漏洞信息详情
CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Mac OS X KHTML解析器远程拒绝服务漏洞
- CNNVD编号:CNNVD-200512-545
- 危害等级: 中危
- CVE编号: CVE-2005-4504
- 漏洞类型: 资料不足
- 发布时间: 2005-11-14
- 威胁类型: 远程
- 更新时间: 2005-12-27
- 厂 商: CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple
- 漏洞来源: Tom Ferris tommy@...
漏洞简介
CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Mac OS X是苹果家族电脑所使用的操作系统。
Mac OS X的KHTML解析器中存在拒绝服务漏洞。
在运行特制的.HTML文件时,kHTML::RenderTableSection::ensureRows没有正确的解析数据,导致崩溃。KTHML解析器试图将内部数组的大小调整为rowspan值所显示的单元数。如果这个值很大的话,就无法调整数组,应用程序就会终止。
下面显示的是gdb中OS X 10.4.3上使用Safari所触发的崩溃:
Program received signal SIGABRT, Aborted.
0x9004716c in kill ()
(gdb) bt
#0 0x9004716c in kill ()
#1 0x90128b98 in abort ()
#2 0x95dcd974 in kHTML::sYSMALLOc () <(=-- Is called because of sYSMALLOc(1234567890)
#3 0x95dce1a4 in kHTML::main_thread_realloc ()
#4 0x95bc0d64 in KWQArrayImpl::resize ()
#5 0x95c05428 in kHTML::RenderTableSection::ensureRows ()
#6 0x95c0784c in kHTML::RenderTableSection::addCell ()
#7 0x95c076ac in kHTML::RenderTableRow::addChild ()
#8 0x95bcb2d8 in DOM::NodeImpl::createRendererIfNeeded ()
#9 0x95bcb1c4 in DOM::ElementImpl::attach ()
#10 0x95bca254 in KHTMLParser::insertNode ()
#11 0x95bcadd8 in KHTMLParser::insertNode ()
#12 0x95bcadd8 in KHTMLParser::insertNode ()
#13 0x95bc83fc in KHTMLParser::parseToken ()
#14 0x95bc54a4 in kHTML::HTMLTokenizer::processToken ()
#15 0x95bc6e08 in kHTML::HTMLTokenizer::parseTag ()
#16 0x95bc4d24 in kHTML::HTMLTokenizer::write ()
#17 0x95bc038c in KHTMLPart::write ()
#18 0x959b510c in -[WebDataSource(WebPrivate) _commitLoadWithData:] ()
#19 0x9598165c in -[WebMainResourceClient addData:] ()
#20 0x95981588 in -[WebBaseResourceHandleDelegate didReceiveData:lengthReceived:] ()
#21 0x959db930 in -[WebMainResourceClient didReceiveData:lengthReceived:] ()
#22 0x95981524 in -[WebBaseResourceHandleDelegate connection:didReceiveData:lengthReceived:] ()
#23 0x92910a64 in -[NSURLConnection(NSURLConnectionInternal) _sendDidReceiveDataCallback] ()
#24 0x9290ef04 in -[NSURLConnection(NSURLConnectionInternal) _sendCallbacks] ()
#25 0x9290eca0 in _sendCallbacks ()
#26 0x9075db20 in __CFRunLoopDoSources0 ()
#27 0x9075cf98 in __CFRunLoopRun ()
#28 0x9075ca18 in CFRunLoopRunSpecific ()
#29 0x931861e0 in RunCurrentEventLoopInMode ()
#30 0x931857ec in ReceiveNextEventCommon ()
#31 0x931856e0 in BlockUntilNextEventMatchingListInMode ()
#32 0x93683904 in _DPSNextEvent ()
#33 0x936835c8 in -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] ()
#34 0x00007910 in ?? ()
#35 0x9367fb0c in -[NSApplication run] ()
#36 0x93770618 in NSApplicationMain ()
#37 0x0000307c in ?? ()
#38 0x00057758 in ?? ()
漏洞公告
参考网址
来源:US-CERT Technical Alert
名称: TA06-062A
链接:http://www.us-cert.gov/cas/techalerts/TA06-062A.HTML
来源:US-CERT Vulnerability Note
名称: VU#351217
链接:http://www.kb.cert.org/vuls/id/351217
来源: BID
名称: 16045
链接:http://www.securityfocus.com/bid/16045
来源: MISC
链接:http://security-protocols.com/advisory/sp-x22-advisory.txt
来源: SECUNIA
名称: 18220
链接:http://secunia.com/advisories/18220
来源: XF
名称: macos-kHTMLparser-dos(23819)
链接:http://xforce.iss.net/xforce/xfdb/23819
来源: BID
名称: 16907
链接:http://www.securityfocus.com/bid/16907
来源: VUPEN
名称: ADV-2006-0791
链接:http://www.frsirt.com/english/advisories/2006/0791
来源: VUPEN
名称: ADV-2005-3058
链接:http://www.frsirt.com/english/advisories/2005/3058
来源: SECUNIA
名称: 19064
链接:http://secunia.com/advisories/19064
来源: CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple
名称: CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple-SA-2006-03-01
链接:http://lists.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/archives/security-announce/2006/Mar/msg00000.HTML
来源: docs.info.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com
链接:http://docs.info.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/jarticle.HTML?artnum=303382-en
来源: docs.info.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com
链接:http://docs.info.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/article.HTML?artnum=303382
受影响实体
- CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Mac_os_x_server:10.4.3
- CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Mac_os_x_server:10.4.2
- CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Mac_os_x_server:10.4.1
- CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Mac_os_x_server:10.4
- CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Mac_os_x_server:10.3.9
补丁
暂无
![weinxin](http://zone.ci/zone_ci_images/zone.ci.png)
评论