lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <Pine.GSO.4.51.0805280948400.18085@faron.mitre.org>
Date: Wed, 28 May 2008 09:58:46 -0400 (EDT)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: security curmudgeon <jericho@...rition.org>
Cc: Core Security Technologies Advisories <advisories@...esecurity.com>,
	full-disclosure@...ts.grok.org.uk, vuldb@...urityfocus.com,
	bugtraq@...urityfocus.com, vulnwatch@...nwatch.org
Subject: Re: CORE-2008-0126: Multiple vulnerabilities in iCal


On Tue, 27 May 2008, security curmudgeon wrote:

> No mention of CVE-2008-1035 in the [CORE] advisory other than the header
> CVE name reference. BID seems to have split the three vulnerabilities,
> but given two of them the same CVE. CVE does not have descriptions open
> yet.

The descriptions are below - for CVE-2008-2006, we merged on the rough
criteria of "insufficient validation of a length field".

> Could someone from CORE, SecurityFocus or CVE confirm if CVE-2008-1035 is
> supposed to be in the mix, and if CVE-2008-2006 does correspond to two
> of the vulnerabilities listed?

CVE-2008-2006 intentionally corresponds to both.

I am not sure where CORE got CVE-2008-1035 from - that number was part of
a pool of numbers that were allocated to Apple, for them to assign
to issues in Apple products (this makes them effectively a CNA; see
http://cve.mitre.org/cve/cna.html for more info).

CORE obtained CVE-2008-2006 and CVE-2008-2007 directly from MITRE.  It's
most likely that during CORE's collaboration with Apple, Apple might have
given them CVE-2008-1035 from Apple's own pool, to cover one or more of
those issues.  This type of "reservation duplicate" happens periodically
when both researcher/coordinator and vendor use CVEs.  BUT - this is just
a guess, either CORE or Apple would need to provide a more concrete
answer.  We are currently keeping CVE-2008-1035 blank until there's more
clarity.

- Steve

======================================================
Name: CVE-2008-2006
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2006
Reference: BUGTRAQ:20080521 CORE-2008-0126: Multiple vulnerabilities in iCal
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/492414/100/0/threaded
Reference: MISC:http://www.coresecurity.com/?action=item&id=2219
Reference: BID:28632
Reference: URL:http://www.securityfocus.com/bid/28632
Reference: BID:28629
Reference: URL:http://www.securityfocus.com/bid/28629
Reference: FRSIRT:ADV-2008-1601
Reference: URL:http://www.frsirt.com/english/advisories/2008/1601

Apple iCal 3.0.1 on Mac OS X allows remote CalDAV servers, and
user-assisted remote attackers, to cause a denial of service (NULL
pointer dereference and application crash) or possibly execute
arbitrary code via a .ics file containing (1) a large 16-bit integer
on a TRIGGER line, or (2) a large integer in a COUNT field on an RRULE
line.  NOTE: this might be a duplicate of CVE-2008-1035.


======================================================
Name: CVE-2008-2007
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2007
Reference: BUGTRAQ:20080521 CORE-2008-0126: Multiple vulnerabilities in iCal
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/492414/100/0/threaded
Reference: MISC:http://www.coresecurity.com/?action=item&id=2219
Reference: BID:28633
Reference: URL:http://www.securityfocus.com/bid/28633
Reference: FRSIRT:ADV-2008-1601
Reference: URL:http://www.frsirt.com/english/advisories/2008/1601

Apple iCal 3.0.1 on Mac OS X allows remote CalDAV servers, and
user-assisted remote attackers, to trigger memory corruption or
possibly execute arbitrary code via an "ATTACH;VALUE=URI:S=osumi" line
in a .ics file, which triggers a "resource liberation" bug.


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ