CVE-2008-0051 - OpenCVE

Integer overflow in CoreFoundation in Apple Mac OS X 10.4.11 might allow local users to execute arbitrary code via crafted time zone data.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:M/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apple	Mac Os X Mac Os X Server

Configuration 1 [-]

OR	cpe:2.3:o:apple:mac_os_x:10.4.11:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.4.11:::::::*

No data.

References

Link	Providers
http://docs.info.apple.com/article.html?artnum=307562
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
http://secunia.com/advisories/29420
http://www.securityfocus.com/bid/28304
http://www.securityfocus.com/bid/28375
http://www.securitytracker.com/id?1019670
http://www.us-cert.gov/cas/techalerts/TA08-079A.html
http://www.vupen.com/english/advisories/2008/0924/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/41310

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-03-18T22:00:00

Updated: 2024-08-07T07:32:24.142Z

Reserved: 2008-01-03T00:00:00

Link: CVE-2008-0051

Vulnrichment

No data.

NVD

Status : Modified

Published: 2008-03-18T22:44:00.000

Modified: 2017-08-08T01:29:19.947

Link: CVE-2008-0051

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-03-18T00:00:00", "descriptions": [{"lang": "en", "value": "Integer overflow in CoreFoundation in Apple Mac OS X 10.4.11 might allow local users to execute arbitrary code via crafted time zone data."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "28304", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/28304"}, {"name": "1019670", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1019670"}, {"name": "TA08-079A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA08-079A.html"}, {"name": "ADV-2008-0924", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/0924/references"}, {"name": "28375", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/28375"}, {"name": "29420", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29420"}, {"name": "APPLE-SA-2008-03-18", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://docs.info.apple.com/article.html?artnum=307562"}, {"name": "macos-corefoundation-timezone-code-execution(41310)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41310"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-0051", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Integer overflow in CoreFoundation in Apple Mac OS X 10.4.11 might allow local users to execute arbitrary code via crafted time zone data."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "28304", "refsource": "BID", "url": "http://www.securityfocus.com/bid/28304"}, {"name": "1019670", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1019670"}, {"name": "TA08-079A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA08-079A.html"}, {"name": "ADV-2008-0924", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/0924/references"}, {"name": "28375", "refsource": "BID", "url": "http://www.securityfocus.com/bid/28375"}, {"name": "29420", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29420"}, {"name": "APPLE-SA-2008-03-18", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"}, {"name": "http://docs.info.apple.com/article.html?artnum=307562", "refsource": "CONFIRM", "url": "http://docs.info.apple.com/article.html?artnum=307562"}, {"name": "macos-corefoundation-timezone-code-execution(41310)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41310"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T07:32:24.142Z"}, "title": "CVE Program Container", "references": [{"name": "28304", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/28304"}, {"name": "1019670", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1019670"}, {"name": "TA08-079A", "tags": ["third-party-advisory", "x_refsource_CERT", "x_transferred"], "url": "http://www.us-cert.gov/cas/techalerts/TA08-079A.html"}, {"name": "ADV-2008-0924", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/0924/references"}, {"name": "28375", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/28375"}, {"name": "29420", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29420"}, {"name": "APPLE-SA-2008-03-18", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://docs.info.apple.com/article.html?artnum=307562"}, {"name": "macos-corefoundation-timezone-code-execution(41310)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41310"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-0051", "datePublished": "2008-03-18T22:00:00", "dateReserved": "2008-01-03T00:00:00", "dateUpdated": "2024-08-07T07:32:24.142Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*", "matchCriteriaId": "6EE39585-CF3B-4493-96D8-B394544C7643", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:*", "matchCriteriaId": "D09D5933-A7D9-4A61-B863-CD8E7D5E67D8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Integer overflow in CoreFoundation in Apple Mac OS X 10.4.11 might allow local users to execute arbitrary code via crafted time zone data."}, {"lang": "es", "value": "Desbordamiento de entero de CoreFoundation en Apple Mac OS X 10.4.11, deber\u00eda permitir a los usuarios locales, ejecutar c\u00f3digo de su elecci\u00f3n mediante datos de zona horaria manipulados."}], "id": "CVE-2008-0051", "lastModified": "2017-08-08T01:29:19.947", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-03-18T22:44:00.000", "references": [{"source": "cve@mitre.org", "url": "http://docs.info.apple.com/article.html?artnum=307562"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/29420"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/28304"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/28375"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1019670"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA08-079A.html"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/0924/references"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41310"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-189"}], "source": "nvd@nist.gov", "type": "Primary"}]}