CVE-2008-0055
https://notcve.org/view.php?id=CVE-2008-0055
Foundation in Apple Mac OS X 10.4.11 creates world-writable directories while NSFileManager copies files recursively and only modifies the permissions afterward, which allows local users to modify copied files to cause a denial of service and possibly gain privileges. Foundation en Apple Mac OS X 10.4.11 crea directorios "world-writable" mientras NSFileManager copia archivos progresivamente y modifica los permisos después, esto permite a usuarios locales modificar los archivos copiados lo que provoca una denegación de servicio y posiblemente, una elevación de privilegios. • http://docs.info.apple.com/article.html?artnum=307562 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://secunia.com/advisories/29420 http://www.securityfocus.com/bid/28304 http://www.securityfocus.com/bid/28343 http://www.securitytracker.com/id?1019649 http://www.us-cert.gov/cas/techalerts/TA08-079A.html http://www.vupen.com/english/advisories/2008/0924/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41299 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2008-0989
https://notcve.org/view.php?id=CVE-2008-0989
Format string vulnerability in mDNSResponderHelper in Apple Mac OS X 10.5.2 allows local users to execute arbitrary code via format string specifiers in the local hostname. Vulnerabilidad de formato de cadena en mDNSResponderHelper en Apple Mac OS X 10.5.2, permite a usuarios locales ejecutar código de su elección a través de especificadores de formatos de cadena en el hostname local. • http://docs.info.apple.com/article.html?artnum=307562 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://secunia.com/advisories/29420 http://www.securityfocus.com/bid/28304 http://www.securityfocus.com/bid/28339 http://www.securitytracker.com/id?1019662 http://www.us-cert.gov/cas/techalerts/TA08-079A.html http://www.vupen.com/english/advisories/2008/0924/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41292 • CWE-134: Use of Externally-Controlled Format String •
CVE-2008-0992
https://notcve.org/view.php?id=CVE-2008-0992
Array index error in pax in Apple Mac OS X 10.5.2 allows context-dependent attackers to execute arbitrary code via an archive with a crafted length value. Error en el índice de matriz de pax en Apple Mac OS X 10.5.2 permite a atacantes remotos dependientes del contexto ejecutar código de su elección a través de un archivo con un valor de tamaño manipulado. • http://docs.info.apple.com/article.html?artnum=307562 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://secunia.com/advisories/29420 http://www.securityfocus.com/bid/28304 http://www.securityfocus.com/bid/28365 http://www.securitytracker.com/id?1019673 http://www.us-cert.gov/cas/techalerts/TA08-079A.html http://www.vupen.com/english/advisories/2008/0924/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41288 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2008-0059
https://notcve.org/view.php?id=CVE-2008-0059
Race condition in NSXML in Foundation for Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via a crafted XML file, related to "error handling logic." Condiciones de carrera en NSXML de Foundation para Apple Mac OS X 10.4.11 permite a atacantes dependientes del contexto ejecutar código de su elección a través de un archivo XML manipulado, relacionado con "error handling logic (lógica de manipulación de error)". • http://docs.info.apple.com/article.html?artnum=307562 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://secunia.com/advisories/29420 http://www.securityfocus.com/bid/28304 http://www.securityfocus.com/bid/28367 http://www.securitytracker.com/id?1019650 http://www.us-cert.gov/cas/techalerts/TA08-079A.html http://www.vupen.com/english/advisories/2008/0924/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41296 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2008-0056
https://notcve.org/view.php?id=CVE-2008-0056
Stack-based buffer overflow in Foundation in Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via a "long pathname with an unexpected structure" that triggers the overflow in NSFileManager. Desbordamiento de búfer basado en pila en Foundation de Apple Mac OS X 10.4.11 permite a atacantes dependientes del contexto ejecutar código de su elección a través de "un nombre de ruta largo con una estructura inesperada" que dispara el desbordamiento en NSFileManager. • http://docs.info.apple.com/article.html?artnum=307562 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://secunia.com/advisories/29420 http://www.securityfocus.com/bid/28304 http://www.securityfocus.com/bid/28357 http://www.securitytracker.com/id?1019649 http://www.us-cert.gov/cas/techalerts/TA08-079A.html http://www.vupen.com/english/advisories/2008/0924/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41309 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •