| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 28 May 2008 09:58:46 -0400 (EDT) From: "Steven M. Christey" <coley@...us.mitre.org> To: security curmudgeon <jericho@...rition.org> Cc: Core Security Technologies Advisories <advisories@...esecurity.com>, full-disclosure@...ts.grok.org.uk, vuldb@...urityfocus.com, bugtraq@...urityfocus.com, vulnwatch@...nwatch.org Subject: Re: CORE-2008-0126: Multiple vulnerabilities in iCal On Tue, 27 May 2008, security curmudgeon wrote: > No mention of CVE-2008-1035 in the [CORE] advisory other than the header > CVE name reference. BID seems to have split the three vulnerabilities, > but given two of them the same CVE. CVE does not have descriptions open > yet. The descriptions are below - for CVE-2008-2006, we merged on the rough criteria of "insufficient validation of a length field". > Could someone from CORE, SecurityFocus or CVE confirm if CVE-2008-1035 is > supposed to be in the mix, and if CVE-2008-2006 does correspond to two > of the vulnerabilities listed? CVE-2008-2006 intentionally corresponds to both. I am not sure where CORE got CVE-2008-1035 from - that number was part of a pool of numbers that were allocated to Apple, for them to assign to issues in Apple products (this makes them effectively a CNA; see http://cve.mitre.org/cve/cna.html for more info). CORE obtained CVE-2008-2006 and CVE-2008-2007 directly from MITRE. It's most likely that during CORE's collaboration with Apple, Apple might have given them CVE-2008-1035 from Apple's own pool, to cover one or more of those issues. This type of "reservation duplicate" happens periodically when both researcher/coordinator and vendor use CVEs. BUT - this is just a guess, either CORE or Apple would need to provide a more concrete answer. We are currently keeping CVE-2008-1035 blank until there's more clarity. - Steve ====================================================== Name: CVE-2008-2006 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2006 Reference: BUGTRAQ:20080521 CORE-2008-0126: Multiple vulnerabilities in iCal Reference: URL:http://www.securityfocus.com/archive/1/archive/1/492414/100/0/threaded Reference: MISC:http://www.coresecurity.com/?action=item&id=2219 Reference: BID:28632 Reference: URL:http://www.securityfocus.com/bid/28632 Reference: BID:28629 Reference: URL:http://www.securityfocus.com/bid/28629 Reference: FRSIRT:ADV-2008-1601 Reference: URL:http://www.frsirt.com/english/advisories/2008/1601 Apple iCal 3.0.1 on Mac OS X allows remote CalDAV servers, and user-assisted remote attackers, to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via a .ics file containing (1) a large 16-bit integer on a TRIGGER line, or (2) a large integer in a COUNT field on an RRULE line. NOTE: this might be a duplicate of CVE-2008-1035. ====================================================== Name: CVE-2008-2007 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2007 Reference: BUGTRAQ:20080521 CORE-2008-0126: Multiple vulnerabilities in iCal Reference: URL:http://www.securityfocus.com/archive/1/archive/1/492414/100/0/threaded Reference: MISC:http://www.coresecurity.com/?action=item&id=2219 Reference: BID:28633 Reference: URL:http://www.securityfocus.com/bid/28633 Reference: FRSIRT:ADV-2008-1601 Reference: URL:http://www.frsirt.com/english/advisories/2008/1601 Apple iCal 3.0.1 on Mac OS X allows remote CalDAV servers, and user-assisted remote attackers, to trigger memory corruption or possibly execute arbitrary code via an "ATTACH;VALUE=URI:S=osumi" line in a .ics file, which triggers a "resource liberation" bug.
Powered by blists - more mailing lists