Apple Mac OS X Java Applet HMAC供给器处理远程代码执行漏洞

2008-09-27T00:00:00
ID SSV:4122
Type seebug
Reporter Root
Modified 2008-09-27T00:00:00

Description

BUGTRAQ ID: 31379 CVE ID:CVE-2008-3637 CNCVE ID:CNCVE-20083637

Apple Mac OS X是一款商业性质的操作系统。 Apple Mac OS X Java Applet HMAC供给器使用未初始化变量,远程攻击者可以利用漏洞以应用程序上下文执行任意代码。 基于HASH的消息验证代码(HMAC)供给器用于生成MD5和SHA-A HASH,其中存在一个错误检查可导致使用未初始化变量。构建恶意的Java applet,诱使用户访问,可导致任意代码执行。

Apple Mac OS X Server 10.5.5 Apple Mac OS X Server 10.5.4 Apple Mac OS X Server 10.5.3 Apple Mac OS X Server 10.5.2 Apple Mac OS X Server 10.5.1 Apple Mac OS X Server 10.4.11 Apple Mac OS X Server 10.4.10 Apple Mac OS X Server 10.4.9 Apple Mac OS X Server 10.4.8 Apple Mac OS X Server 10.4.7 Apple Mac OS X Server 10.4.6 Apple Mac OS X Server 10.4.5 Apple Mac OS X Server 10.4.4 Apple Mac OS X Server 10.4.3 Apple Mac OS X Server 10.4.2 Apple Mac OS X Server 10.4.1 Apple Mac OS X Server 10.4 Apple Mac OS X Server 10.5 Apple Mac OS X 10.5.5 Apple Mac OS X 10.5.4 Apple Mac OS X 10.5.3 Apple Mac OS X 10.5.2 Apple Mac OS X 10.5.1 Apple Mac OS X 10.4.11 Apple Mac OS X 10.4.10 Apple Mac OS X 10.4.9 Apple Mac OS X 10.4.8 Apple Mac OS X 10.4.7 Apple Mac OS X 10.4.6 Apple Mac OS X 10.4.5 Apple Mac OS X 10.4.4 Apple Mac OS X 10.4.3 Apple Mac OS X 10.4.2 Apple Mac OS X 10.4.1 Apple Mac OS X 10.4 Apple Mac OS X 10.5

可参考如下补丁程序: Apple Mac OS X Server 10.4.11 Apple JavaForMacOSX10.4Release7.dmg Java for Mac OS X 10.4, Release 7 <a href=http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=21278&cat= target=_blank>http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=21278&cat=</a> 59&platform=osx&method=sa/JavaForMacOSX10.4Release7.dmg Apple Mac OS X 10.4.11 Apple JavaForMacOSX10.4Release7.dmg Java for Mac OS X 10.4, Release 7 <a href=http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=21278&cat= target=_blank>http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=21278&cat=</a> 59&platform=osx&method=sa/JavaForMacOSX10.4Release7.dmg Apple Mac OS X 10.5.4 Apple JavaForMacOSX10.5Update2.dmg Java for Mac OS X 10.5 Update 2 <a href=http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=21277&cat= target=_blank>http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=21277&cat=</a> 59&platform=osx&method=sa/JavaForMacOSX10.5Update2.dmg Apple Mac OS X Server 10.5.4 Apple JavaForMacOSX10.5Update2.dmg Java for Mac OS X 10.5 Update 2 <a href=http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=21277&cat= target=_blank>http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=21277&cat=</a> 59&platform=osx&method=sa/JavaForMacOSX10.5Update2.dmg Apple Mac OS X Server 10.5.5 Apple JavaForMacOSX10.5Update2.dmg Java for Mac OS X 10.5 Update 2 <a href=http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=21277&cat= target=_blank>http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=21277&cat=</a> 59&platform=osx&method=sa/JavaForMacOSX10.5Update2.dmg Apple Mac OS X 10.5.5 Apple JavaForMacOSX10.5Update2.dmg Java for Mac OS X 10.5 Update 2 <a href=http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=21277&cat= target=_blank>http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=21277&cat=</a> 59&platform=osx&method=sa/JavaForMacOSX10.5Update2.dmg