CVE-2008-4234
https://notcve.org/view.php?id=CVE-2008-4234
Incomplete blacklist vulnerability in the Quarantine feature in CoreTypes in Apple Mac OS X 10.5 before 10.5.6 allows user-assisted remote attackers to execute arbitrary code via an executable file with the content type indicating no application association for the file, which does not trigger a "potentially unsafe" warning message. Vulnerabilidad de lista negra incompleta en la característica Quarantine en CoreTypes en Apple Mac OS X 10.5 y versiones anteriores a 10.5.6, permite a los atacantes remotos usuarios asistidos, ejecutar arbitrariamente código a través de un archivo ejecutable con el tipo de contenido, no indicando la asociación de aplicación para el archivo, el cual no lanza un "potencialmente inseguro" mensaje de aviso. • http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html http://secunia.com/advisories/33179 http://support.apple.com/kb/HT3338 http://www.securityfocus.com/bid/32839 http://www.securitytracker.com/id?1021400 http://www.us-cert.gov/cas/techalerts/TA08-350A.html http://www.vupen.com/english/advisories/2008/3444 https://exchange.xforce.ibmcloud.com/vulnerabilities/47689 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2008-4222
https://notcve.org/view.php?id=CVE-2008-4222
natd in network_cmds in Apple Mac OS X before 10.5.6, when Internet Sharing is enabled, allows remote attackers to cause a denial of service (infinite loop) via a crafted TCP packet. natd en network_cmds de Apple Mac OS X anterior a v10.5.6, cuando Internet Sharing está habilitado, permite a atacantes remotos provocar una denegación de servicio (bucle infinito) a través de un paquete TCP manipulado. • http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html http://secunia.com/advisories/33179 http://support.apple.com/kb/HT3338 http://www.securityfocus.com/bid/32839 http://www.securityfocus.com/bid/32874 http://www.securitytracker.com/id?1021408 http://www.us-cert.gov/cas/techalerts/TA08-350A.html http://www.vupen.com/english/advisories/2008/3444 • CWE-399: Resource Management Errors •
CVE-2008-4221
https://notcve.org/view.php?id=CVE-2008-4221
The strptime API in Libsystem in Apple Mac OS X before 10.5.6 allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a crafted date string, related to improper memory allocation. La API strptime en Libsystem en Apple Mac OS X anteriores a v10.5.6, permite a atacantes dependientes de contexto producir una denegación de servicio (caída de aplicación o agotamiento de memoria) o ejecutar código a su elección a través de una cadena de código de fecha manipulada, relacionada con la localización errónea de memoria • http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html http://secunia.com/advisories/33179 http://support.apple.com/kb/HT3338 http://www.securityfocus.com/bid/32839 http://www.securityfocus.com/bid/32881 http://www.securitytracker.com/id?1021406 http://www.us-cert.gov/cas/techalerts/TA08-350A.html http://www.vupen.com/english/advisories/2008/3444 • CWE-399: Resource Management Errors •
CVE-2008-4218
https://notcve.org/view.php?id=CVE-2008-4218
Multiple integer overflows in the kernel in Apple Mac OS X before 10.5.6 on Intel platforms allow local users to gain privileges via a crafted call to (1) i386_set_ldt or (2) i386_get_ldt. Multiples desbordamientos de entero en el kernel de Apple Mac OS X anteriores a v10.5.6 en plataformas Intel permite a usuarios locales ganar privilegios a través de una llamada manipulada a (1) i386_set_ldt or (2) i386_get_ldt. • http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html http://secunia.com/advisories/33179 http://support.apple.com/kb/HT3338 http://www.securityfocus.com/bid/32839 http://www.securityfocus.com/bid/32879 http://www.securitytracker.com/id?1021403 http://www.us-cert.gov/cas/techalerts/TA08-350A.html http://www.vupen.com/english/advisories/2008/3444 • CWE-189: Numeric Errors •
CVE-2008-4217
https://notcve.org/view.php?id=CVE-2008-4217
Integer signedness error in BOM in Apple Mac OS X before 10.5.6 allows remote attackers to execute arbitrary code via the headers in a crafted CPIO archive, leading to a stack-based buffer overflow. Error de presencia de signo en entero en BOM en Apple Mac OS X versiones anteriores a 10.5.6 que permite a los atacantes remotos ejecutar arbitrariamente código a través de las cabeceras de un fichero CPIO manipulado, permitiendo un desbordamiento de búfer basado en pila. • http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html http://secunia.com/advisories/33179 http://support.apple.com/kb/HT3338 http://www.securityfocus.com/bid/32839 http://www.securityfocus.com/bid/32876 http://www.securitytracker.com/id?1021399 http://www.us-cert.gov/cas/techalerts/TA08-350A.html http://www.vupen.com/english/advisories/2008/3444 • CWE-189: Numeric Errors •