|Apple Mac OS X 2009-003修补多个安全漏洞 - VULHUB开源网络安全威胁库

Apple Mac OS X 2009-003修补多个安全漏洞

- AV AC AU C I A

发布： 2025-04-13

修订： 2025-04-13

Bugraq ID: 35954 CVE ID：CVE-2009-1723 CVE-2009-1726 CVE-2009-1727 CVE-2009-0151 CVE-2009-1728 CVE-2009-2188 CVE-2009-2190 CVE-2009-2191 CVE-2009-2192 CVE-2009-2193 CVE-2009-2194 CNCVE ID：CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20092188 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 CNCVE-20092194 Apple Mac OS X是一款基于BSD的操作系统。 Apple Mac OS X安全升级2009-003修复多个安全漏洞： CVE-ID: CVE-2008-1372： CNCVE ID：CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20092188 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 CNCVE-20092194 CNCVE-20081372 bzip2存在越界内存发那个吻问题，构建恶意的压缩文件，诱使用户打开可导致应用程序崩溃。 CVE-ID: CVE-2009-1723： CNCVE ID：CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20092188 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 CNCVE-20092194 CNCVE-20081372 CNCVE-20091723 当Safari访问到通过302重定向的WEB站点时，会提示证书警告，此警告会包含原始WEB站点URL来代替当前WEB站点URL，这允许恶意构建的WEB站点可控制显示在证书警告中的WEB站点URL，导致用户盲目信任。 CVE-ID: CVE-2009-1726： CNCVE ID：CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20092188 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 CNCVE-20092194 CNCVE-20081372 CNCVE-20091723 CNCVE-20091726 打开一个特殊构建的使用嵌入式ColorSync配置文件的图像时可导致应用程序崩溃。 CVE-ID: CVE-2009-1727： CNCVE ID：CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20092188 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 CNCVE-20092194 CNCVE-20081372 CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 打开部分不安全内容类型时没有对用户提示警告，可导致恶意脚本代码负载执行。 CVE-ID: CVE-2009-0151： CNCVE ID：CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20092188 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 CNCVE-20092194 CNCVE-20081372 CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 屏幕保护没有正确阻断four-finger Multi-Touch gestures多点触控，允许物理访问的用户可管理应用程序。 CVE-ID: CVE-2009-1728： CNCVE ID：CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20092188 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 CNCVE-20092194 CNCVE-20081372 CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 处理Canon RAW图像存在多个栈缓冲区溢出。 CVE-ID: CVE-2009-1722： CNCVE ID：CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20092188 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 CNCVE-20092194 CNCVE-20081372 CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20091722 ImageIO处理OpenEXR图像存在堆缓冲区溢出。 CVE-ID: CVE-2009-1721： CNCVE ID：CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20092188 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 CNCVE-20092194 CNCVE-20081372 CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20091722 CNCVE-20091721 ImageIO处理OpenEXR图像存在未初始化内存访问问题，可导致应用程序崩溃或任意代码执行。 CVE-ID: CVE-2009-1720： CNCVE ID：CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20092188 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 CNCVE-20092194 CNCVE-20081372 CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20091722 CNCVE-20091721 CNCVE-20091720 ImageIO处理OpenEXR图像存在整数溢出问题，可导致应用程序崩溃或任意代码执行。 CVE-ID: CVE-2009-2188： CNCVE ID：CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20092188 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 CNCVE-20092194 CNCVE-20081372 CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20091722 CNCVE-20091721 CNCVE-20091720 CNCVE-20092188 ImageIO处理EXIF元数据存在缓冲区溢出问题，可导致应用程序崩溃或任意代码执行。 CVE-ID: CVE-2009-0040： CNCVE ID：CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20092188 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 CNCVE-20092194 CNCVE-20081372 CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20091722 CNCVE-20091721 CNCVE-20091720 CNCVE-20092188 CNCVE-20090040 处理PNG图像存在未初始化指针问题，构建特殊的PNG诱使用户处理可导致应用程序崩溃或任意代码执行。 CVE-ID: CVE-2009-1235： CNCVE ID：CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20092188 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 CNCVE-20092194 CNCVE-20081372 CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20091722 CNCVE-20091721 CNCVE-20091720 CNCVE-20092188 CNCVE-20090040 CNCVE-20091235 内核fcntl系统调用处理存在实现错误，本地攻击者可以覆盖内核内存以系统特权执行任意代码。 CVE-ID: CVE-2009-2190： CNCVE ID：CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20092188 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 CNCVE-20092194 CNCVE-20081372 CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20091722 CNCVE-20091721 CNCVE-20091720 CNCVE-20092188 CNCVE-20090040 CNCVE-20091235 CNCVE-20092190 对基于inetd的launchd服务打开多个连接，可导致launchd停止对外连接的响应。 CVE-ID: CVE-2009-2191： CNCVE ID：CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20092188 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 CNCVE-20092194 CNCVE-20081372 CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20091722 CNCVE-20091721 CNCVE-20091720 CNCVE-20092188 CNCVE-20090040 CNCVE-20091235 CNCVE-20092190 CNCVE-20092191 登录窗口处理应用程序名存在格式串问题，可导致应用程序崩溃或任意代码执行。 CVE-ID: CVE-2009-2192： CNCVE ID：CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20092188 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 CNCVE-20092194 CNCVE-20081372 CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20091722 CNCVE-20091721 CNCVE-20091720 CNCVE-20092188 CNCVE-20090040 CNCVE-20091235 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 MobileMe存在一个逻辑错误，在退出时没有删除所有凭据，本地用户可以访问其他MobileMe帐户相关资源。 CVE-ID: CVE-2009-2193： CNCVE ID：CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20092188 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 CNCVE-20092194 CNCVE-20081372 CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20091722 CNCVE-20091721 CNCVE-20091720 CNCVE-20092188 CNCVE-20090040 CNCVE-20091235 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 内核处理 AppleTalk应答报文存在缓冲区溢出，可导致以系统权限执行任意指令。 CVE-ID: CVE-2009-2194： CNCVE ID：CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20092188 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 CNCVE-20092194 CNCVE-20081372 CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20091722 CNCVE-20091721 CNCVE-20091720 CNCVE-20092188 CNCVE-20090040 CNCVE-20091235 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 CNCVE-20092194 处理通过本地套接字共享的文件描述符存在同步问题，通过发送包含文件描述符的消息给没有接收者的套接字，本地用户可导致系统崩溃。 CVE-ID: CVE-2008-0674： CNCVE ID：CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20092188 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 CNCVE-20092194 CNCVE-20081372 CNCVE-20091723 CNCVE-20091726 CNCVE-20091727 CNCVE-20090151 CNCVE-20091728 CNCVE-20091722 CNCVE-20091721 CNCVE-20091720 CNCVE-20092188 CNCVE-20090040 CNCVE-20091235 CNCVE-20092190 CNCVE-20092191 CNCVE-20092192 CNCVE-20092193 CNCVE-20092194 CNCVE-20080674 XQuery使用的PCRE库处理规则表达式中的字符类存在缓冲区溢出，构建恶意的XML内容诱使用户访问可触发此漏洞。 Apple Mac OS X Server 10.5.7 Apple Mac OS X Server 10.5.6 Apple Mac OS X Server 10.5.5 Apple Mac OS X Server 10.5.4 Apple Mac OS X Server 10.5.3 Apple Mac OS X Server 10.5.2 Apple Mac OS X Server 10.5.1 Apple Mac OS X Server 10.4.11 Apple Mac OS X Server 10.4.11 Apple Mac OS X Server 10.4.10 Apple Mac OS X Server 10.4.9 Apple Mac OS X Server 10.4.8 Apple Mac OS X Server 10.4.7 Apple Mac OS X Server 10.4.6 Apple Mac OS X Server 10.4.5 Apple Mac OS X Server 10.4.4 Apple Mac OS X Server 10.4.3 Apple Mac OS X Server 10.4.2 Apple Mac OS X Server 10.4.1 Apple Mac OS X Server 10.4 Apple Mac OS X Server 10.5 Apple Mac OS X 10.5.7 Apple Mac OS X 10.5.6 Apple Mac OS X 10.5.5 Apple Mac OS X 10.5.4 Apple Mac OS X 10.5.3 Apple Mac OS X 10.5.2 Apple Mac OS X 10.5.1 Apple Mac OS X 10.4.11 Apple Mac OS X 10.4.11 Apple Mac OS X 10.4.10 Apple Mac OS X 10.4.9 Apple Mac OS X 10.4.8 Apple Mac OS X 10.4.7 Apple Mac OS X 10.4.6 Apple Mac OS X 10.4.5 Apple Mac OS X 10.4.4 Apple Mac OS X 10.4.3 Apple Mac OS X 10.4.2 Apple Mac OS X 10.4.1 Apple Mac OS X 10.4 Apple Mac OS X 10.5 厂商解决方案用户可联系供应商获得升级补丁： Apple Mac OS X Server 10.5 Apple MacOSXServerUpdCombo10.5.8.dmg http://www.apple.com/support/downloads/ Apple Mac OS X 10.5 Apple MacOSXUpdCombo10.5.8.dmg http://www.apple.com/support/downloads/ Apple Mac OS X Server 10.4.11 Apple SecUpdSrvr2009-003PPC.dmg PowerPC http://www.apple.com/support/downloads/ Apple SecUpdSrvr2009-003Univ.dmg Universal http://www.apple.com/support/downloads/ Apple Mac OS X 10.4.11 Apple SecUpd2009-003Intel.dmg Intel http://www.apple.com/support/downloads/ Apple SecUpd2009-003PPC.dmg PPC http://www.apple.com/support/downloads/ Apple Mac OS X 10.5.1 Apple MacOSXUpdCombo10.5.8.dmg http://www.apple.com/support/downloads/ Apple Mac OS X Server 10.5.1 Apple MacOSXServerUpdCombo10.5.8.dmg http://www.apple.com/support/downloads/ Apple Mac OS X 10.5.2 Apple MacOSXUpdCombo10.5.8.dmg http://www.apple.com/support/downloads/ Apple Mac OS X Server 10.5.2 Apple MacOSXServerUpdCombo10.5.8.dmg http://www.apple.com/support/downloads/ Apple Mac OS X 10.5.3 Apple MacOSXUpdCombo10.5.8.dmg http://www.apple.com/support/downloads/ Apple Mac OS X Server 10.5.3 Apple MacOSXServerUpdCombo10.5.8.dmg http://www.apple.com/support/downloads/ Apple Mac OS X 10.5.4 Apple MacOSXUpdCombo10.5.8.dmg http://www.apple.com/support/downloads/ Apple Mac OS X Server 10.5.4 Apple MacOSXServerUpdCombo10.5.8.dmg http://www.apple.com/support/downloads/ Apple Mac OS X Server 10.5.5 Apple MacOSXServerUpdCombo10.5.8.dmg http://www.apple.com/support/downloads/ Apple Mac OS X 10.5.5 Apple MacOSXUpdCombo10.5.8.dmg http://www.apple.com/support/downloads/ Apple Mac OS X 10.5.6 Apple MacOSXUpdCombo10.5.8.dmg http://www.apple.com/support/downloads/ Apple Mac OS X Server 10.5.6 Apple MacOSXServerUpdCombo10.5.8.dmg http://www.apple.com/support/downloads/ Apple Mac OS X Server 10.5.7 Apple MacOSXServerUpd10.5.8.dmg http://www.apple.com/support/downloads/ Apple Mac OS X 10.5.7 Apple MacOSXUpd10.5.8.dmg http://www.apple.com/support/downloads/

漏洞利用/PoC

暂无可用Exp或PoC

受影响的平台与产品

当前有0条受影响产品信息

您还没有登录，登录后可查看更多

添加资源
收藏资源
问题反馈

贡献用户

暂无贡献用户

VULHUB ™