Full Disclosure mailing list archives
Re: CORE-2008-0126: Multiple vulnerabilities in iCal
From: "Steven M. Christey" <coley () linus mitre org>
Date: Wed, 28 May 2008 09:58:46 -0400 (EDT)
On Tue, 27 May 2008, security curmudgeon wrote:
No mention of CVE-2008-1035 in the [CORE] advisory other than the header CVE name reference. BID seems to have split the three vulnerabilities, but given two of them the same CVE. CVE does not have descriptions open yet.
The descriptions are below - for CVE-2008-2006, we merged on the rough criteria of "insufficient validation of a length field".
Could someone from CORE, SecurityFocus or CVE confirm if CVE-2008-1035 is supposed to be in the mix, and if CVE-2008-2006 does correspond to two of the vulnerabilities listed?
CVE-2008-2006 intentionally corresponds to both. I am not sure where CORE got CVE-2008-1035 from - that number was part of a pool of numbers that were allocated to Apple, for them to assign to issues in Apple products (this makes them effectively a CNA; see http://cve.mitre.org/cve/cna.html for more info). CORE obtained CVE-2008-2006 and CVE-2008-2007 directly from MITRE. It's most likely that during CORE's collaboration with Apple, Apple might have given them CVE-2008-1035 from Apple's own pool, to cover one or more of those issues. This type of "reservation duplicate" happens periodically when both researcher/coordinator and vendor use CVEs. BUT - this is just a guess, either CORE or Apple would need to provide a more concrete answer. We are currently keeping CVE-2008-1035 blank until there's more clarity. - Steve ====================================================== Name: CVE-2008-2006 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2006 Reference: BUGTRAQ:20080521 CORE-2008-0126: Multiple vulnerabilities in iCal Reference: URL:http://www.securityfocus.com/archive/1/archive/1/492414/100/0/threaded Reference: MISC:http://www.coresecurity.com/?action=item&id=2219 Reference: BID:28632 Reference: URL:http://www.securityfocus.com/bid/28632 Reference: BID:28629 Reference: URL:http://www.securityfocus.com/bid/28629 Reference: FRSIRT:ADV-2008-1601 Reference: URL:http://www.frsirt.com/english/advisories/2008/1601 Apple iCal 3.0.1 on Mac OS X allows remote CalDAV servers, and user-assisted remote attackers, to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via a .ics file containing (1) a large 16-bit integer on a TRIGGER line, or (2) a large integer in a COUNT field on an RRULE line. NOTE: this might be a duplicate of CVE-2008-1035. ====================================================== Name: CVE-2008-2007 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2007 Reference: BUGTRAQ:20080521 CORE-2008-0126: Multiple vulnerabilities in iCal Reference: URL:http://www.securityfocus.com/archive/1/archive/1/492414/100/0/threaded Reference: MISC:http://www.coresecurity.com/?action=item&id=2219 Reference: BID:28633 Reference: URL:http://www.securityfocus.com/bid/28633 Reference: FRSIRT:ADV-2008-1601 Reference: URL:http://www.frsirt.com/english/advisories/2008/1601 Apple iCal 3.0.1 on Mac OS X allows remote CalDAV servers, and user-assisted remote attackers, to trigger memory corruption or possibly execute arbitrary code via an "ATTACH;VALUE=URI:S=osumi" line in a .ics file, which triggers a "resource liberation" bug. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- CORE-2008-0126: Multiple vulnerabilities in iCal Core Security Technologies Advisories (May 21)
- Re: CORE-2008-0126: Multiple vulnerabilities in iCal security curmudgeon (May 26)
- Re: CORE-2008-0126: Multiple vulnerabilities in iCal Steven M. Christey (May 28)
- Re: CORE-2008-0126: Multiple vulnerabilities in iCal security curmudgeon (May 26)