CVE-2004-1121
CVSS5.0
发布时间 :2004-11-01 00:00:00
修订时间 :2008-09-05 16:40:26
NMCOES    

[原文]Apple Safari 1.0 through 1.2.3 allows remote attackers to spoof the URL displayed in the status bar via TABLE tags.


[CNNVD]Apple Mac OS X多个远程和本地安全漏洞(CNNVD-200411-001)

        
        Apple Mac OS X是一款使用在Mac机器上的操作系统,基于BSD系统。
        Apple Mac OS X存在多个安全问题,本地和远程攻击者可以利用这个漏洞进行权限提升,拒绝服务等攻击。
        第一个问题影响Apple的Apache配置,Apple的默认Apache配置不正确限制对部分文件的访问,此问题的CVE ID为CAN-2004-1083。
        第二个问题是影响Mac OS X系统上的Apache web服务程序,由于不正确处理HFS+文件系统文件资源,可导致敏感信息泄露,此问题的CVE ID为CAN-2004-1084。
        第三个问题影响Apple的窗口系统和AppKit。此问题允许攻击者捕获键盘输入,此问题的CVE ID为CAN-2004-1081。
        第四个问题是Cyrus IMAP服务程序处于Kerberos验证工作方式时存在问题,攻击者可以利用这个漏洞绕过验证,不过此问题只影响Mac OS X Server 10.3.X及之前版本。此问题的CVE ID为CAN-2004-1089。
        第五个问题是HIToolBox存在问题,此问题影响Mac OS X, 和Mac OS X Server 10.3.X系统,10.2.X不受此漏洞影响。此问题允许攻击者当运行在kiosk模式下杀掉应用程序。此问题的CVE ID为CAN-2004-1085。
        第六个问题是Mac OS X 10.3.X桌面和服务程序的PostFix存在问题,允许攻击者无需验证发送邮件,此问题的CVE ID为CAN-2004-1088。
        第七个问题是Mac OS X 10.3.X桌面和服务程序的PSNormalizer工具存在问题,允许攻击者以用户进程权限执行任意指令。此问题的CVE ID为CAN-2004-1086。
        第八个问题存在于QuickTime Streaming 服务程序中,攻击者可以利用此漏洞对服务程序进行拒绝服务攻击。此问题的CVE ID为CAN-2004-1123。
        最后一个问题存在于Apple的终端应用程序中,当'Secure Keyboard Entry'功能没有开启时会报告此功能激活,这样可增加相关的安全威胁。此问题的CVE ID为CAN-2004-1087。
        

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:apple:safari:1.1Apple Safari 1.1
cpe:/a:apple:safari:1.0Apple Safari 1.0
cpe:/a:apple:safari:1.2.3Apple Safari 1.2.3
cpe:/a:apple:safari:1.2.1Apple Safari 1.2.1
cpe:/a:apple:safari:1.2Apple Safari 1.2
cpe:/a:apple:safari:1.2.2Apple Safari 1.2.2

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1121
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-1121
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200411-001
(官方数据源) CNNVD

- 其它链接及资源

http://www.kb.cert.org/vuls/id/925430
(VENDOR_ADVISORY)  CERT-VN  VU#925430
http://xforce.iss.net/xforce/xfdb/17909
(VENDOR_ADVISORY)  XF  ie-table-status-spoofing(17909)
http://www.securityfocus.com/bid/11573
(VENDOR_ADVISORY)  BID  11573
http://secunia.com/advisories/13047/
(VENDOR_ADVISORY)  SECUNIA  13047
http://lists.apple.com/archives/security-announce/2004/Dec/msg00000.html
(VENDOR_ADVISORY)  APPLE  APPLE-SA-2004-12-02

- 漏洞信息

Apple Mac OS X多个远程和本地安全漏洞
中危 其他
2004-11-01 00:00:00 2005-10-20 00:00:00
远程  
        
        Apple Mac OS X是一款使用在Mac机器上的操作系统,基于BSD系统。
        Apple Mac OS X存在多个安全问题,本地和远程攻击者可以利用这个漏洞进行权限提升,拒绝服务等攻击。
        第一个问题影响Apple的Apache配置,Apple的默认Apache配置不正确限制对部分文件的访问,此问题的CVE ID为CAN-2004-1083。
        第二个问题是影响Mac OS X系统上的Apache web服务程序,由于不正确处理HFS+文件系统文件资源,可导致敏感信息泄露,此问题的CVE ID为CAN-2004-1084。
        第三个问题影响Apple的窗口系统和AppKit。此问题允许攻击者捕获键盘输入,此问题的CVE ID为CAN-2004-1081。
        第四个问题是Cyrus IMAP服务程序处于Kerberos验证工作方式时存在问题,攻击者可以利用这个漏洞绕过验证,不过此问题只影响Mac OS X Server 10.3.X及之前版本。此问题的CVE ID为CAN-2004-1089。
        第五个问题是HIToolBox存在问题,此问题影响Mac OS X, 和Mac OS X Server 10.3.X系统,10.2.X不受此漏洞影响。此问题允许攻击者当运行在kiosk模式下杀掉应用程序。此问题的CVE ID为CAN-2004-1085。
        第六个问题是Mac OS X 10.3.X桌面和服务程序的PostFix存在问题,允许攻击者无需验证发送邮件,此问题的CVE ID为CAN-2004-1088。
        第七个问题是Mac OS X 10.3.X桌面和服务程序的PSNormalizer工具存在问题,允许攻击者以用户进程权限执行任意指令。此问题的CVE ID为CAN-2004-1086。
        第八个问题存在于QuickTime Streaming 服务程序中,攻击者可以利用此漏洞对服务程序进行拒绝服务攻击。此问题的CVE ID为CAN-2004-1123。
        最后一个问题存在于Apple的终端应用程序中,当'Secure Keyboard Entry'功能没有开启时会报告此功能激活,这样可增加相关的安全威胁。此问题的CVE ID为CAN-2004-1087。
        

- 公告与补丁

        厂商补丁:
        Apple
        -----
        目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
        Apple Mac OS X Server 10.2.8:
        Apple Upgrade SecUpd2004-12-02Pan.dmg
        
        http://www.apple.com/support/downloads/SecUpd2004-12-02Pan.dmg

        For Mac OS X v10.3.6:
        Apple Upgrade SecUpdSrvr2004-12-02Pan.dmg
        
        http://www.apple.com/support/downloads/SecUpdSrvr2004-12-02Pan.dmg

        For Mac OS X Server v10.3.6:
        Apple Upgrade SecUpd2004-12-02Jag.dmg
        
        http://www.apple.com/support/downloads/SecUpd2004-12-02Jag.dmg

        For Mac OS X v10.2.8:
        Apple Upgrade SecUpdSrvr2004-12-02Jag.dmg
        
        http://www.apple.com/support/downloads/SecUpdSrvr2004-12-02Jag.dmg

        For Mac OS X Server v10.2.8:
        Apple Mac OS X 10.2.8:
        Apple Upgrade SecUpd2004-12-02Pan.dmg
        
        http://www.apple.com/support/downloads/SecUpd2004-12-02Pan.dmg

        For Mac OS X v10.3.6:
        Apple Upgrade SecUpdSrvr2004-12-02Pan.dmg
        
        http://www.apple.com/support/downloads/SecUpdSrvr2004-12-02Pan.dmg

        For Mac OS X Server v10.3.6:
        Apple Upgrade SecUpd2004-12-02Jag.dmg
        
        http://www.apple.com/support/downloads/SecUpd2004-12-02Jag.dmg

        For Mac OS X v10.2.8:
        Apple Upgrade SecUpdSrvr2004-12-02Jag.dmg
        
        http://www.apple.com/support/downloads/SecUpdSrvr2004-12-02Jag.dmg

        For Mac OS X Server v10.2.8:
        Apple Mac OS X 10.3.6:
        Apple Upgrade SecUpd2004-12-02Pan.dmg
        
        http://www.apple.com/support/downloads/SecUpd2004-12-02Pan.dmg

        For Mac OS X v10.3.6:
        Apple Upgrade SecUpdSrvr2004-12-02Pan.dmg
        
        http://www.apple.com/support/downloads/SecUpdSrvr2004-12-02Pan.dmg

        For Mac OS X Server v10.3.6:
        Apple Upgrade SecUpd2004-12-02Jag.dmg
        
        http://www.apple.com/support/downloads/SecUpd2004-12-02Jag.dmg

        For Mac OS X v10.2.8:
        Apple Upgrade SecUpdSrvr2004-12-02Jag.dmg
        
        http://www.apple.com/support/downloads/SecUpdSrvr2004-12-02Jag.dmg

        For Mac OS X Server v10.2.8:
        Apple Mac OS X Server 10.3.6:
        Apple Upgrade SecUpd2004-12-02Pan.dmg
        
        http://www.apple.com/support/downloads/SecUpd2004-12-02Pan.dmg

        For Mac OS X v10.3.6:
        Apple Upgrade SecUpdSrvr2004-12-02Pan.dmg
        
        http://www.apple.com/support/downloads/SecUpdSrvr2004-12-02Pan.dmg

        For Mac OS X Server v10.3.6:
        Apple Upgrade SecUpd2004-12-02Jag.dmg
        
        http://www.apple.com/support/downloads/SecUpd2004-12-02Jag.dmg

        For Mac OS X v10.2.8:
        Apple Upgrade SecUpdSrvr2004-12-02Jag.dmg
        
        http://www.apple.com/support/downloads/SecUpdSrvr2004-12-02Jag.dmg

        For Mac OS X Server v10.2.8:

- 漏洞信息 (24716)

Apple Safari 1.2 Web Browser TABLE Status Bar URI Obfuscation Weakness (EDBID:24716)
osX remote
2004-11-01 Verified
0 Gilbert Verdian
N/A [点击下载]
source: http://www.securityfocus.com/bid/11573/info

A URI obfuscation weakness reportedly affects the Apple Safari Web Browser.

This issue may be leveraged by an attacker to display false information in the status bar of an unsuspecting user, allowing an attacker to present web pages to users that seem to originate from a trusted location.

<a href="http://www.example1.com/"><table><tr><td><a
href="http://www.example2.com/">Click here</td></tr></table></a>		

- 漏洞信息

12203
Apple Safari Status Bar Spoofing
Local Access Required Input Manipulation
Loss of Integrity
Exploit Unknown

- 漏洞描述

Mac OS X contains a flaw related to the Safari web browser that may allow an attacker to spoof the destination URI of a link. No further details have been provided.

- 时间线

2004-12-02 Unknow
Unknow Unknow

- 解决方案

Currently, there are no known workarounds or upgrades to correct this issue. However, Apple has released a patch to address this vulnerability.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Apple Mac OS X Multiple Remote And Local Vulnerabilities
Unknown 11802
Yes Yes
2004-12-03 12:00:00 2009-07-12 08:07:00
Discovery of the Cyrus IMAP issue is credited to johan.gradvall@gothia.se. NetSec is credited with discovery of the Apache file stream issue. The discovery of the HIToolBox issue is credited to Glenn Blauvelt of University of Colorado at Boulder. Victor

- 受影响的程序版本

Apple Quicktime Streaming Server 5.0.1
Apple Quicktime Streaming Server 4.1.3
+ Apple Mac OS X 10.3.2
+ Apple Mac OS X 10.2.8
+ Apple Mac OS X Server 10.3.2
+ Apple Mac OS X Server 10.3.1
+ Apple Mac OS X Server 10.3.1
+ Apple Mac OS X Server 10.3
+ Apple Mac OS X Server 10.3
+ Apple Mac OS X Server 10.2.8
+ Apple Mac OS X Server 10.2.8
Apple Quicktime Streaming Server 4.1.1
Apple Mac OS X Server 10.4.2
Apple Mac OS X Server 10.3.9
Apple Mac OS X Server 10.3.6
Apple Mac OS X Server 10.3.5
Apple Mac OS X Server 10.3.4
Apple Mac OS X Server 10.3.3
Apple Mac OS X Server 10.3.2
Apple Mac OS X Server 10.3.1
Apple Mac OS X Server 10.3
Apple Mac OS X Server 10.2.8
Apple Mac OS X Server 10.2.7
Apple Mac OS X Server 10.2.6
Apple Mac OS X Server 10.2.5
Apple Mac OS X Server 10.2.4
Apple Mac OS X Server 10.2.3
Apple Mac OS X Server 10.2.2
Apple Mac OS X Server 10.2.1
Apple Mac OS X Server 10.2
Apple Mac OS X 10.3.6
Apple Mac OS X 10.3.5
Apple Mac OS X 10.3.4
Apple Mac OS X 10.3.3
Apple Mac OS X 10.3.2
Apple Mac OS X 10.3.1
Apple Mac OS X 10.3
Apple Mac OS X 10.2.8
Apple Mac OS X 10.2.7
Apple Mac OS X 10.2.6
Apple Mac OS X 10.2.5
Apple Mac OS X 10.2.4
Apple Mac OS X 10.2.3
Apple Mac OS X 10.2.2
Apple Mac OS X 10.2.1
Apple Mac OS X 10.2
Apple Darwin Streaming Server 5.0.1
Apple Mac OS X Server 10.3.8
Apple Mac OS X 10.3.8

- 不受影响的程序版本

Apple Mac OS X Server 10.3.8
Apple Mac OS X 10.3.8

- 漏洞讨论

Multiple security vulnerabilities are reported to affect Apple Mac OS X. These issues were disclosed in the referenced vendor advisory.

The first issue affects Apple's Apache configuration. Apparently Apple's default Apache configuration fails to properly block access to certain files. This issue has been assigned the CVE ID CAN-2004-1083 and is resolved in the attached Apple security update.

The second issue reported in the referenced advisory affects the Apache web server on Mac OS X. This issue arises due to a failure of the affected server to properly handle HFS+ files system file resources. This issue has been assigned the CVE ID CAN-2004-1084 and is resolved in the attached Apple security update.

The third issue affects Apple's windowing system and development kit (Appkit). This issue will allow and attacker to capture keyboard input that is supposed to be secure. This issue has been assigned the CVE ID CAN-2004-1081 and is resolved in the attached security update.

The fourth issue surrounds the Cyrus IMAP server implementation when working with Kerberos authentication and may facilitate authentication bypass attacks. It should be noted that this issue only affects Mac OS X Server 10.3.X and earlier. This issue has been assigned CVE ID CAN-2004-1089 and is resolved in the attached security update.

The fifth issue surrounds the HIToolBox. It affects only Mac OS X, and Mac OS X Server 10.3.X, the 10.2.X systems are not affected. This issue may allow an attacker to kill applications when running in kiosk mode. This issue has been assigned CVE ID CAN-2004-1085 and is resolved in the attached security update.

The sixth issue affects the Postfix functionality on Mac OS X 10.3.X desktop and server. This issue may allow an attacker to send mail without requiring authentication. This issue has been assigned CVE ID CAN-2004-1088 and is resolved in the attached security update.

The seventh issue surrounds the PSNormalizer utilities on Mac OS X 10.3.X desktop and server. This issue may allow an attacker to execute arbitrary code in the context of a user running a vulnerable version of the operating system. This issue has been assigned the CVE ID CAN-2004-1086 and is resolved in the attached security update.

The eighth issue affects the QuickTime Streaming Server. An attacker may leverage this issue to trigger a denial of service condition in the affected server. This issue has been assigned the CVE ID CAN-2004-1123 and is resolved in the attached security update.

Finally, a vulnerability affects Apple's Terminal application. This issue may lead to a false sense of security as the affected application may report that the 'Secure Keyboard Entry' functionality is active when it is not. This issue has been assigned the CVE ID CAN-2004-1087 and is resolved in the attached security update.

An attacker may leverage these issues to carry out information disclosure, authentication bypass, code execution, privilege escalation, a false sense of security, and denial of service attacks.

- 漏洞利用

Currently we are not aware of any exploits for these issues. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com &lt;mailto:vuldb@securityfocus.com&gt;.

- 解决方案

Apple has released an advisory (APPLE-SA-2004-12-02) along with a security update dealing with these issues.

Apple Computers has released Mac OS X version 10.3.8 dealing with this issue. This upgrade includes the security patches shipped with the referenced security update.

Apple has release security advisory APPLE-SA-2005-08-15 addressing this and several other vulnerabilities. Please see the referenced advisory for further information.


Apple Mac OS X 10.2

Apple Mac OS X 10.2.1

Apple Mac OS X 10.2.2

Apple Mac OS X 10.2.3

Apple Mac OS X 10.2.4

Apple Mac OS X 10.2.5

Apple Mac OS X 10.2.6

Apple Mac OS X 10.2.7

Apple Mac OS X 10.2.8

Apple Mac OS X Server 10.2.8

Apple Mac OS X 10.3

Apple Mac OS X 10.3.1

Apple Mac OS X 10.3.2

Apple Mac OS X 10.3.3

Apple Mac OS X 10.3.4

Apple Mac OS X 10.3.5

Apple Mac OS X Server 10.3.6

Apple Mac OS X 10.3.6

Apple Mac OS X Server 10.3.9

Apple Mac OS X Server 10.4.2

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站