Vulnerability CVE-2009-1687 - CERT Civis.Net

Vulnerability Name:

CVE-2009-1687 (CCN-51237)

Assigned:

2009-06-10

Published:

2009-06-10

Updated:

2017-09-29

Summary:

The JavaScript garbage collector in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle allocation failures, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document that triggers write access to an "offset of a NULL pointer."

CVSS v3 Severity:

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

6.8 Medium (REDHAT CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (REDHAT Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-399
CWE-190

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2009-1687

Source: APPLE
Type: Vendor Advisory
APPLE-SA-2009-06-08-1

Source: APPLE
Type: UNKNOWN
APPLE-SA-2009-06-17-1

Source: SUSE
Type: UNKNOWN
SUSE-SR:2011:002

Source: OSVDB
Type: UNKNOWN
54985

Source: CCN
Type: RHSA-2009-1127
Critical: kdelibs security update

Source: CCN
Type: SA35379
Apple Safari Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
35379

Source: CCN
Type: SA35582
KDE Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
36057

Source: SECUNIA
Type: UNKNOWN
36062

Source: SECUNIA
Type: UNKNOWN
36790

Source: SECUNIA
Type: UNKNOWN
37746

Source: SECUNIA
Type: UNKNOWN
43068

Source: CCN
Type: SECTRACK ID: 1022345
Apple Safari Bugs Let Remote Users Execute Arbitrary Code

Source: SECTRACK
Type: Patch
1022345

Source: CCN
Type: Apple Web site
About the security content of Safari 4.0

Source: CONFIRM
Type: Vendor Advisory
http://support.apple.com/kb/HT3613

Source: CONFIRM
Type: UNKNOWN
http://support.apple.com/kb/HT3639

Source: CCN
Type: ASA-2009-253
kdelibs security update (RHSA-2009-1127)

Source: DEBIAN
Type: UNKNOWN
DSA-1950

Source: DEBIAN
Type: DSA-1867
kdelibs -- several vulnerabilities

Source: DEBIAN
Type: DSA-1868
kde4libs -- several vulnerabilities

Source: DEBIAN
Type: DSA-1950
webkit -- several vulnerabilities

Source: DEBIAN
Type: DSA-1988
qt4-x11 -- several vulnerabilities

Source: CCN
Type: KDE Web site
KDE

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2009:330

Source: CCN
Type: OSVDB ID: 54985
Apple Safari WebKit JavaScript Garbage Collector Allocation Failure NULL Pointer Arbitrary Code Execution

Source: CCN
Type: OSVDB ID: 55418
KDE Konqueror WebKit JavaScript Garbage Collector Allocation Failure NULL Pointer Arbitrary Code Execution

Source: BID
Type: Exploit
35260

Source: CCN
Type: BID-35260
RETIRED: Apple Safari Prior to 4.0 Multiple Security Vulnerabilities

Source: BID
Type: UNKNOWN
35309

Source: CCN
Type: BID-35309
WebKit JavaScript Garbage Collector Memory Corruption Vulnerability

Source: CCN
Type: USN-822-1
KDE-Libs vulnerabilities

Source: UBUNTU
Type: UNKNOWN
USN-822-1

Source: CCN
Type: USN-836-1
WebKit vulnerabilities

Source: UBUNTU
Type: UNKNOWN
USN-836-1

Source: CCN
Type: USN-857-1
Qt vulnerabilities

Source: UBUNTU
Type: UNKNOWN
USN-857-1

Source: VUPEN
Type: Patch, Vendor Advisory
ADV-2009-1522

Source: VUPEN
Type: UNKNOWN
ADV-2009-1621

Source: VUPEN
Type: UNKNOWN
ADV-2011-0212

Source: XF
Type: UNKNOWN
safari-garbagecollector-code-execution(51237)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:10260

Source: FEDORA
Type: UNKNOWN
FEDORA-2009-8039

Source: FEDORA
Type: UNKNOWN
FEDORA-2009-8049

Source: FEDORA
Type: UNKNOWN
FEDORA-2009-8046

Source: FEDORA
Type: UNKNOWN
FEDORA-2009-8020

Source: SUSE
Type: SUSE-SR:2011:002
SUSE Security Summary Report

Vulnerable Configuration:

Configuration 1:

cpe:/a:apple:safari:0.8:*:mac:*:*:*:*:*

OR cpe:/a:apple:safari:0.9:*:mac:*:*:*:*:*

OR cpe:/a:apple:safari:1.0:*:mac:*:*:*:*:*

OR cpe:/a:apple:safari:1.0.3:*:mac:*:*:*:*:*

OR cpe:/a:apple:safari:1.1:*:mac:*:*:*:*:*

OR cpe:/a:apple:safari:1.2:*:mac:*:*:*:*:*

OR cpe:/a:apple:safari:1.3:*:mac:*:*:*:*:*

OR cpe:/a:apple:safari:1.3.1:*:mac:*:*:*:*:*

OR cpe:/a:apple:safari:1.3.2:*:mac:*:*:*:*:*

OR cpe:/a:apple:safari:2.0:*:mac:*:*:*:*:*

OR cpe:/a:apple:safari:2.0.2:*:mac:*:*:*:*:*

OR cpe:/a:apple:safari:2.0.4:*:mac:*:*:*:*:*

OR cpe:/a:apple:safari:3.0:*:mac:*:*:*:*:*

OR cpe:/a:apple:safari:3.0.2:-:mac:*:*:*:*:*

OR cpe:/a:apple:safari:3.0.3:*:mac:*:*:*:*:*

OR cpe:/a:apple:safari:3.0.4:*:mac:*:*:*:*:*

OR cpe:/a:apple:safari:3.1:*:mac:*:*:*:*:*

OR cpe:/a:apple:safari:3.1.1:*:mac:*:*:*:*:*

OR cpe:/a:apple:safari:3.1.2:*:mac:*:*:*:*:*

OR cpe:/a:apple:safari:3.2.1:*:mac:*:*:*:*:*

OR cpe:/a:apple:safari:3.2.3:*:mac:*:*:*:*:*

OR cpe:/a:apple:safari:*:*:mac:*:*:*:*:* (Version <= 4.0_beta)

Configuration 2:

cpe:/a:apple:safari:3.0:*:windows:*:*:*:*:*

OR cpe:/a:apple:safari:3.0.1:*:windows:*:*:*:*:*

OR cpe:/a:apple:safari:3.0.2:*:windows:*:*:*:*:*

OR cpe:/a:apple:safari:3.0.3:*:windows:*:*:*:*:*

OR cpe:/a:apple:safari:3.0.4:*:windows:*:*:*:*:*

OR cpe:/a:apple:safari:3.1:*:windows:*:*:*:*:*

OR cpe:/a:apple:safari:3.1.1:*:windows:*:*:*:*:*

OR cpe:/a:apple:safari:3.1.2:*:windows:*:*:*:*:*

OR cpe:/a:apple:safari:3.2:-:windows:*:*:*:*:*

OR cpe:/a:apple:safari:3.2.1:*:windows:*:*:*:*:*

OR cpe:/a:apple:safari:3.2.2:*:windows:*:*:*:*:*

OR cpe:/a:apple:safari:*:*:windows:*:*:*:*:* (Version <= 3.2.3)

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

Configuration RedHat 6:

cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

Configuration RedHat 7:

cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

Configuration RedHat 8:

cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:*

Configuration RedHat 9:

cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

Configuration CCN 1:

cpe:/a:apple:safari:2.0.2:*:*:*:*:*:*:*

OR cpe:/a:apple:safari:3.0.1:*:*:*:*:*:*:*

OR cpe:/a:apple:safari:3.0.2:*:*:*:*:*:*:*

OR cpe:/a:apple:safari:3.0.3:*:*:*:*:*:*:*

OR cpe:/a:apple:safari:3.1:*:*:*:*:*:*:*

OR cpe:/a:apple:safari:1.3.1:*:*:*:*:*:*:*

OR cpe:/a:apple:safari:1.3:*:*:*:*:*:*:*

OR cpe:/a:apple:safari:1.2:*:*:*:*:*:*:*

OR cpe:/a:apple:safari:1.1:*:*:*:*:*:*:*

OR cpe:/a:apple:safari:1.0:*:*:*:*:*:*:*

OR cpe:/a:apple:safari:2.0:*:*:*:*:*:*:*

OR cpe:/a:apple:safari:3.0:*:*:*:*:*:*:*

OR cpe:/a:apple:safari:3.0.4:*:*:*:*:*:*:*

OR cpe:/a:apple:safari:3.1.1:*:*:*:*:*:*:*

OR cpe:/o:kde:kde:4.0.1:*:*:*:*:*:*:*

OR cpe:/o:kde:kde:4.0.2:*:*:*:*:*:*:*

OR cpe:/o:kde:kde:4.0.3:*:*:*:*:*:*:*

OR cpe:/a:apple:safari:3.1.2:*:*:*:*:*:*:*

OR cpe:/a:apple:safari:3.2:*:*:*:*:*:*:*

OR cpe:/a:apple:safari:3.2.1:*:*:*:*:*:*:*

OR cpe:/a:apple:safari:3.2.2:*:*:*:*:*:*:*

OR cpe:/a:apple:safari:1.0.3:*:*:*:*:*:*:*

OR cpe:/a:apple:safari:1.3.2:*:*:*:*:*:*:*

OR cpe:/a:apple:safari:0.8:*:*:*:*:*:*:*

OR cpe:/a:apple:safari:3.2.3:*:*:*:*:*:*:*

OR cpe:/a:apple:safari:4.0:beta:*:*:*:*:*:*

OR cpe:/a:apple:safari:0.9:*:*:*:*:*:*:*

AND

cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0::x86_64:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.0::x86-64:*:*:*:*:*

OR cpe:/o:debian:debian_linux:4.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:*

OR cpe:/o:canonical:ubuntu:8.04::lts:*:*:*:*:*

OR cpe:/o:debian:debian_linux:5.0:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.5.7:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.5.7:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20091687	V	CVE-2009-1687	2015-11-16
oval:org.mitre.oval:def:29301	P	RHSA-2009:1127 -- kdelibs security update (Critical)	2015-08-17
oval:org.mitre.oval:def:13946	P	USN-857-1 -- qt4-x11 vulnerabilities	2014-06-30
oval:org.mitre.oval:def:13862	P	USN-822-1 -- kde4libs, kdelibs vulnerabilities	2014-06-30
oval:org.mitre.oval:def:13113	P	USN-836-1 -- webkit vulnerabilities	2014-06-30
oval:org.mitre.oval:def:7524	P	DSA-1868 kde4libs -- several vulnerabilities	2014-06-23
oval:org.mitre.oval:def:13176	P	DSA-1868-1 kde4libs -- several vulnerabilities	2014-06-23
oval:org.mitre.oval:def:18395	P	DSA-1950-1 webkit - several vulnerabilities	2014-06-23
oval:org.mitre.oval:def:8086	P	DSA-1867 kdelibs -- several vulnerabilities	2014-06-23
oval:org.mitre.oval:def:13290	P	DSA-1867-1 kdelibs -- several vulnerabilities	2014-06-23
oval:org.mitre.oval:def:6923	P	DSA-1988 qt4-x11 -- several vulnerabilities	2014-06-23
oval:org.mitre.oval:def:19394	P	DSA-1988-1 qt4-x11 - several vulnerabilities	2014-06-23
oval:org.mitre.oval:def:7247	P	DSA-1950 webkit -- several vulnerabilities	2014-06-23
oval:org.mitre.oval:def:22057	P	ELSA-2009:1127: kdelibs security update (Critical)	2014-05-26
oval:org.mitre.oval:def:10260	V	The JavaScript garbage collector in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle allocation failures, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document that triggers write access to an "offset of a NULL pointer."	2013-04-29
oval:org.debian:def:1988	V	several vulnerabilities	2010-02-02
oval:org.debian:def:1950	V	several vulnerabilities	2009-12-12
oval:org.debian:def:1867	V	several vulnerabilities	2009-08-19
oval:org.debian:def:1868	V	several vulnerabilities	2009-08-19
oval:com.redhat.rhsa:def:20091127	P	RHSA-2009:1127: kdelibs security update (Critical)	2009-06-25