lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <BAB1F8D5BE234B63A1F194E213648CEA@unknown>
Date: Fri, 12 Mar 2010 18:52:35 +0100
From: "VUPEN Security Research" <advisories@...en.com>
To: <bugtraq@...urityfocus.com>
Subject: VUPEN Security Research - Apple Safari ColorSync Profile Integer Overflow Vulnerability

VUPEN Security Research - Apple Safari ColorSync Profile Integer Overflow 
Vulnerability

http://www.vupen.com/english/research.php


I. BACKGROUND
---------------------

"Safari is a web browser developed by Apple. As of February 2010,
Safari was the fourth most widely used browser, with 4.45% of the
worldwide usage share of web browsers according to Net Application."


II. DESCRIPTION
--------------------- 

VUPEN Vulnerability Research Team discovered a vulnerability in
Apple Safari.

The flaw is caused by an integer overflow error in ColorSync when
processing certain images with an embedded color profile, which
could be exploited by attackers to potentially execute arbitrary
code via a specially crafted web page.



III. AFFECTED PRODUCTS
--------------------------------

Apple Safari versions prior to 4.0.5



IV. Exploits - PoCs & Binary Analysis
----------------------------------------

In-depth binary analysis of the vulnerability and a proof-of-concept
have been released by VUPEN through the VUPEN Binary Analysis
& Exploits Service :

http://www.vupen.com/exploits


V. SOLUTION
---------------- 

Upgrade to Apple Safari 4.0.5:
http://www.apple.com/safari/download/


VI. CREDIT
-------------- 

The vulnerability was discovered by Sebastien Renaud of VUPEN Security


VII. ABOUT VUPEN Security
---------------------------------

VUPEN is a leading IT security research company providing vulnerability
management and security intelligence solutions which enable enterprises
and institutions to eliminate vulnerabilities before they can be
exploited, ensure security policy compliance and meaningfully measure
and manage risks.

VUPEN also provides in-depth binary analysis of vulnerabilities and
commercial-grade exploit codes to help security vendors, governments,
and corporations to evaluate and qualify risks, and protect their
infrastructures and assets.

* VUPEN Vulnerability Notification Service:

http://www.vupen.com/english/services

* VUPEN Binary Analysis & Exploits Service :

http://www.vupen.com/exploits


VIII. REFERENCES
----------------------

http://www.vupen.com/english/advisories/2010/0599
http://support.apple.com/kb/HT4070
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0040



IX. DISCLOSURE TIMELINE
----------------------------------- 

2009-12-03 - Vendor notified
2009-12-07 - Vendor response
2010-01-26 - Status update received
2010-03-04 - Status update received
2010-03-12 - Coordinated public Disclosure



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ