Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:11998
HistoryAug 06, 2009 - 12:00 a.m.

Apple Mac OS X 2009-003修补多个安全漏洞

2009-08-0600:00:00
Root
www.seebug.org
269

0.533 Medium

EPSS

Percentile

97.3%

JSON

Bugraq ID: 35954
CVE ID:CVE-2009-1723
CVE-2009-1726
CVE-2009-1727
CVE-2009-0151
CVE-2009-1728
CVE-2009-2188
CVE-2009-2190
CVE-2009-2191
CVE-2009-2192
CVE-2009-2193
CVE-2009-2194
CNCVE ID:CNCVE-20091723
CNCVE-20091726
CNCVE-20091727
CNCVE-20090151
CNCVE-20091728
CNCVE-20092188
CNCVE-20092190
CNCVE-20092191
CNCVE-20092192
CNCVE-20092193
CNCVE-20092194

Apple Mac OS X是一款基于BSD的操作系统。
Apple Mac OS X安全升级2009-003修复多个安全漏洞:
CVE-ID: CVE-2008-1372:
CNCVE ID:CNCVE-20091723
CNCVE-20091726
CNCVE-20091727
CNCVE-20090151
CNCVE-20091728
CNCVE-20092188
CNCVE-20092190
CNCVE-20092191
CNCVE-20092192
CNCVE-20092193
CNCVE-20092194
CNCVE-20081372

bzip2存在越界内存发那个吻问题,构建恶意的压缩文件,诱使用户打开可导致应用程序崩溃。
CVE-ID: CVE-2009-1723:
CNCVE ID:CNCVE-20091723
CNCVE-20091726
CNCVE-20091727
CNCVE-20090151
CNCVE-20091728
CNCVE-20092188
CNCVE-20092190
CNCVE-20092191
CNCVE-20092192
CNCVE-20092193
CNCVE-20092194
CNCVE-20081372
CNCVE-20091723

当Safari访问到通过302重定向的WEB站点时,会提示证书警告,此警告会包含原始WEB站点URL来代替当前WEB站点URL,这允许恶意构建的WEB站点可控制显示在证书警告中的WEB站点URL,导致用户盲目信任。
CVE-ID: CVE-2009-1726:
CNCVE ID:CNCVE-20091723
CNCVE-20091726
CNCVE-20091727
CNCVE-20090151
CNCVE-20091728
CNCVE-20092188
CNCVE-20092190
CNCVE-20092191
CNCVE-20092192
CNCVE-20092193
CNCVE-20092194
CNCVE-20081372
CNCVE-20091723
CNCVE-20091726

打开一个特殊构建的使用嵌入式ColorSync配置文件的图像时可导致应用程序崩溃。
CVE-ID: CVE-2009-1727:
CNCVE ID:CNCVE-20091723
CNCVE-20091726
CNCVE-20091727
CNCVE-20090151
CNCVE-20091728
CNCVE-20092188
CNCVE-20092190
CNCVE-20092191
CNCVE-20092192
CNCVE-20092193
CNCVE-20092194
CNCVE-20081372
CNCVE-20091723
CNCVE-20091726
CNCVE-20091727

打开部分不安全内容类型时没有对用户提示警告,可导致恶意脚本代码负载执行。
CVE-ID: CVE-2009-0151:
CNCVE ID:CNCVE-20091723
CNCVE-20091726
CNCVE-20091727
CNCVE-20090151
CNCVE-20091728
CNCVE-20092188
CNCVE-20092190
CNCVE-20092191
CNCVE-20092192
CNCVE-20092193
CNCVE-20092194
CNCVE-20081372
CNCVE-20091723
CNCVE-20091726
CNCVE-20091727
CNCVE-20090151

屏幕保护没有正确阻断four-finger Multi-Touch gestures多点触控,允许物理访问的用户可管理应用程序。
CVE-ID: CVE-2009-1728:
CNCVE ID:CNCVE-20091723
CNCVE-20091726
CNCVE-20091727
CNCVE-20090151
CNCVE-20091728
CNCVE-20092188
CNCVE-20092190
CNCVE-20092191
CNCVE-20092192
CNCVE-20092193
CNCVE-20092194
CNCVE-20081372
CNCVE-20091723
CNCVE-20091726
CNCVE-20091727
CNCVE-20090151
CNCVE-20091728

处理Canon RAW图像存在多个栈缓冲区溢出。
CVE-ID: CVE-2009-1722:
CNCVE ID:CNCVE-20091723
CNCVE-20091726
CNCVE-20091727
CNCVE-20090151
CNCVE-20091728
CNCVE-20092188
CNCVE-20092190
CNCVE-20092191
CNCVE-20092192
CNCVE-20092193
CNCVE-20092194
CNCVE-20081372
CNCVE-20091723
CNCVE-20091726
CNCVE-20091727
CNCVE-20090151
CNCVE-20091728
CNCVE-20091722

ImageIO处理OpenEXR图像存在堆缓冲区溢出。
CVE-ID: CVE-2009-1721:
CNCVE ID:CNCVE-20091723
CNCVE-20091726
CNCVE-20091727
CNCVE-20090151
CNCVE-20091728
CNCVE-20092188
CNCVE-20092190
CNCVE-20092191
CNCVE-20092192
CNCVE-20092193
CNCVE-20092194
CNCVE-20081372
CNCVE-20091723
CNCVE-20091726
CNCVE-20091727
CNCVE-20090151
CNCVE-20091728
CNCVE-20091722
CNCVE-20091721

ImageIO处理OpenEXR图像存在未初始化内存访问问题,可导致应用程序崩溃或任意代码执行

CVE-ID: CVE-2009-1720:
CNCVE ID:CNCVE-20091723
CNCVE-20091726
CNCVE-20091727
CNCVE-20090151
CNCVE-20091728
CNCVE-20092188
CNCVE-20092190
CNCVE-20092191
CNCVE-20092192
CNCVE-20092193
CNCVE-20092194
CNCVE-20081372
CNCVE-20091723
CNCVE-20091726
CNCVE-20091727
CNCVE-20090151
CNCVE-20091728
CNCVE-20091722
CNCVE-20091721
CNCVE-20091720

ImageIO处理OpenEXR图像存在整数溢出问题,可导致应用程序崩溃或任意代码执行。
CVE-ID: CVE-2009-2188:
CNCVE ID:CNCVE-20091723
CNCVE-20091726
CNCVE-20091727
CNCVE-20090151
CNCVE-20091728
CNCVE-20092188
CNCVE-20092190
CNCVE-20092191
CNCVE-20092192
CNCVE-20092193
CNCVE-20092194
CNCVE-20081372
CNCVE-20091723
CNCVE-20091726
CNCVE-20091727
CNCVE-20090151
CNCVE-20091728
CNCVE-20091722
CNCVE-20091721
CNCVE-20091720
CNCVE-20092188

ImageIO处理EXIF元数据存在缓冲区溢出问题,可导致应用程序崩溃或任意代码执行。
CVE-ID: CVE-2009-0040:
CNCVE ID:CNCVE-20091723
CNCVE-20091726
CNCVE-20091727
CNCVE-20090151
CNCVE-20091728
CNCVE-20092188
CNCVE-20092190
CNCVE-20092191
CNCVE-20092192
CNCVE-20092193
CNCVE-20092194
CNCVE-20081372
CNCVE-20091723
CNCVE-20091726
CNCVE-20091727
CNCVE-20090151
CNCVE-20091728
CNCVE-20091722
CNCVE-20091721
CNCVE-20091720
CNCVE-20092188
CNCVE-20090040

处理PNG图像存在未初始化指针问题,构建特殊的PNG诱使用户处理可导致应用程序崩溃或任意代码执行。
CVE-ID: CVE-2009-1235:
CNCVE ID:CNCVE-20091723
CNCVE-20091726
CNCVE-20091727
CNCVE-20090151
CNCVE-20091728
CNCVE-20092188
CNCVE-20092190
CNCVE-20092191
CNCVE-20092192
CNCVE-20092193
CNCVE-20092194
CNCVE-20081372
CNCVE-20091723
CNCVE-20091726
CNCVE-20091727
CNCVE-20090151
CNCVE-20091728
CNCVE-20091722
CNCVE-20091721
CNCVE-20091720
CNCVE-20092188
CNCVE-20090040
CNCVE-20091235

内核fcntl系统调用处理存在实现错误,本地攻击者可以覆盖内核内存以系统特权执行任意代码。
CVE-ID: CVE-2009-2190:
CNCVE ID:CNCVE-20091723
CNCVE-20091726
CNCVE-20091727
CNCVE-20090151
CNCVE-20091728
CNCVE-20092188
CNCVE-20092190
CNCVE-20092191
CNCVE-20092192
CNCVE-20092193
CNCVE-20092194
CNCVE-20081372
CNCVE-20091723
CNCVE-20091726
CNCVE-20091727
CNCVE-20090151
CNCVE-20091728
CNCVE-20091722
CNCVE-20091721
CNCVE-20091720
CNCVE-20092188
CNCVE-20090040
CNCVE-20091235
CNCVE-20092190

对基于inetd的launchd服务打开多个连接,可导致launchd停止对外连接的响应。
CVE-ID: CVE-2009-2191:
CNCVE ID:CNCVE-20091723
CNCVE-20091726
CNCVE-20091727
CNCVE-20090151
CNCVE-20091728
CNCVE-20092188
CNCVE-20092190
CNCVE-20092191
CNCVE-20092192
CNCVE-20092193
CNCVE-20092194
CNCVE-20081372
CNCVE-20091723
CNCVE-20091726
CNCVE-20091727
CNCVE-20090151
CNCVE-20091728
CNCVE-20091722
CNCVE-20091721
CNCVE-20091720
CNCVE-20092188
CNCVE-20090040
CNCVE-20091235
CNCVE-20092190
CNCVE-20092191

登录窗口处理应用程序名存在格式串问题,可导致应用程序崩溃或任意代码执行。
CVE-ID: CVE-2009-2192:
CNCVE ID:CNCVE-20091723
CNCVE-20091726
CNCVE-20091727
CNCVE-20090151
CNCVE-20091728
CNCVE-20092188
CNCVE-20092190
CNCVE-20092191
CNCVE-20092192
CNCVE-20092193
CNCVE-20092194
CNCVE-20081372
CNCVE-20091723
CNCVE-20091726
CNCVE-20091727
CNCVE-20090151
CNCVE-20091728
CNCVE-20091722
CNCVE-20091721
CNCVE-20091720
CNCVE-20092188
CNCVE-20090040
CNCVE-20091235
CNCVE-20092190
CNCVE-20092191
CNCVE-20092192

MobileMe存在一个逻辑错误,在退出时没有删除所有凭据,本地用户可以访问其他MobileMe帐户相关资源。
CVE-ID: CVE-2009-2193:
CNCVE ID:CNCVE-20091723
CNCVE-20091726
CNCVE-20091727
CNCVE-20090151
CNCVE-20091728
CNCVE-20092188
CNCVE-20092190
CNCVE-20092191
CNCVE-20092192
CNCVE-20092193
CNCVE-20092194
CNCVE-20081372
CNCVE-20091723
CNCVE-20091726
CNCVE-20091727
CNCVE-20090151
CNCVE-20091728
CNCVE-20091722
CNCVE-20091721
CNCVE-20091720
CNCVE-20092188
CNCVE-20090040
CNCVE-20091235
CNCVE-20092190
CNCVE-20092191
CNCVE-20092192
CNCVE-20092193

内核处理 AppleTalk应答报文存在缓冲区溢出,可导致以系统权限执行任意指令。
CVE-ID: CVE-2009-2194:
CNCVE ID:CNCVE-20091723
CNCVE-20091726
CNCVE-20091727
CNCVE-20090151
CNCVE-20091728
CNCVE-20092188
CNCVE-20092190
CNCVE-20092191
CNCVE-20092192
CNCVE-20092193
CNCVE-20092194
CNCVE-20081372
CNCVE-20091723
CNCVE-20091726
CNCVE-20091727
CNCVE-20090151
CNCVE-20091728
CNCVE-20091722
CNCVE-20091721
CNCVE-20091720
CNCVE-20092188
CNCVE-20090040
CNCVE-20091235
CNCVE-20092190
CNCVE-20092191
CNCVE-20092192
CNCVE-20092193
CNCVE-20092194

处理通过本地套接字共享的文件描述符存在同步问题,通过发送包含文件描述符的消息给没有接收者的套接字,本地用户可导致系统崩溃。
CVE-ID: CVE-2008-0674:
CNCVE ID:CNCVE-20091723
CNCVE-20091726
CNCVE-20091727
CNCVE-20090151
CNCVE-20091728
CNCVE-20092188
CNCVE-20092190
CNCVE-20092191
CNCVE-20092192
CNCVE-20092193
CNCVE-20092194
CNCVE-20081372
CNCVE-20091723
CNCVE-20091726
CNCVE-20091727
CNCVE-20090151
CNCVE-20091728
CNCVE-20091722
CNCVE-20091721
CNCVE-20091720
CNCVE-20092188
CNCVE-20090040
CNCVE-20091235
CNCVE-20092190
CNCVE-20092191
CNCVE-20092192
CNCVE-20092193
CNCVE-20092194
CNCVE-20080674

XQuery使用的PCRE库处理规则表达式中的字符类存在缓冲区溢出,构建恶意的XML内容诱使用户访问可触发此漏洞。

Apple Mac OS X Server 10.5.7
Apple Mac OS X Server 10.5.6
Apple Mac OS X Server 10.5.5
Apple Mac OS X Server 10.5.4
Apple Mac OS X Server 10.5.3
Apple Mac OS X Server 10.5.2
Apple Mac OS X Server 10.5.1
Apple Mac OS X Server 10.4.11
Apple Mac OS X Server 10.4.11
Apple Mac OS X Server 10.4.10
Apple Mac OS X Server 10.4.9
Apple Mac OS X Server 10.4.8
Apple Mac OS X Server 10.4.7
Apple Mac OS X Server 10.4.6
Apple Mac OS X Server 10.4.5
Apple Mac OS X Server 10.4.4
Apple Mac OS X Server 10.4.3
Apple Mac OS X Server 10.4.2
Apple Mac OS X Server 10.4.1
Apple Mac OS X Server 10.4
Apple Mac OS X Server 10.5
Apple Mac OS X 10.5.7
Apple Mac OS X 10.5.6
Apple Mac OS X 10.5.5
Apple Mac OS X 10.5.4
Apple Mac OS X 10.5.3
Apple Mac OS X 10.5.2
Apple Mac OS X 10.5.1
Apple Mac OS X 10.4.11
Apple Mac OS X 10.4.11
Apple Mac OS X 10.4.10
Apple Mac OS X 10.4.9
Apple Mac OS X 10.4.8
Apple Mac OS X 10.4.7
Apple Mac OS X 10.4.6
Apple Mac OS X 10.4.5
Apple Mac OS X 10.4.4
Apple Mac OS X 10.4.3
Apple Mac OS X 10.4.2
Apple Mac OS X 10.4.1
Apple Mac OS X 10.4
Apple Mac OS X 10.5
厂商解决方案
用户可联系供应商获得升级补丁:
Apple Mac OS X Server 10.5
Apple MacOSXServerUpdCombo10.5.8.dmg
http://www.apple.com/support/downloads/
Apple Mac OS X 10.5
Apple MacOSXUpdCombo10.5.8.dmg
http://www.apple.com/support/downloads/
Apple Mac OS X Server 10.4.11
Apple SecUpdSrvr2009-003PPC.dmg
PowerPC
http://www.apple.com/support/downloads/
Apple SecUpdSrvr2009-003Univ.dmg
Universal
http://www.apple.com/support/downloads/
Apple Mac OS X 10.4.11
Apple SecUpd2009-003Intel.dmg
Intel
http://www.apple.com/support/downloads/
Apple SecUpd2009-003PPC.dmg
PPC
http://www.apple.com/support/downloads/
Apple Mac OS X 10.5.1
Apple MacOSXUpdCombo10.5.8.dmg
http://www.apple.com/support/downloads/
Apple Mac OS X Server 10.5.1
Apple MacOSXServerUpdCombo10.5.8.dmg
http://www.apple.com/support/downloads/
Apple Mac OS X 10.5.2
Apple MacOSXUpdCombo10.5.8.dmg
http://www.apple.com/support/downloads/
Apple Mac OS X Server 10.5.2
Apple MacOSXServerUpdCombo10.5.8.dmg
http://www.apple.com/support/downloads/
Apple Mac OS X 10.5.3
Apple MacOSXUpdCombo10.5.8.dmg
http://www.apple.com/support/downloads/
Apple Mac OS X Server 10.5.3
Apple MacOSXServerUpdCombo10.5.8.dmg
http://www.apple.com/support/downloads/
Apple Mac OS X 10.5.4
Apple MacOSXUpdCombo10.5.8.dmg
http://www.apple.com/support/downloads/
Apple Mac OS X Server 10.5.4
Apple MacOSXServerUpdCombo10.5.8.dmg
http://www.apple.com/support/downloads/
Apple Mac OS X Server 10.5.5
Apple MacOSXServerUpdCombo10.5.8.dmg
http://www.apple.com/support/downloads/
Apple Mac OS X 10.5.5
Apple MacOSXUpdCombo10.5.8.dmg
http://www.apple.com/support/downloads/
Apple Mac OS X 10.5.6
Apple MacOSXUpdCombo10.5.8.dmg
http://www.apple.com/support/downloads/
Apple Mac OS X Server 10.5.6
Apple MacOSXServerUpdCombo10.5.8.dmg
http://www.apple.com/support/downloads/
Apple Mac OS X Server 10.5.7
Apple MacOSXServerUpd10.5.8.dmg
http://www.apple.com/support/downloads/
Apple Mac OS X 10.5.7
Apple MacOSXUpd10.5.8.dmg
http://www.apple.com/support/downloads/

Related

securityvulns 5
nessus 50
openvas 90
ubuntu 2
debian 2
osv 2
fedora 6
gentoo 3
cve 11
prion 11
f5 3
cert 1
oraclelinux 1
altlinux 1
ubuntucve 2
centos 3
debiancve 2
veracode 1
redhat 1
freebsd 1
seebug 1
securityvulns
securityvulns
Apple Mac OS X multiple security vulnerabilities
2009-08-07 00:00:00
About the security content of Security Update 2009-003 / Mac OS X v10.5.8
2009-08-07 00:00:00
[SECURITY] [DSA 1842-1] New openexr packages fix several vulnerabilities
2009-07-28 00:00:00
nessus
nessus
Mac OS X 10.5.x < 10.5.8 Multiple Vulnerabilities
2009-08-05 00:00:00
Mac OS X 10.5 < 10.5.8 Multiple Vulnerabilities
2009-08-06 00:00:00
Mac OS X Multiple Vulnerabilities (Security Update 2009-003)
2009-08-05 00:00:00
openvas
openvas
Mac OS X 10.5.8 Update / Mac OS X Security Update 2009-003
2010-05-12 00:00:00
Mac OS X 10.5.8 Update / Mac OS X Security Update 2009-003
2010-05-12 00:00:00
Mandrake Security Advisory MDVSA-2009:191 (OpenEXR)
2009-08-17 00:00:00
ubuntu
ubuntu
OpenEXR vulnerabilities
2009-09-14 00:00:00
bzip2 vulnerability
2008-03-24 00:00:00
debian
debian
[SECURITY] [DSA 1842-1] New openexr packages fix several vulnerabilities
2009-07-28 12:16:44
[SECURITY] [DSA 1499-1] New pcre3 packages fix arbitrary code execution
2008-02-19 22:10:49
osv
osv
openexr - several vulnerabilities
2009-07-28 00:00:00
pcre3 - arbitrary code execution
2008-02-19 00:00:00
fedora
fedora
[SECURITY] Fedora 10 Update: OpenEXR-1.6.1-8.fc10
2009-07-31 18:02:09
[SECURITY] Fedora 11 Update: OpenEXR-1.6.1-8.fc11
2009-07-31 18:01:21
[SECURITY] Fedora 7 Update: bzip2-1.0.4-11.fc7
2008-04-09 05:23:47
gentoo
gentoo
OpenEXR: Multiple Vulnerabilities
2013-12-09 00:00:00
Analog: Denial of service
2009-03-29 00:00:00
bzip2: Denial of service
2008-04-02 00:00:00
cve
cve
CVE-2009-2192
2009-08-06 16:30:00
CVE-2009-2193
2009-08-06 16:30:00
CVE-2009-2190
2009-08-06 16:30:00
prion
prion
Design/Logic Flaw
2009-08-06 16:30:00
Code injection
2009-08-06 16:30:00
Buffer overflow
2009-08-06 16:30:00
f5
f5
K9988 : libpng vulnerability CVE-2009-0040
2013-03-27 00:00:00
K9592 : bzip2 vulnerability CVE-2008-1372
2013-03-29 00:00:00
SOL9592 - bzip2 vulnerability CVE-2008-1372
2009-01-20 00:00:00
cert
cert
libpng fails to properly initialize element pointers
2009-03-02 00:00:00
oraclelinux
oraclelinux
bzip2 security update
2008-09-16 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 5 package bzip2 version 1:1.0.5-alt1
2008-03-18 00:00:00
ubuntucve
ubuntucve
CVE-2008-1372
2008-03-18 00:00:00
CVE-2009-1721
2009-07-31 00:00:00
centos
centos
bzip2 security update
2008-09-17 00:31:08
bzip2 security update
2008-09-16 15:23:39
libpng, libpng10 security update
2009-03-04 23:31:04
debiancve
debiancve
CVE-2008-1372
2008-03-18 21:44:00
CVE-2009-1722
2009-07-31 19:00:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:30:13
redhat
redhat
(RHSA-2008:0893) Moderate: bzip2 security update
2008-09-16 00:00:00
freebsd
freebsd
bzip2 -- crash with certain malformed archive files
2008-03-18 00:00:00
seebug
seebug
PCRE字符类缓冲区溢出漏洞
2008-03-19 00:00:00

0.533 Medium

EPSS

Percentile

97.3%

JSON
Related for SSV:11998
securityvulns5nessus50openvas90ubuntu2debian2osv2fedora6gentoo3cve11prion11f53cert1oraclelinux1altlinux1ubuntucve2centos3debiancve2veracode1redhat1freebsd1seebug1