Vulnerability CVE-2009-1698 - CERT Civis.Net

Vulnerability Name:

CVE-2009-1698 (CCN-51251)

Assigned:

2009-06-08

Published:

2009-06-08

Updated:

2022-08-09

Summary:

WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not initialize a pointer during handling of a Cascading Style Sheets (CSS) attr function call with a large numerical argument, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.

CVSS v3 Severity:

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

6.8 Medium (REDHAT CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (REDHAT Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

Vulnerability Consequences:

Gain Access

References:

Source: MISC
Type: UNKNOWN
http://blog.zoller.lu/2009/05/advisory-apple-safari-remote-code.html

Source: MITRE
Type: CNA
CVE-2009-1698

Source: APPLE
Type: Patch, Vendor Advisory
APPLE-SA-2009-06-08-1

Source: APPLE
Type: UNKNOWN
APPLE-SA-2009-06-17-1

Source: SUSE
Type: UNKNOWN
SUSE-SR:2011:002

Source: OSVDB
Type: UNKNOWN
55006

Source: CCN
Type: RHSA-2009-1127
Critical: kdelibs security update

Source: CCN
Type: RHSA-2009-1128
Important: kdelibs security update

Source: CCN
Type: SA35379
Apple Safari Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
35379

Source: CCN
Type: SA35581
KDE Multiple Vulnerabilities

Source: CCN
Type: SA35582
KDE Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
35588

Source: SECUNIA
Type: UNKNOWN
36057

Source: SECUNIA
Type: UNKNOWN
36062

Source: SECUNIA
Type: UNKNOWN
36790

Source: SECUNIA
Type: UNKNOWN
37746

Source: SECUNIA
Type: UNKNOWN
43068

Source: CCN
Type: SECTRACK ID: 1022345
Apple Safari Bugs Let Remote Users Execute Arbitrary Code

Source: SECTRACK
Type: Patch
1022345

Source: CCN
Type: Apple Web site
About the security content of Safari 4.0

Source: CONFIRM
Type: Patch, Vendor Advisory
http://support.apple.com/kb/HT3613

Source: CONFIRM
Type: UNKNOWN
http://support.apple.com/kb/HT3639

Source: CCN
Type: ASA-2009-252
kdelibs security update (RHSA-2009-1128)

Source: CCN
Type: ASA-2009-253
kdelibs security update (RHSA-2009-1127)

Source: DEBIAN
Type: UNKNOWN
DSA-1950

Source: DEBIAN
Type: DSA-1867
kdelibs -- several vulnerabilities

Source: DEBIAN
Type: DSA-1868
kde4libs -- several vulnerabilities

Source: DEBIAN
Type: DSA-1950
webkit -- several vulnerabilities

Source: DEBIAN
Type: DSA-1988
qt4-x11 -- several vulnerabilities

Source: CCN
Type: KDE Web site
KDE

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2009:330

Source: CCN
Type: OSVDB ID: 55006
Apple iPhone / Safari WebKit CSS attr() Function Uninitialized Pointer Issue Arbitrary Code Execution

Source: REDHAT
Type: UNKNOWN
RHSA-2009:1128

Source: BUGTRAQ
Type: UNKNOWN
20090608 ZDI-09-032: Apple WebKit attr() Invalid Attribute Memory Corruption Vulnerability

Source: BUGTRAQ
Type: UNKNOWN
20090614 [TZO-37-2009] Apple Safari

Source: BID
Type: Exploit
35260

Source: CCN
Type: BID-35260
RETIRED: Apple Safari Prior to 4.0 Multiple Security Vulnerabilities

Source: BID
Type: UNKNOWN
35318

Source: CCN
Type: BID-35318
WebKit CSS 'Attr' Function Remote Code Execution Vulnerability

Source: CCN
Type: USN-822-1
KDE-Libs vulnerabilities

Source: UBUNTU
Type: UNKNOWN
USN-822-1

Source: CCN
Type: USN-836-1
WebKit vulnerabilities

Source: UBUNTU
Type: UNKNOWN
USN-836-1

Source: CCN
Type: USN-857-1
Qt vulnerabilities

Source: UBUNTU
Type: UNKNOWN
USN-857-1

Source: VUPEN
Type: Patch, Vendor Advisory
ADV-2009-1522

Source: VUPEN
Type: UNKNOWN
ADV-2009-1621

Source: VUPEN
Type: UNKNOWN
ADV-2011-0212

Source: MISC
Type: Patch
http://www.zerodayinitiative.com/advisories/ZDI-09-032/

Source: XF
Type: UNKNOWN
safari-attr-code-execution(51251)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:9484

Source: FEDORA
Type: UNKNOWN
FEDORA-2009-8039

Source: FEDORA
Type: UNKNOWN
FEDORA-2009-8049

Source: FEDORA
Type: UNKNOWN
FEDORA-2009-8046

Source: FEDORA
Type: UNKNOWN
FEDORA-2009-8020

Source: SUSE
Type: SUSE-SR:2011:002
SUSE Security Summary Report

Source: CCN
Type: ZDI-09-032
Apple WebKit attr() Invalid Attribute Memory Corruption Vulnerability

Vulnerable Configuration:

Configuration 1:

cpe:/a:apple:safari:3.0.4b:*:*:*:*:*:*:*

OR cpe:/a:apple:safari:2.0.3:417.9.3:*:*:*:*:*:*

OR cpe:/a:apple:safari:3.0.4:*:*:*:*:*:*:*

OR cpe:/a:apple:safari:3.0.1:beta:*:*:*:*:*:*

OR cpe:/a:apple:safari:2.0.1:*:*:*:*:*:*:*

OR cpe:/a:apple:safari:2.0.3:*:*:*:*:*:*:*

OR cpe:/a:apple:safari:2.0.2:*:*:*:*:*:*:*

OR cpe:/a:apple:safari:3.0.0:*:*:*:*:*:*:*

OR cpe:/a:apple:safari:3.0.1:*:*:*:*:*:*:*

OR cpe:/a:apple:safari:3.1.0b:*:*:*:*:*:*:*

OR cpe:/a:apple:safari:3.1.0:*:*:*:*:*:*:*

OR cpe:/a:apple:safari:3.0.1b:*:*:*:*:*:*:*

OR cpe:/a:apple:safari:2.0.3:417.9:*:*:*:*:*:*

OR cpe:/a:apple:safari:2.0.3:417.8:*:*:*:*:*:*

OR cpe:/a:apple:safari:3.1.2:*:*:*:*:*:*:*

OR cpe:/a:apple:safari:3.1.1:*:*:*:*:*:*:*

OR cpe:/a:apple:safari:3.0.2b:*:*:*:*:*:*:*

OR cpe:/a:apple:safari:3.0.2:*:*:*:*:*:*:*

OR cpe:/a:apple:safari:2.0.4:*:*:*:*:*:*:*

OR cpe:/a:apple:safari:2.0.3:417.9.2:*:*:*:*:*:*

OR cpe:/a:apple:safari:2.0:*:*:*:*:*:*:*

OR cpe:/a:apple:safari:*:*:*:*:*:*:*:* (Version <= 3.2.2)

OR cpe:/a:apple:safari:3.0.0b:*:*:*:*:*:*:*

OR cpe:/a:apple:safari:3.2.0:*:*:*:*:*:*:*

OR cpe:/a:apple:safari:3.0.3b:*:*:*:*:*:*:*

OR cpe:/a:apple:safari:3.0.3:*:*:*:*:*:*:*

OR cpe:/a:apple:safari:2.0.0:*:*:*:*:*:*:*

OR cpe:/a:apple:safari:3.2.1:*:*:*:*:*:*:*

OR cpe:/a:apple:safari:3.0:*:*:*:*:*:*:*

Configuration 2:

cpe:/o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*

OR cpe:/o:apple:iphone_os:2.2:*:*:*:*:*:*:*

OR cpe:/o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*

OR cpe:/o:apple:iphone_os:2.0.0:*:*:*:*:*:*:*

OR cpe:/o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*

OR cpe:/o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*

OR cpe:/o:apple:iphone_os:1.1.0:*:*:*:*:*:*:*

OR cpe:/o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*

OR cpe:/o:apple:iphone_os:2.1:*:*:*:*:*:*:*

OR cpe:/o:apple:iphone_os:2.0:*:*:*:*:*:*:*

OR cpe:/o:apple:iphone_os:1.0.0:*:*:*:*:*:*:*

OR cpe:/o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*

OR cpe:/o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*

OR cpe:/o:apple:iphone_os:2.2.1:*:*:*:*:*:*:*

OR cpe:/o:apple:iphone_os:1.1.5:*:*:*:*:*:*:*

OR cpe:/o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*

OR cpe:/o:apple:iphone_os:2.1.1:*:*:*:*:*:*:*

AND

cpe:/o:apple:iphone_os:*:*:*:*:*:*:*:*

Configuration 3:

cpe:/o:apple:iphone_os:2.2:*:*:*:*:*:*:*

OR cpe:/o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*

OR cpe:/o:apple:iphone_os:2.0.0:*:*:*:*:*:*:*

OR cpe:/o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*

OR cpe:/o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*

OR cpe:/o:apple:iphone_os:1.1.0:*:*:*:*:*:*:*

OR cpe:/o:apple:iphone_os:2.1:*:*:*:*:*:*:*

OR cpe:/o:apple:iphone_os:1.1.5:*:*:*:*:*:*:*

OR cpe:/o:apple:iphone_os:2.1.1:*:*:*:*:*:*:*

OR cpe:/o:apple:iphone_os:2.2.1:*:*:*:*:*:*:*

OR cpe:/o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*

OR cpe:/o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*

OR cpe:/o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*

OR cpe:/o:apple:iphone_os:2.0:*:*:*:*:*:*:*

AND

cpe:/h:apple:ipod_touch:*:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

Configuration RedHat 6:

cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

Configuration RedHat 7:

cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

Configuration RedHat 8:

cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:*

Configuration RedHat 9:

cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

Configuration CCN 1:

cpe:/a:apple:safari:2.0.2:*:*:*:*:*:*:*

OR cpe:/a:apple:safari:3.0.1:*:*:*:*:*:*:*

OR cpe:/a:apple:safari:3.0.2:*:*:*:*:*:*:*

OR cpe:/a:apple:safari:3.0.3:*:*:*:*:*:*:*

OR cpe:/a:apple:safari:3.1:*:*:*:*:*:*:*

OR cpe:/a:apple:safari:1.3.1:*:*:*:*:*:*:*

OR cpe:/a:apple:safari:1.3:*:*:*:*:*:*:*

OR cpe:/a:apple:safari:1.2:*:*:*:*:*:*:*

OR cpe:/a:apple:safari:1.1:*:*:*:*:*:*:*

OR cpe:/a:apple:safari:1.0:*:*:*:*:*:*:*

OR cpe:/a:apple:safari:2.0:*:*:*:*:*:*:*

OR cpe:/a:apple:safari:3.0:*:*:*:*:*:*:*

OR cpe:/a:apple:safari:3.0.4:*:*:*:*:*:*:*

OR cpe:/a:apple:safari:3.1.1:*:*:*:*:*:*:*

OR cpe:/o:kde:kde:4.0.1:*:*:*:*:*:*:*

OR cpe:/o:kde:kde:4.0.2:*:*:*:*:*:*:*

OR cpe:/o:kde:kde:4.0.3:*:*:*:*:*:*:*

OR cpe:/a:apple:safari:3.1.2:*:*:*:*:*:*:*

OR cpe:/a:apple:safari:3.2:*:*:*:*:*:*:*

OR cpe:/a:apple:safari:3.2.1:*:*:*:*:*:*:*

OR cpe:/a:apple:safari:3.2.2:*:*:*:*:*:*:*

OR cpe:/a:apple:safari:1.0.3:*:*:*:*:*:*:*

OR cpe:/a:apple:safari:1.3.2:*:*:*:*:*:*:*

OR cpe:/a:apple:safari:0.8:*:*:*:*:*:*:*

OR cpe:/a:apple:safari:3.2.3:*:*:*:*:*:*:*

OR cpe:/a:apple:safari:4.0:beta:*:*:*:*:*:*

OR cpe:/a:apple:safari:0.9:*:*:*:*:*:*:*

AND

cpe:/o:kde:kde:3.0.2:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*

OR cpe:/o:kde:kde:3.2.3:*:*:*:*:*:*:*

OR cpe:/o:kde:kde:3.3.0:*:*:*:*:*:*:*

OR cpe:/o:kde:kde:3.3.1:*:*:*:*:*:*:*

OR cpe:/o:kde:kde:3.1.4:*:*:*:*:*:*:*

OR cpe:/o:kde:kde:3.2.1:*:*:*:*:*:*:*

OR cpe:/o:kde:kde:3.3.2:*:*:*:*:*:*:*

OR cpe:/o:kde:kde:3.5.2:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

OR cpe:/o:kde:kde:3.5:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:x86_64:*:*:*:*:*

OR cpe:/o:kde:kde:3.5.5:*:*:*:*:*:*:*

OR cpe:/o:kde:kde:3.5.6:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:x86-64:*:*:*:*:*

OR cpe:/o:debian:debian_linux:4.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:*

OR cpe:/o:kde:kde:3.5.7:*:*:*:*:*:*:*

OR cpe:/o:kde:kde:3.5.8:*:*:*:*:*:*:*

OR cpe:/o:kde:kde:3.5.9:*:*:*:*:*:*:*

OR cpe:/o:canonical:ubuntu:8.04:*:lts:*:*:*:*:*

OR cpe:/o:debian:debian_linux:5.0:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.5.7:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.5.7:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20091698	V	CVE-2009-1698	2015-11-16
oval:org.mitre.oval:def:29301	P	RHSA-2009:1127 -- kdelibs security update (Critical)	2015-08-17
oval:org.mitre.oval:def:13862	P	USN-822-1 -- kde4libs, kdelibs vulnerabilities	2014-06-30
oval:org.mitre.oval:def:13113	P	USN-836-1 -- webkit vulnerabilities	2014-06-30
oval:org.mitre.oval:def:13946	P	USN-857-1 -- qt4-x11 vulnerabilities	2014-06-30
oval:org.mitre.oval:def:7247	P	DSA-1950 webkit -- several vulnerabilities	2014-06-23
oval:org.mitre.oval:def:7524	P	DSA-1868 kde4libs -- several vulnerabilities	2014-06-23
oval:org.mitre.oval:def:13176	P	DSA-1868-1 kde4libs -- several vulnerabilities	2014-06-23
oval:org.mitre.oval:def:18395	P	DSA-1950-1 webkit - several vulnerabilities	2014-06-23
oval:org.mitre.oval:def:8086	P	DSA-1867 kdelibs -- several vulnerabilities	2014-06-23
oval:org.mitre.oval:def:13290	P	DSA-1867-1 kdelibs -- several vulnerabilities	2014-06-23
oval:org.mitre.oval:def:6923	P	DSA-1988 qt4-x11 -- several vulnerabilities	2014-06-23
oval:org.mitre.oval:def:19394	P	DSA-1988-1 qt4-x11 - several vulnerabilities	2014-06-23
oval:org.mitre.oval:def:22057	P	ELSA-2009:1127: kdelibs security update (Critical)	2014-05-26
oval:org.mitre.oval:def:9484	V	WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not initialize a pointer during handling of a Cascading Style Sheets (CSS) attr function call with a large numerical argument, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.	2013-04-29
oval:org.debian:def:1988	V	several vulnerabilities	2010-02-02
oval:org.debian:def:1950	V	several vulnerabilities	2009-12-12
oval:org.debian:def:1867	V	several vulnerabilities	2009-08-19
oval:org.debian:def:1868	V	several vulnerabilities	2009-08-19
oval:com.redhat.rhsa:def:20091127	P	RHSA-2009:1127: kdelibs security update (Critical)	2009-06-25
oval:com.redhat.rhsa:def:20091128	P	RHSA-2009:1128: kdelibs security update (Important)	2009-06-25