VRDAフィード：脆弱性脅威分析用情報の定型データ配信

VRDA Feed by

Vulnerability Response Decision Assistance Feed : 脆弱性脅威分析用情報の定型データ配信

分析対象脆弱性情報 (リビジョン番号 : 1)

VRDA-091111-001 ( CVE-2007-5707 | CVE-2007-6698 | CVE-2008-0658 | CVE-2008-5161 | CVE-2009-0023 | CVE-2009-1191 | CVE-2009-1195 | CVE-2009-1574 | CVE-2009-1632 | CVE-2009-1890 | CVE-2009-1891 | CVE-2009-1955 | CVE-2009-1956 | CVE-2009-2202 | CVE-2009-2203 | CVE-2009-2285 | CVE-2009-2408 | CVE-2009-2409 | CVE-2009-2411 | CVE-2009-2412 | CVE-2009-2414 | CVE-2009-2416 | CVE-2009-2666 | CVE-2009-2798 | CVE-2009-2799 | CVE-2009-2808 | CVE-2009-2810 | CVE-2009-2818 | CVE-2009-2819 | CVE-2009-2820 | CVE-2009-2823 | CVE-2009-2824 | CVE-2009-2825 | CVE-2009-2826 | CVE-2009-2827 | CVE-2009-2828 | CVE-2009-2829 | CVE-2009-2830 | CVE-2009-2831 | CVE-2009-2832 | CVE-2009-2833 | CVE-2009-2834 | CVE-2009-2835 | CVE-2009-2836 | CVE-2009-2837 | CVE-2009-2838 | CVE-2009-2839 | CVE-2009-2840 | CVE-2009-3111 | CVE-2009-3235 | CVE-2009-3291 | CVE-2009-3292 | CVE-2009-3293 )

セキュリティアップデート 2009-006 / Mac OS X v10.6.2 について

http://support.apple.com/kb/HT3937?viewlocale=ja_JP

セキュリティアップデート 2009-006 / Mac OS X v10.6.2 のセキュリティコンテンツについて説明します。これらは、Mac のシステム環境設定の「ソフトウェアアップデート」、または「サポートダウンロード」のページからダウンロードしてインストールできます。

この情報について

分析情報提供元:

JPCERT/CC

初版公開日:

2009-11-11

分析対象脆弱性情報の分類:

アドバイザリ・注意喚起

最終更新日:

2009-11-11

脆弱性の影響を受ける製品の識別子

cpe:/o:apple:mac_os_x (Apple Mac OS X)

cpe:/o:apple:mac_os_x_server (Apple Mac OS X Server)

脆弱性の分析内容

[分析に利用した情報の信頼性]^[?]

低^[?]

中^[?]

高^[?]

[影響の大きさ]^[?]

小^[?]

小～中^[?]

中～大^[?]

大^[?]

[攻撃経路]^[?]

物理アクセス^[?]

ローカルマシン上^[?]

同一セグメント上^[?]

インターネット経由^[?]

[認証レベル]^[?]

管理者アカウント^[?]

一般ユーザアカウント^[?]

フリーアカウント^[?]

不要^[?]

[攻撃成立に必要なユーザの関与]^[?]

複雑^[?]

簡単^[?]

不要^[?]

[攻撃の難易度]^[?]

高^[?]

中～高^[?]

低～中^[?]

低^[?]

[対策の有無]^[?]

公式パッチ有り^[?]

公式回避策有り^[?]

非公式回避策・パッチ有り^[?]

なし^[?]

[インシデントの発生状況]^[?]

活動なし^[?]

Exploit/PoCあり^[?]

活動あり^[?]

OpenLDAP before 2.3.39 allows remote attackers to cause a denial ofservice (slapd crash) via an LDAP request with a malformedobjectClasses attribute. NOTE: this has been reported as adouble free, but the reports are inconsistent.

Common Vulnerabilities and Exposures (CVE) CVE-2007-6698

The BDB backend for slapd in OpenLDAP before 2.3.36 allows remoteauthenticated users to cause a denial of service (crash) via apotentially-successful modify operation with the NOOP control set tocritical, possibly due to a double free vulnerability.

Common Vulnerabilities and Exposures (CVE) CVE-2008-0658

slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP2.3.39 allows remote authenticated users to cause a denial of service(daemon crash) via a modrdn operation with a NOOP(LDAP_X_NO_OPERATION) control, a related issue to CVE-2007-6698.

Common Vulnerabilities and Exposures (CVE) CVE-2008-5161

Error handling in the SSH protocol in (1) SSH Tectia Client and Serverand Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Serverfor Linux on IBM System z 6.0.4; Server for IBM z/OS 5.5.1 andearlier, 6.0.0, and 6.0.1; and Client 4.0-J through 4.3.3-J and 4.0-Kthrough 4.3.10-K; and (2) OpenSSH 4.7p1 and possibly other versions,when using a block cipher algorithm in Cipher Block Chaining (CBC)mode, makes it easier for remote attackers to recover certainplaintext data from an arbitrary block of ciphertext in an SSH sessionvia unknown vectors.

Common Vulnerabilities and Exposures (CVE) CVE-2009-0023

The apr_strmatch_precompile function in strmatch/apr_strmatch.c inApache APR-util before 1.3.5 allows remote attackers to cause a denialof service (daemon crash) via crafted input involving (1) a .htaccessfile used with the Apache HTTP Server, (2) the SVNMasterURI directivein the mod_dav_svn module in the Apache HTTP Server, (3) themod_apreq2 module for the Apache HTTP Server, or (4) an applicationthat uses the libapreq2 library, which triggers a heap-based bufferunderflow.

Common Vulnerabilities and Exposures (CVE) CVE-2009-1191

mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server2.2.11 allows remote attackers to obtain sensitive response data,intended for a client that sent an earlier POST request with norequest body, via an HTTP request.

Common Vulnerabilities and Exposures (CVE) CVE-2009-1195

The Apache HTTP Server 2.2.11 and earlier 2.2 versions does notproperly handle Options=IncludesNOEXEC in the AllowOverride directive,which allows local users to gain privileges by configuring (1) OptionsIncludes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a.htaccess file, and then inserting an exec element in a .shtml file.

Common Vulnerabilities and Exposures (CVE) CVE-2009-1574

racoon/isakmp_frag.c in ipsec-tools before 0.7.2 allows remoteattackers to cause a denial of service (crash) via crafted fragmentedpackets without a payload, which triggers a NULL pointer dereference.

Common Vulnerabilities and Exposures (CVE) CVE-2009-1632

Multiple memory leaks in Ipsec-tools before 0.7.2 allow remoteattackers to cause a denial of service (memory consumption) viavectors involving (1) signature verification during userauthentication with X.509 certificates, related to theeay_check_x509sign function in src/racoon/crypto_openssl.c; and (2)the NAT-Traversal (aka NAT-T) keepalive implementation, related tosrc/racoon/nattraversal.c.

Common Vulnerabilities and Exposures (CVE) CVE-2009-1890

The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxymodule in the Apache HTTP Server before 2.3.3, when a reverse proxy isconfigured, does not properly handle an amount of streamed data thatexceeds the Content-Length value, which allows remote attackers tocause a denial of service (CPU consumption) via crafted requests.

Common Vulnerabilities and Exposures (CVE) CVE-2009-1891

The mod_deflate module in Apache httpd 2.2.11 and earlier compresseslarge files until completion even after the associated networkconnection is closed, which allows remote attackers to cause a denialof service (CPU consumption).

Common Vulnerabilities and Exposures (CVE) CVE-2009-1955

The expat XML parser in the apr_xml_* interface in xml/apr_xml.c inApache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svnmodules in the Apache HTTP Server, allows remote attackers to cause adenial of service (memory consumption) via a crafted XML documentcontaining a large number of nested entity references, as demonstratedby a PROPFIND request, a similar issue to CVE-2003-1564.

Common Vulnerabilities and Exposures (CVE) CVE-2009-1956

Off-by-one error in the apr_brigade_vprintf function in ApacheAPR-util before 1.3.5 on big-endian platforms allows remote attackersto obtain sensitive information or cause a denial of service(application crash) via crafted input.

Common Vulnerabilities and Exposures (CVE) CVE-2009-2202

Apple QuickTime before 7.6.4 allows remote attackers to executearbitrary code or cause a denial of service (memory corruption andapplication crash) via a crafted H.264 movie file.

Common Vulnerabilities and Exposures (CVE) CVE-2009-2203

Buffer overflow in Apple QuickTime before 7.6.4 allows remoteattackers to execute arbitrary code or cause a denial of service(application crash) via a crafted MPEG-4 video file.

Common Vulnerabilities and Exposures (CVE) CVE-2009-2285

Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2allows context-dependent attackers to cause a denial of service(crash) via a crafted TIFF image, a different vulnerability thanCVE-2008-2327.

Common Vulnerabilities and Exposures (CVE) CVE-2009-2408

Mozilla Network Security Services (NSS) before 3.12.3, Firefox before3.0.13, Thunderbird before 2.0.0.23, and SeaMonkey before 1.1.18 donot properly handle a '\0' character in a domain name in the subject'sCommon Name (CN) field of an X.509 certificate, which allowsman-in-the-middle attackers to spoof arbitrary SSL servers via acrafted certificate issued by a legitimate CertificationAuthority. NOTE: this was originally reported for Firefox before 3.5.

Common Vulnerabilities and Exposures (CVE) CVE-2009-2409

The Network Security Services (NSS) library before 3.12.3, as used inFirefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k;and other products support MD2 with X.509 certificates, which mightallow remote attackers to spoof certificates by using MD2 design flawsto generate a hash collision in less than brute-force time. NOTE: thescope of this issue is currently limited because the amount ofcomputation required is still large.

Common Vulnerabilities and Exposures (CVE) CVE-2009-2411

Multiple integer overflows in the libsvn_delta library in Subversionbefore 1.5.7, and 1.6.x before 1.6.4, allow remote authenticated usersand remote Subversion servers to execute arbitrary code via an svndiffstream with large windows that trigger a heap-based buffer overflow, arelated issue to CVE-2009-2412.

Common Vulnerabilities and Exposures (CVE) CVE-2009-2412

Multiple integer overflows in the Apache Portable Runtime (APR)library and the Apache Portable Utility library (aka APR-util) 0.9.xand 1.3.x allow remote attackers to cause a denial of service(application crash) or possibly execute arbitrary code via vectorsthat trigger crafted calls to the (1) allocator_alloc or (2)apr_palloc function in memory/unix/apr_pools.c in APR; or craftedcalls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5)apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading tobuffer overflows. NOTE: some of these details are obtained from thirdparty information.

Common Vulnerabilities and Exposures (CVE) CVE-2009-2414

Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26,2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependentattackers to cause a denial of service (application crash) via a largedepth of element declarations in a DTD, related to a functionrecursion, as demonstrated by the Codenomicon XML fuzzing framework.

Common Vulnerabilities and Exposures (CVE) CVE-2009-2416

Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16,2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependentattackers to cause a denial of service (application crash) via crafted(1) Notation or (2) Enumeration attribute types in an XML file, asdemonstrated by the Codenomicon XML fuzzing framework.

Common Vulnerabilities and Exposures (CVE) CVE-2009-2666

socket.c in fetchmail before 6.3.11 does not properly handle a '\0'character in a domain name in the subject's Common Name (CN) field ofan X.509 certificate, which allows man-in-the-middle attackers tospoof arbitrary SSL servers via a crafted certificate issued by alegitimate Certification Authority, a related issue to CVE-2009-2408.

Common Vulnerabilities and Exposures (CVE) CVE-2009-2798

Heap-based buffer overflow in Apple QuickTime before 7.6.4 allowsremote attackers to execute arbitrary code or cause a denial ofservice (application crash) via a crafted FlashPix file.

Common Vulnerabilities and Exposures (CVE) CVE-2009-2799

Heap-based buffer overflow in Apple QuickTime before 7.6.4 allowsremote attackers to execute arbitrary code or cause a denial ofservice (application crash) via a crafted H.264 movie file.

Common Vulnerabilities and Exposures (CVE) CVE-2009-2808

Common Vulnerabilities and Exposures (CVE) CVE-2009-2810

Common Vulnerabilities and Exposures (CVE) CVE-2009-2818

Common Vulnerabilities and Exposures (CVE) CVE-2009-2819

Common Vulnerabilities and Exposures (CVE) CVE-2009-2820

Common Vulnerabilities and Exposures (CVE) CVE-2009-2823

Common Vulnerabilities and Exposures (CVE) CVE-2009-2824

Common Vulnerabilities and Exposures (CVE) CVE-2009-2825

Common Vulnerabilities and Exposures (CVE) CVE-2009-2826

Common Vulnerabilities and Exposures (CVE) CVE-2009-2827

Common Vulnerabilities and Exposures (CVE) CVE-2009-2828

Common Vulnerabilities and Exposures (CVE) CVE-2009-2829

Common Vulnerabilities and Exposures (CVE) CVE-2009-2830

Common Vulnerabilities and Exposures (CVE) CVE-2009-2831

Common Vulnerabilities and Exposures (CVE) CVE-2009-2832

Common Vulnerabilities and Exposures (CVE) CVE-2009-2833

Common Vulnerabilities and Exposures (CVE) CVE-2009-2834

Common Vulnerabilities and Exposures (CVE) CVE-2009-2835

Common Vulnerabilities and Exposures (CVE) CVE-2009-2836

Common Vulnerabilities and Exposures (CVE) CVE-2009-2837

Common Vulnerabilities and Exposures (CVE) CVE-2009-2838

Common Vulnerabilities and Exposures (CVE) CVE-2009-2839

Common Vulnerabilities and Exposures (CVE) CVE-2009-2840

Common Vulnerabilities and Exposures (CVE) CVE-2009-3111

The rad_decode function in FreeRADIUS before 1.1.8 allows remoteattackers to cause a denial of service (radiusd crash) via zero-lengthTunnel-Password attributes. NOTE: this is a regression error relatedto CVE-2003-0967.

Common Vulnerabilities and Exposures (CVE) CVE-2009-3235

Multiple stack-based buffer overflows in the Sieve plugin in Dovecot1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve,allow context-dependent attackers to cause a denial of service (crash)and possibly execute arbitrary code via a crafted SIEVE script, asdemonstrated by forwarding an e-mail message to a large number ofrecipients, a different vulnerability than CVE-2009-2632.

Common Vulnerabilities and Exposures (CVE) CVE-2009-3291

The php_openssl_apply_verification_policy function in PHP before5.2.11 does not properly perform certificate validation, which hasunknown impact and attack vectors, probably related to an ability tospoof certificates.

Common Vulnerabilities and Exposures (CVE) CVE-2009-3292

Unspecified vulnerability in PHP before 5.2.11 has unknown impact andattack vectors related to "missing sanity checks around exifprocessing."

Common Vulnerabilities and Exposures (CVE) CVE-2009-3293

Unspecified vulnerability in the imagecolortransparent function in PHPbefore 5.2.11 has unknown impact and attack vectors related to anincorrect "sanity check for the color index."

参考情報