gestures when the screen saver is running. This issue only affects systems with a Multi-Touch trackpad.\r\n\r\n *\r\n\r\n Image RAW\r\n\r\n CVE-ID: CVE-2009-1728\r\n\r\n Available for: Mac OS X v10.5 through v10.5.7, Mac OS X Server v10.5 through v10.5.7\r\n\r\n Impact: Viewing a maliciously crafted Canon RAW image may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A stack buffer overflow exists in the handling of Canon RAW images. Viewing a maliciously crafted Canon RAW image may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. For Mac OS X v10.4 systems, this issue is already addressed with Digital Camera RAW Compatibility Update 2.6. Credit to Chris Ries of Carnegie Mellon University Computing Services for reporting this issue.\r\n\r\n *\r\n\r\n ImageIO\r\n\r\n CVE-ID: CVE-2009-1722\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.7, Mac OS X Server v10.5 through v10.5.7\r\n\r\n Impact: Viewing a maliciously crafted OpenEXR image may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A heap buffer overflow exists in ImageIO's handling of OpenEXR images. Viewing a maliciously crafted OpenEXR image may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by updating OpenEXR to version 1.6.1. Credit to Lurene Grenier of Sourcefire VRT, and Chris Ries of Carnegie Mellon University Computing Services for reporting this issue.\r\n\r\n *\r\n\r\n ImageIO\r\n\r\n CVE-ID: CVE-2009-1721\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.7, Mac OS X Server v10.5 through v10.5.7\r\n\r\n Impact: Viewing a maliciously crafted OpenEXR image may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: An uninitialized memory access issue exists in ImageIO's handling of OpenEXR images. Viewing a maliciously crafted OpenEXR image may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through proper memory initialization and additional validation of OpenEXR images. Credit: Apple.\r\n\r\n *\r\n\r\n ImageIO\r\n\r\n CVE-ID: CVE-2009-1720\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.7, Mac OS X Server v10.5 through v10.5.7\r\n\r\n Impact: Viewing a maliciously crafted OpenEXR image may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: Multiple integer overflows exist in ImageIO's handling of OpenEXR images. Viewing a maliciously crafted OpenEXR image may lead to an unexpected application termination or arbitrary code execution. This update addresses the issues through improved bounds checking. Credit: Apple.\r\n\r\n *\r\n\r\n ImageIO\r\n\r\n CVE-ID: CVE-2009-2188\r\n\r\n Available for: Mac OS X v10.5 through v10.5.7, Mac OS X Server v10.5 through v10.5.7\r\n\r\n Impact: Viewing a maliciously crafted image may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A buffer overflow exists in ImageIO's handling of EXIF metadata. Viewing a maliciously crafted image may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. This issue does not affect systems prior to Mac OS X v10.5.\r\n\r\n *\r\n\r\n ImageIO\r\n\r\n CVE-ID: CVE-2009-0040\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.7, Mac OS X Server v10.5 through v10.5.7\r\n\r\n Impact: Processing a maliciously crafted PNG image may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: An uninitialized pointer issue exists in the handling of PNG images. Processing a maliciously crafted PNG image may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of PNG images. Credit to Tavis Ormandy of the Google Security Team for reporting this issue.\r\n\r\n *\r\n\r\n Kernel\r\n\r\n CVE-ID: CVE-2009-1235\r\n\r\n Available for: Mac OS X v10.5 through v10.5.7, Mac OS X Server v10.5 through v10.5.7\r\n\r\n Impact: A local user may obtain system privileges\r\n\r\n Description: An implementation issue exists in the kernel's handling of fcntl system calls. A local user may overwrite kernel memory and execute arbitrary code with system privileges. This update addresses the issue through improved handling of fcntl system calls. Credit to Razvan Musaloiu-E. of Johns Hopkins University, HiNRG for reporting this issue.\r\n\r\n *\r\n\r\n launchd\r\n\r\n CVE-ID: CVE-2009-2190\r\n\r\n Available for: Mac OS X v10.5 through v10.5.7, Mac OS X Server v10.5 through v10.5.7\r\n\r\n Impact: Opening many connections to an inetd-based launchd service may lead to a denial of service\r\n\r\n Description: Opening many connections to an inetd-based launchd service may cause launchd to stop servicing incoming connections to that service until the next system restart. This update addresses the issue through improved error handling.\r\n\r\n *\r\n\r\n Login Window\r\n\r\n CVE-ID: CVE-2009-2191\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.7, Mac OS X Server v10.5 through v10.5.7\r\n\r\n Impact: A format string issue in Login Window may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A format string issue in Login Window's handling of application names may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved handling of application names. Credit to Alfredo Pesoli of 0xcafebabe.it for reporting this issue.\r\n\r\n *\r\n\r\n MobileMe\r\n\r\n CVE-ID: CVE-2009-2192\r\n\r\n Available for: Mac OS X v10.5 through v10.5.7, Mac OS X Server v10.5 through v10.5.7\r\n\r\n Impact: Signing out of MobileMe does not remove all credentials\r\n\r\n Description: A logic issue exists in the MobileMe preference pane. Signing out of the preference pane does not delete all credentials. A person with access to the local user account may continue to access any other system associated with the MobileMe account which had previously been signed in for that local account. This update addresses the issue by deleting all the credentials on sign out.\r\n\r\n *\r\n\r\n Networking\r\n\r\n CVE-ID: CVE-2009-2193\r\n\r\n Available for: Mac OS X v10.5 through v10.5.7, Mac OS X Server v10.5 through v10.5.7\r\n\r\n Impact: Receiving a maliciously crafted AppleTalk response packet may lead to arbitrary code execution with system privileges or an unexpected system shutdown\r\n\r\n Description: A buffer overflow exists in the kernel's handling of AppleTalk response packets. Receiving a maliciously crafted AppleTalk response packet may lead to arbitrary code execution with system privileges or an unexpected system shutdown. This update addresses the issue through improved validation of AppleTalk response packets. Credit to Ilja van Sprundel from IOActive for reporting this issue.\r\n\r\n *\r\n\r\n Networking\r\n\r\n CVE-ID: CVE-2009-2194\r\n\r\n Available for: Mac OS X v10.5 through v10.5.7, Mac OS X Server v10.5 through v10.5.7\r\n\r\n Impact: A local user may cause an unexpected system shutdown\r\n\r\n Description: A synchronization issue exists in the handling of file descriptor sharing over local sockets. By sending messages containing file descriptors to a socket with no receiver, a local user may cause an unexpected system shutdown. This update addresses the issue through improved handling of file descriptor sharing. Credit to Bennet Yee of Google Inc. for reporting this issue.\r\n\r\n *\r\n\r\n XQuery\r\n\r\n CVE-ID: CVE-2008-0674\r\n\r\n Available for: Mac OS X v10.5 through v10.5.7, Mac OS X Server v10.5 through v10.5.7\r\n\r\n Impact: Processing maliciously crafted XML content may lead to arbitrary code execution\r\n\r\n Description: A buffer overflow exists in the handling of character classes in regular expressions in the Perl Compatible Regular Expressions (PCRE) library used by XQuery. This may allow a remote attacker to execute arbitrary code via a regular expression containing a character class with a large number of characters with Unicode code points greater than 255. This update addresses the issue by updating PCRE to version 7.6.\r\n\r\n", "edition": 1, "modified": "2009-08-07T00:00:00", "published": "2009-08-07T00:00:00", "id": "SECURITYVULNS:DOC:22251", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:22251", "title": "About the security content of Security Update 2009-003 / Mac OS X v10.5.8", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2021-01-01T03:23:36", "description": "The remote host is running a version of Mac OS X 10.5.x that is prior\nto 10.5.8. \n\nMac OS X 10.5.8 contains security fixes for the following products :\n\n - bzip2\n - CFNetwork\n - ColorSync\n - CoreTypes\n - Dock\n - Image RAW\n - ImageIO\n - Kernel\n - launchd\n - Login Window\n - MobileMe\n - Networking\n - XQuery", "edition": 26, "published": "2009-08-05T00:00:00", "title": "Mac OS X 10.5.x < 10.5.8 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2192", "CVE-2008-1372", "CVE-2009-1235", "CVE-2009-1721", "CVE-2009-2194", "CVE-2009-0040", "CVE-2009-2193", "CVE-2009-2190", "CVE-2009-1726", "CVE-2009-1728", "CVE-2009-1720", "CVE-2009-1722", "CVE-2008-0674", "CVE-2009-1727", "CVE-2009-0151", "CVE-2009-1723", "CVE-2009-2191", "CVE-2009-2188"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x"], "id": "MACOSX_10_5_8.NASL", "href": "https://www.tenable.com/plugins/nessus/40502", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\nif (!defined_func(\"bn_random\")) exit(0);\nif (NASL_LEVEL < 3004) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(40502);\n script_version(\"1.23\");\n\n script_cve_id(\"CVE-2008-0674\", \"CVE-2008-1372\", \"CVE-2009-0040\", \"CVE-2009-0151\", \"CVE-2009-1235\",\n \"CVE-2009-1720\", \"CVE-2009-1721\", \"CVE-2009-1722\", \"CVE-2009-1723\", \"CVE-2009-1726\",\n \"CVE-2009-1727\", \"CVE-2009-1728\", \"CVE-2009-2188\", \"CVE-2009-2190\", \"CVE-2009-2191\",\n \"CVE-2009-2192\", \"CVE-2009-2193\", \"CVE-2009-2194\");\n script_bugtraq_id(27786, 28286, 33827, 34203, 35838, 36025);\n\n script_name(english:\"Mac OS X 10.5.x < 10.5.8 Multiple Vulnerabilities\");\n script_summary(english:\"Check the version of Mac OS X\");\n\n script_set_attribute( attribute:\"synopsis\", value:\n\"The remote host is missing a Mac OS X update that fixes various\nsecurity issues.\" );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is running a version of Mac OS X 10.5.x that is prior\nto 10.5.8. \n\nMac OS X 10.5.8 contains security fixes for the following products :\n\n - bzip2\n - CFNetwork\n - ColorSync\n - CoreTypes\n - Dock\n - Image RAW\n - ImageIO\n - Kernel\n - launchd\n - Login Window\n - MobileMe\n - Networking\n - XQuery\" );\n script_set_attribute(\n attribute:\"see_also\", \n value:\"http://support.apple.com/kb/HT3757\"\n );\n script_set_attribute(\n attribute:\"see_also\", \n value:\"http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade to Mac OS X 10.5.8 or later.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(16, 94, 119, 134, 189, 255, 264, 399);\n script_set_attribute(\n attribute:\"vuln_publication_date\", \n value:\"2009/08/05\"\n );\n script_set_attribute(\n attribute:\"patch_publication_date\", \n value:\"2009/08/05\"\n );\n script_set_attribute(\n attribute:\"plugin_publication_date\", \n value:\"2009/08/05\"\n );\n script_cvs_date(\"Date: 2018/07/16 12:48:31\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n \n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n \n script_copyright(english:\"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.\");\n \n script_dependencies(\"ssh_get_info.nasl\", \"os_fingerprint.nasl\");\n\n exit(0);\n}\n\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os) os = get_kb_item(\"Host/OS\");\nif (!os) exit(1, \"The 'Host/MacOSX/Version' and 'Host/OS' KB items are missing.\");\n\nif (ereg(pattern:\"Mac OS X 10\\.5\\.[0-7]([^0-9]|$)\", string:os)) security_hole(0);\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2017-07-02T21:09:56", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2192", "CVE-2008-1372", "CVE-2009-1235", "CVE-2009-1721", "CVE-2009-2194", "CVE-2009-0040", "CVE-2009-2193", "CVE-2009-2190", "CVE-2009-1726", "CVE-2009-1728", "CVE-2009-1720", "CVE-2009-1722", "CVE-2008-0674", "CVE-2009-1727", "CVE-2009-0151", "CVE-2009-1723", "CVE-2009-2191", "CVE-2009-2188"], "description": "The remote host is missing Mac OS X 10.5.8 Update / Mac OS X Security Update 2009-003.\n One or more of the following components are affected:\n\n bzip2\n CFNetwork\n ColorSync\n CoreTypes\n Dock\n Image RAW\n ImageIO\n Kernel\n launchd\n Login Window\n MobileMe\n Networking\n XQuery", "modified": "2017-02-22T00:00:00", "published": "2010-05-12T00:00:00", "id": "OPENVAS:102036", "href": "http://plugins.openvas.org/nasl.php?oid=102036", "type": "openvas", "title": "Mac OS X 10.5.8 Update / Mac OS X Security Update 2009-003", "sourceData": "###################################################################\n# OpenVAS Vulnerability Test\n#\n# Mac OS X 10.5.8 Update / Mac OS X Security Update 2009-003\n#\n# LSS-NVT-2010-025\n#\n# Developed by LSS Security Team <http://security.lss.hr>\n#\n# Copyright (C) 2010 LSS <http://www.lss.hr>\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public\n# License along with this program. If not, see\n# <http://www.gnu.org/licenses/>.\n###################################################################\n\ntag_solution = \"Update your Mac OS X operating system.\n\n For more information see:\n http://support.apple.com/kb/HT3757\";\n\ntag_summary = \"The remote host is missing Mac OS X 10.5.8 Update / Mac OS X Security Update 2009-003.\n One or more of the following components are affected:\n\n bzip2\n CFNetwork\n ColorSync\n CoreTypes\n Dock\n Image RAW\n ImageIO\n Kernel\n launchd\n Login Window\n MobileMe\n Networking\n XQuery\";\n\n\nif(description)\n{\n script_id(102036);\n script_version(\"$Revision: 5394 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-22 10:22:42 +0100 (Wed, 22 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-05-12 14:48:44 +0200 (Wed, 12 May 2010)\");\n script_cve_id(\"CVE-2008-1372\",\"CVE-2009-1723\",\"CVE-2009-1726\",\"CVE-2009-1727\",\"CVE-2009-0151\",\"CVE-2009-1728\",\"CVE-2009-1722\",\"CVE-2009-1721\",\"CVE-2009-1720\",\"CVE-2009-2188\",\"CVE-2009-0040\",\"CVE-2009-1235\",\"CVE-2009-2190\",\"CVE-2009-2191\",\"CVE-2009-2192\",\"CVE-2009-2193\",\"CVE-2009-2194\",\"CVE-2008-0674\");\n script_name(\"Mac OS X 10.5.8 Update / Mac OS X Security Update 2009-003\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2010 LSS\");\n script_family(\"Mac OS X Local Security Checks\");\n script_require_ports(\"Services/ssh\", 22);\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\",\"ssh/login/osx_version\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"pkg-lib-macosx.inc\");\ninclude(\"version_func.inc\");\n\nssh_osx_name = get_kb_item(\"ssh/login/osx_name\");\nif (!ssh_osx_name) exit (0);\n\nssh_osx_ver = get_kb_item(\"ssh/login/osx_version\");\nif (!ssh_osx_ver) exit (0);\n\nssh_osx_rls = ssh_osx_name + ' ' + ssh_osx_ver;\n\npkg_for_ver = make_list(\"Mac OS X 10.4.11\",\"Mac OS X Server 10.4.11\",\"Mac OS X 10.5.7\",\"Mac OS X Server 10.5.7\");\n\nif (rlsnotsupported(rls:ssh_osx_rls, list:pkg_for_ver)) { security_message(0); exit(0);}\n\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X 10.4.11\")) {\n if (version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:osx_ver(ver:\"Mac OS X 10.4.11\"))) { security_message(0); exit(0);}\n else if ((ssh_osx_ver==osx_ver(ver:\"Mac OS X 10.4.11\")) && (isosxpkgvuln(fixed:\"com.apple.pkg.update.security.\", diff:\"2009.003\"))) { security_message(0); exit(0);}\n}\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X Server 10.4.11\")) {\n if (version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:osx_ver(ver:\"Mac OS X Server 10.4.11\"))) { security_message(0); exit(0);}\n else if ((ssh_osx_ver==osx_ver(ver:\"Mac OS X Server 10.4.11\")) && (isosxpkgvuln(fixed:\"com.apple.pkg.update.security.\", diff:\"2009.003\"))) { security_message(0); exit(0);}\n}\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X 10.5.7\")) {\n if (version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:\"10.5.8\")) { security_message(0); exit(0); }\n}\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X Server 10.5.7\")) {\n if (version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:\"10.5.8\")) { security_message(0); exit(0); }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:40:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2192", "CVE-2008-1372", "CVE-2009-1235", "CVE-2009-1721", "CVE-2009-2194", "CVE-2009-0040", "CVE-2009-2193", "CVE-2009-2190", "CVE-2009-1726", "CVE-2009-1728", "CVE-2009-1720", "CVE-2009-1722", "CVE-2008-0674", "CVE-2009-1727", "CVE-2009-0151", "CVE-2009-1723", "CVE-2009-2191", "CVE-2009-2188"], "description": "The remote host is missing Mac OS X 10.5.8 Update / Mac OS X Security Update 2009-003.", "modified": "2019-03-19T00:00:00", "published": "2010-05-12T00:00:00", "id": "OPENVAS:1361412562310102036", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310102036", "type": "openvas", "title": "Mac OS X 10.5.8 Update / Mac OS X Security Update 2009-003", "sourceData": "###################################################################\n# OpenVAS Vulnerability Test\n# $Id: macosx_upd_10_5_8_secupd_2009-003.nasl 14307 2019-03-19 10:09:27Z cfischer $\n#\n# Mac OS X 10.5.8 Update / Mac OS X Security Update 2009-003\n#\n# LSS-NVT-2010-025\n#\n# Developed by LSS Security Team <http://security.lss.hr>\n#\n# Copyright (C) 2010 LSS <http://www.lss.hr>\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public\n# License along with this program. If not, see\n# <http://www.gnu.org/licenses/>.\n###################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.102036\");\n script_version(\"$Revision: 14307 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-19 11:09:27 +0100 (Tue, 19 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2010-05-12 14:48:44 +0200 (Wed, 12 May 2010)\");\n script_cve_id(\"CVE-2008-1372\", \"CVE-2009-1723\", \"CVE-2009-1726\", \"CVE-2009-1727\", \"CVE-2009-0151\",\n \"CVE-2009-1728\", \"CVE-2009-1722\", \"CVE-2009-1721\", \"CVE-2009-1720\", \"CVE-2009-2188\",\n \"CVE-2009-0040\", \"CVE-2009-1235\", \"CVE-2009-2190\", \"CVE-2009-2191\", \"CVE-2009-2192\",\n \"CVE-2009-2193\", \"CVE-2009-2194\", \"CVE-2008-0674\");\n script_name(\"Mac OS X 10.5.8 Update / Mac OS X Security Update 2009-003\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2010 LSS\");\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\", \"ssh/login/osx_version\", re:\"ssh/login/osx_version=^10\\.[45]\\.\");\n\n script_xref(name:\"URL\", value:\"http://support.apple.com/kb/HT3757\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing Mac OS X 10.5.8 Update / Mac OS X Security Update 2009-003.\");\n\n script_tag(name:\"affected\", value:\"One or more of the following components are affected:\n\n bzip2\n\n CFNetwork\n\n ColorSync\n\n CoreTypes\n\n Dock\n\n Image RAW\n\n ImageIO\n\n Kernel\n\n launchd\n\n Login Window\n\n MobileMe\n\n Networking\n\n XQuery\");\n\n script_tag(name:\"solution\", value:\"Update your Mac OS X operating system. Please see the references for more information.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-macosx.inc\");\ninclude(\"version_func.inc\");\n\nssh_osx_name = get_kb_item(\"ssh/login/osx_name\");\nif (!ssh_osx_name) exit (0);\n\nssh_osx_ver = get_kb_item(\"ssh/login/osx_version\");\nif (!ssh_osx_ver || ssh_osx_ver !~ \"^10\\.[45]\\.\") exit (0);\n\nssh_osx_rls = ssh_osx_name + ' ' + ssh_osx_ver;\n\npkg_for_ver = make_list(\"Mac OS X 10.4.11\",\"Mac OS X Server 10.4.11\",\"Mac OS X 10.5.7\",\"Mac OS X Server 10.5.7\");\n\nif (rlsnotsupported(rls:ssh_osx_rls, list:pkg_for_ver)) { security_message( port: 0, data: \"The target host was found to be vulnerable\" ); exit(0);}\n\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X 10.4.11\")) {\n if(version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:osx_ver(ver:\"Mac OS X 10.4.11\"))) { security_message( port: 0, data: \"The target host was found to be vulnerable\" ); exit(0);}\n else if((ssh_osx_ver == osx_ver(ver:\"Mac OS X 10.4.11\")) && (isosxpkgvuln(fixed:\"com.apple.pkg.update.security.\", diff:\"2009.003\"))) { security_message( port: 0, data: \"The target host was found to be vulnerable\" ); exit(0);}\n}\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X Server 10.4.11\")) {\n if(version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:osx_ver(ver:\"Mac OS X Server 10.4.11\"))) { security_message( port: 0, data: \"The target host was found to be vulnerable\" ); exit(0);}\n else if((ssh_osx_ver == osx_ver(ver:\"Mac OS X Server 10.4.11\")) && (isosxpkgvuln(fixed:\"com.apple.pkg.update.security.\", diff:\"2009.003\"))) { security_message( port: 0, data: \"The target host was found to be vulnerable\" ); exit(0);}\n}\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X 10.5.7\")) {\n if(version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:\"10.5.8\")) { security_message( port: 0, data: \"The target host was found to be vulnerable\" ); exit(0); }\n}\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X Server 10.5.7\")) {\n if(version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:\"10.5.8\")) { security_message( port: 0, data: \"The target host was found to be vulnerable\" ); exit(0); }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "seebug": [{"lastseen": "2017-11-19T18:41:10", "description": "Bugraq ID: 35954\r\nCVE ID\uff1aCVE-2009-1723\r\nCVE-2009-1726\r\nCVE-2009-1727\r\nCVE-2009-0151\r\nCVE-2009-1728\r\nCVE-2009-2188\r\nCVE-2009-2190\r\nCVE-2009-2191\r\nCVE-2009-2192\r\nCVE-2009-2193\r\nCVE-2009-2194\r\nCNCVE ID\uff1aCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20092188\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\nCNCVE-20092194\r\n\r\nApple Mac OS X\u662f\u4e00\u6b3e\u57fa\u4e8eBSD\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\r\nApple Mac OS X\u5b89\u5168\u5347\u7ea72009-003\u4fee\u590d\u591a\u4e2a\u5b89\u5168\u6f0f\u6d1e\uff1a\r\nCVE-ID: CVE-2008-1372\uff1a\r\nCNCVE ID\uff1aCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20092188\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\nCNCVE-20092194\r\nCNCVE-20081372\r\n \r\nbzip2\u5b58\u5728\u8d8a\u754c\u5185\u5b58\u53d1\u90a3\u4e2a\u543b\u95ee\u9898\uff0c\u6784\u5efa\u6076\u610f\u7684\u538b\u7f29\u6587\u4ef6\uff0c\u8bf1\u4f7f\u7528\u6237\u6253\u5f00\u53ef\u5bfc\u81f4\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u3002\r\nCVE-ID: CVE-2009-1723\uff1a\r\nCNCVE ID\uff1aCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20092188\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\nCNCVE-20092194\r\nCNCVE-20081372\r\nCNCVE-20091723\r\n \r\n\u5f53Safari\u8bbf\u95ee\u5230\u901a\u8fc7302\u91cd\u5b9a\u5411\u7684WEB\u7ad9\u70b9\u65f6\uff0c\u4f1a\u63d0\u793a\u8bc1\u4e66\u8b66\u544a\uff0c\u6b64\u8b66\u544a\u4f1a\u5305\u542b\u539f\u59cbWEB\u7ad9\u70b9URL\u6765\u4ee3\u66ff\u5f53\u524dWEB\u7ad9\u70b9URL\uff0c\u8fd9\u5141\u8bb8\u6076\u610f\u6784\u5efa\u7684WEB\u7ad9\u70b9\u53ef\u63a7\u5236\u663e\u793a\u5728\u8bc1\u4e66\u8b66\u544a\u4e2d\u7684WEB\u7ad9\u70b9URL\uff0c\u5bfc\u81f4\u7528\u6237\u76f2\u76ee\u4fe1\u4efb\u3002\r\nCVE-ID: CVE-2009-1726\uff1a\r\nCNCVE ID\uff1aCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20092188\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\nCNCVE-20092194\r\nCNCVE-20081372\r\nCNCVE-20091723\r\nCNCVE-20091726\r\n \r\n\u6253\u5f00\u4e00\u4e2a\u7279\u6b8a\u6784\u5efa\u7684\u4f7f\u7528\u5d4c\u5165\u5f0fColorSync\u914d\u7f6e\u6587\u4ef6\u7684\u56fe\u50cf\u65f6\u53ef\u5bfc\u81f4\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u3002\r\nCVE-ID: CVE-2009-1727\uff1a\r\nCNCVE ID\uff1aCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20092188\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\nCNCVE-20092194\r\nCNCVE-20081372\r\nCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\n \r\n\u6253\u5f00\u90e8\u5206\u4e0d\u5b89\u5168\u5185\u5bb9\u7c7b\u578b\u65f6\u6ca1\u6709\u5bf9\u7528\u6237\u63d0\u793a\u8b66\u544a\uff0c\u53ef\u5bfc\u81f4\u6076\u610f\u811a\u672c\u4ee3\u7801\u8d1f\u8f7d\u6267\u884c\u3002\r\nCVE-ID: CVE-2009-0151\uff1a\r\nCNCVE ID\uff1aCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20092188\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\nCNCVE-20092194\r\nCNCVE-20081372\r\nCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\n \r\n\u5c4f\u5e55\u4fdd\u62a4\u6ca1\u6709\u6b63\u786e\u963b\u65adfour-finger Multi-Touch gestures\u591a\u70b9\u89e6\u63a7\uff0c\u5141\u8bb8\u7269\u7406\u8bbf\u95ee\u7684\u7528\u6237\u53ef\u7ba1\u7406\u5e94\u7528\u7a0b\u5e8f\u3002\r\nCVE-ID: CVE-2009-1728\uff1a\r\nCNCVE ID\uff1aCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20092188\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\nCNCVE-20092194\r\nCNCVE-20081372\r\nCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\n \r\n\u5904\u7406Canon RAW\u56fe\u50cf\u5b58\u5728\u591a\u4e2a\u6808\u7f13\u51b2\u533a\u6ea2\u51fa\u3002\r\nCVE-ID: CVE-2009-1722\uff1a\r\nCNCVE ID\uff1aCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20092188\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\nCNCVE-20092194\r\nCNCVE-20081372\r\nCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20091722\r\n \r\nImageIO\u5904\u7406OpenEXR\u56fe\u50cf\u5b58\u5728\u5806\u7f13\u51b2\u533a\u6ea2\u51fa\u3002\r\nCVE-ID: CVE-2009-1721\uff1a\r\nCNCVE ID\uff1aCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20092188\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\nCNCVE-20092194\r\nCNCVE-20081372\r\nCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20091722\r\nCNCVE-20091721\r\n \r\nImageIO\u5904\u7406OpenEXR\u56fe\u50cf\u5b58\u5728\u672a\u521d\u59cb\u5316\u5185\u5b58\u8bbf\u95ee\u95ee\u9898\uff0c\u53ef\u5bfc\u81f4\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u6216\u4efb\u610f\u4ee3\u7801\u6267\u884c\r\n\u3002\r\nCVE-ID: CVE-2009-1720\uff1a\r\nCNCVE ID\uff1aCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20092188\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\nCNCVE-20092194\r\nCNCVE-20081372\r\nCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20091722\r\nCNCVE-20091721\r\nCNCVE-20091720\r\n \r\nImageIO\u5904\u7406OpenEXR\u56fe\u50cf\u5b58\u5728\u6574\u6570\u6ea2\u51fa\u95ee\u9898\uff0c\u53ef\u5bfc\u81f4\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u6216\u4efb\u610f\u4ee3\u7801\u6267\u884c\u3002\r\nCVE-ID: CVE-2009-2188\uff1a\r\nCNCVE ID\uff1aCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20092188\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\nCNCVE-20092194\r\nCNCVE-20081372\r\nCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20091722\r\nCNCVE-20091721\r\nCNCVE-20091720\r\nCNCVE-20092188\r\n \r\nImageIO\u5904\u7406EXIF\u5143\u6570\u636e\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u95ee\u9898\uff0c\u53ef\u5bfc\u81f4\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u6216\u4efb\u610f\u4ee3\u7801\u6267\u884c\u3002\r\nCVE-ID: CVE-2009-0040\uff1a\r\nCNCVE ID\uff1aCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20092188\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\nCNCVE-20092194\r\nCNCVE-20081372\r\nCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20091722\r\nCNCVE-20091721\r\nCNCVE-20091720\r\nCNCVE-20092188\r\nCNCVE-20090040\r\n \r\n\u5904\u7406PNG\u56fe\u50cf\u5b58\u5728\u672a\u521d\u59cb\u5316\u6307\u9488\u95ee\u9898\uff0c\u6784\u5efa\u7279\u6b8a\u7684PNG\u8bf1\u4f7f\u7528\u6237\u5904\u7406\u53ef\u5bfc\u81f4\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u6216\u4efb\u610f\u4ee3\u7801\u6267\u884c\u3002\r\nCVE-ID: CVE-2009-1235\uff1a\r\nCNCVE ID\uff1aCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20092188\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\nCNCVE-20092194\r\nCNCVE-20081372\r\nCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20091722\r\nCNCVE-20091721\r\nCNCVE-20091720\r\nCNCVE-20092188\r\nCNCVE-20090040\r\nCNCVE-20091235\r\n \r\n\u5185\u6838fcntl\u7cfb\u7edf\u8c03\u7528\u5904\u7406\u5b58\u5728\u5b9e\u73b0\u9519\u8bef\uff0c\u672c\u5730\u653b\u51fb\u8005\u53ef\u4ee5\u8986\u76d6\u5185\u6838\u5185\u5b58\u4ee5\u7cfb\u7edf\u7279\u6743\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\r\nCVE-ID: CVE-2009-2190\uff1a\r\nCNCVE ID\uff1aCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20092188\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\nCNCVE-20092194\r\nCNCVE-20081372\r\nCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20091722\r\nCNCVE-20091721\r\nCNCVE-20091720\r\nCNCVE-20092188\r\nCNCVE-20090040\r\nCNCVE-20091235\r\nCNCVE-20092190\r\n \r\n\u5bf9\u57fa\u4e8einetd\u7684launchd\u670d\u52a1\u6253\u5f00\u591a\u4e2a\u8fde\u63a5\uff0c\u53ef\u5bfc\u81f4launchd\u505c\u6b62\u5bf9\u5916\u8fde\u63a5\u7684\u54cd\u5e94\u3002\r\nCVE-ID: CVE-2009-2191\uff1a\r\nCNCVE ID\uff1aCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20092188\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\nCNCVE-20092194\r\nCNCVE-20081372\r\nCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20091722\r\nCNCVE-20091721\r\nCNCVE-20091720\r\nCNCVE-20092188\r\nCNCVE-20090040\r\nCNCVE-20091235\r\nCNCVE-20092190\r\nCNCVE-20092191\r\n \r\n\u767b\u5f55\u7a97\u53e3\u5904\u7406\u5e94\u7528\u7a0b\u5e8f\u540d\u5b58\u5728\u683c\u5f0f\u4e32\u95ee\u9898\uff0c\u53ef\u5bfc\u81f4\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u6216\u4efb\u610f\u4ee3\u7801\u6267\u884c\u3002\r\nCVE-ID: CVE-2009-2192\uff1a\r\nCNCVE ID\uff1aCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20092188\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\nCNCVE-20092194\r\nCNCVE-20081372\r\nCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20091722\r\nCNCVE-20091721\r\nCNCVE-20091720\r\nCNCVE-20092188\r\nCNCVE-20090040\r\nCNCVE-20091235\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\n \r\nMobileMe\u5b58\u5728\u4e00\u4e2a\u903b\u8f91\u9519\u8bef\uff0c\u5728\u9000\u51fa\u65f6\u6ca1\u6709\u5220\u9664\u6240\u6709\u51ed\u636e\uff0c\u672c\u5730\u7528\u6237\u53ef\u4ee5\u8bbf\u95ee\u5176\u4ed6MobileMe\u5e10\u6237\u76f8\u5173\u8d44\u6e90\u3002\r\nCVE-ID: CVE-2009-2193\uff1a\r\nCNCVE ID\uff1aCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20092188\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\nCNCVE-20092194\r\nCNCVE-20081372\r\nCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20091722\r\nCNCVE-20091721\r\nCNCVE-20091720\r\nCNCVE-20092188\r\nCNCVE-20090040\r\nCNCVE-20091235\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\n \r\n\u5185\u6838\u5904\u7406 AppleTalk\u5e94\u7b54\u62a5\u6587\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\uff0c\u53ef\u5bfc\u81f4\u4ee5\u7cfb\u7edf\u6743\u9650\u6267\u884c\u4efb\u610f\u6307\u4ee4\u3002\r\nCVE-ID: CVE-2009-2194\uff1a\r\nCNCVE ID\uff1aCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20092188\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\nCNCVE-20092194\r\nCNCVE-20081372\r\nCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20091722\r\nCNCVE-20091721\r\nCNCVE-20091720\r\nCNCVE-20092188\r\nCNCVE-20090040\r\nCNCVE-20091235\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\nCNCVE-20092194\r\n \r\n\u5904\u7406\u901a\u8fc7\u672c\u5730\u5957\u63a5\u5b57\u5171\u4eab\u7684\u6587\u4ef6\u63cf\u8ff0\u7b26\u5b58\u5728\u540c\u6b65\u95ee\u9898\uff0c\u901a\u8fc7\u53d1\u9001\u5305\u542b\u6587\u4ef6\u63cf\u8ff0\u7b26\u7684\u6d88\u606f\u7ed9\u6ca1\u6709\u63a5\u6536\u8005\u7684\u5957\u63a5\u5b57\uff0c\u672c\u5730\u7528\u6237\u53ef\u5bfc\u81f4\u7cfb\u7edf\u5d29\u6e83\u3002\r\nCVE-ID: CVE-2008-0674\uff1a\r\nCNCVE ID\uff1aCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20092188\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\nCNCVE-20092194\r\nCNCVE-20081372\r\nCNCVE-20091723\r\nCNCVE-20091726\r\nCNCVE-20091727\r\nCNCVE-20090151\r\nCNCVE-20091728\r\nCNCVE-20091722\r\nCNCVE-20091721\r\nCNCVE-20091720\r\nCNCVE-20092188\r\nCNCVE-20090040\r\nCNCVE-20091235\r\nCNCVE-20092190\r\nCNCVE-20092191\r\nCNCVE-20092192\r\nCNCVE-20092193\r\nCNCVE-20092194\r\nCNCVE-20080674\r\n \r\nXQuery\u4f7f\u7528\u7684PCRE\u5e93\u5904\u7406\u89c4\u5219\u8868\u8fbe\u5f0f\u4e2d\u7684\u5b57\u7b26\u7c7b\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\uff0c\u6784\u5efa\u6076\u610f\u7684XML\u5185\u5bb9\u8bf1\u4f7f\u7528\u6237\u8bbf\u95ee\u53ef\u89e6\u53d1\u6b64\u6f0f\u6d1e\u3002\n\nApple Mac OS X Server 10.5.7\r\nApple Mac OS X Server 10.5.6\r\nApple Mac OS X Server 10.5.5\r\nApple Mac OS X Server 10.5.4\r\nApple Mac OS X Server 10.5.3\r\nApple Mac OS X Server 10.5.2\r\nApple Mac OS X Server 10.5.1\r\nApple Mac OS X Server 10.4.11\r\nApple Mac OS X Server 10.4.11\r\nApple Mac OS X Server 10.4.10\r\nApple Mac OS X Server 10.4.9\r\nApple Mac OS X Server 10.4.8\r\nApple Mac OS X Server 10.4.7\r\nApple Mac OS X Server 10.4.6\r\nApple Mac OS X Server 10.4.5\r\nApple Mac OS X Server 10.4.4\r\nApple Mac OS X Server 10.4.3\r\nApple Mac OS X Server 10.4.2\r\nApple Mac OS X Server 10.4.1\r\nApple Mac OS X Server 10.4\r\nApple Mac OS X Server 10.5\r\nApple Mac OS X 10.5.7\r\nApple Mac OS X 10.5.6\r\nApple Mac OS X 10.5.5\r\nApple Mac OS X 10.5.4\r\nApple Mac OS X 10.5.3\r\nApple Mac OS X 10.5.2\r\nApple Mac OS X 10.5.1\r\nApple Mac OS X 10.4.11\r\nApple Mac OS X 10.4.11\r\nApple Mac OS X 10.4.10\r\nApple Mac OS X 10.4.9\r\nApple Mac OS X 10.4.8\r\nApple Mac OS X 10.4.7\r\nApple Mac OS X 10.4.6\r\nApple Mac OS X 10.4.5\r\nApple Mac OS X 10.4.4\r\nApple Mac OS X 10.4.3\r\nApple Mac OS X 10.4.2\r\nApple Mac OS X 10.4.1\r\nApple Mac OS X 10.4\r\nApple Mac OS X 10.5\n\u5382\u5546\u89e3\u51b3\u65b9\u6848\r\n\u7528\u6237\u53ef\u8054\u7cfb\u4f9b\u5e94\u5546\u83b7\u5f97\u5347\u7ea7\u8865\u4e01\uff1a\r\nApple Mac OS X Server 10.5\r\nApple MacOSXServerUpdCombo10.5.8.dmg\r\nhttp://www.apple.com/support/downloads/\r\nApple Mac OS X 10.5\r\nApple MacOSXUpdCombo10.5.8.dmg\r\nhttp://www.apple.com/support/downloads/\r\nApple Mac OS X Server 10.4.11\r\nApple SecUpdSrvr2009-003PPC.dmg\r\nPowerPC\r\nhttp://www.apple.com/support/downloads/\r\nApple SecUpdSrvr2009-003Univ.dmg\r\nUniversal\r\nhttp://www.apple.com/support/downloads/\r\nApple Mac OS X 10.4.11\r\nApple SecUpd2009-003Intel.dmg\r\nIntel\r\nhttp://www.apple.com/support/downloads/\r\nApple SecUpd2009-003PPC.dmg\r\nPPC\r\nhttp://www.apple.com/support/downloads/\r\nApple Mac OS X 10.5.1\r\nApple MacOSXUpdCombo10.5.8.dmg\r\nhttp://www.apple.com/support/downloads/\r\nApple Mac OS X Server 10.5.1\r\nApple MacOSXServerUpdCombo10.5.8.dmg\r\nhttp://www.apple.com/support/downloads/\r\nApple Mac OS X 10.5.2\r\nApple MacOSXUpdCombo10.5.8.dmg\r\nhttp://www.apple.com/support/downloads/\r\nApple Mac OS X Server 10.5.2\r\nApple MacOSXServerUpdCombo10.5.8.dmg\r\nhttp://www.apple.com/support/downloads/\r\nApple Mac OS X 10.5.3\r\nApple MacOSXUpdCombo10.5.8.dmg\r\nhttp://www.apple.com/support/downloads/\r\nApple Mac OS X Server 10.5.3\r\nApple MacOSXServerUpdCombo10.5.8.dmg\r\nhttp://www.apple.com/support/downloads/\r\nApple Mac OS X 10.5.4\r\nApple MacOSXUpdCombo10.5.8.dmg\r\nhttp://www.apple.com/support/downloads/\r\nApple Mac OS X Server 10.5.4\r\nApple MacOSXServerUpdCombo10.5.8.dmg\r\nhttp://www.apple.com/support/downloads/\r\nApple Mac OS X Server 10.5.5\r\nApple MacOSXServerUpdCombo10.5.8.dmg\r\nhttp://www.apple.com/support/downloads/\r\nApple Mac OS X 10.5.5\r\nApple MacOSXUpdCombo10.5.8.dmg\r\nhttp://www.apple.com/support/downloads/\r\nApple Mac OS X 10.5.6\r\nApple MacOSXUpdCombo10.5.8.dmg\r\nhttp://www.apple.com/support/downloads/\r\nApple Mac OS X Server 10.5.6\r\nApple MacOSXServerUpdCombo10.5.8.dmg\r\nhttp://www.apple.com/support/downloads/\r\nApple Mac OS X Server 10.5.7\r\nApple MacOSXServerUpd10.5.8.dmg\r\nhttp://www.apple.com/support/downloads/\r\nApple Mac OS X 10.5.7\r\nApple MacOSXUpd10.5.8.dmg\r\nhttp://www.apple.com/support/downloads/", "published": "2009-08-06T00:00:00", "title": "Apple Mac OS X 2009-003\u4fee\u8865\u591a\u4e2a\u5b89\u5168\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2008-0674", "CVE-2008-1372", "CVE-2009-0040", "CVE-2009-0151", "CVE-2009-1235", "CVE-2009-1720", "CVE-2009-1721", "CVE-2009-1722", "CVE-2009-1723", "CVE-2009-1726", "CVE-2009-1727", "CVE-2009-1728", "CVE-2009-2188", "CVE-2009-2190", "CVE-2009-2191", "CVE-2009-2192", "CVE-2009-2193", "CVE-2009-2194"], "modified": "2009-08-06T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-11998", "id": "SSV:11998", "sourceData": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": ""}]}
