漏洞信息详情
CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Mac OS X iChat操作目录遍历漏洞
- CNNVD编号:CNNVD-201006-286
- 危害等级: 中危
- CVE编号: CVE-2010-1374
- 漏洞类型: 路径遍历
- 发布时间: 2010-06-21
- 威胁类型: 远程
- 更新时间: 2010-06-21
- 厂 商: CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple
- 漏洞来源: CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple; Adrian 'pag...
漏洞简介
CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Mac OS X是苹果家族电脑所使用的操作系统,Font Book是Mac OS X中所包括的字体管理工具。
CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Mac OS X的iChat操作目录遍历漏洞,当使用AIM时,远程攻击者可利用内联式影像转移操作的目录遍历序列创建任意文件。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Mac OS X Server 10.6
CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple MacOSXServUpdCombo10.6.4.dmg
http://www.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/support/downloads/
CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Mac OS X 10.6
CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple MacOSXUpdCombo10.6.4.dmg
http://www.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/support/downloads/
CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Mac OS X Server 10.5.8
CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple SecUpdSrvr2010-004.dmg
http://www.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/support/downloads/
CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Mac OS X 10.5.8
CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple SecUpd2010-004.dmg
http://www.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/support/downloads/
CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Mac OS X Server 10.6.1
CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple MacOSXServUpdCombo10.6.4.dmg
http://www.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/support/downloads/
CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Mac OS X 10.6.1
CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple MacOSXUpdCombo10.6.4.dmg
http://www.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/support/downloads/
CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Mac OS X 10.6.2
CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple MacOSXUpdCombo10.6.4.dmg
http://www.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/support/downloads/
CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Mac OS X Server 10.6.2
CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple MacOSXServUpdCombo10.6.4.dmg
http://www.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/support/downloads/
CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Mac OS X 10.6.3
CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple MacOSXUpd10.6.4.dmg
http://www.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/support/downloads/
CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Mac OS X Server 10.6.3
CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple MacOSXServerUpd10.6.4.dmg
http://www.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/support/downloads/
参考网址
来源: BID
名称: 40871
链接:http://www.securityfocus.com/bid/40871
来源: support.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com
链接:http://support.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/kb/HT4188
来源: VUPEN
名称: ADV-2010-1481
链接:http://www.vupen.com/english/advisories/2010/1481
来源: SECTRACK
名称: 1024103
链接:http://securitytracker.com/id?1024103
来源: SECUNIA
名称: 40220
链接:http://secunia.com/advisories/40220
来源: CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple
名称: CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple-SA-2010-06-15-1
链接:http://lists.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/archives/security-announce/2010//Jun/msg00001.HTML
受影响实体
- CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Mac_os_x_server:10.6.0
- CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Mac_os_x_server:10.6.1
- CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Mac_os_x_server:10.6.2
- CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Mac_os_x_server:10.6.3
- CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Mac_os_x:10.6.3
补丁
- Security Update 2010-004 (Leopard-Server)
- Mac OS X v10.6.4 Update Mac mini (Mid 2010)
- Mac OS X Server v10.6.4 Update Mac mini (Mid 2010)
- Mac OS X v10.6.4 Update (Combo)
- Mac OS X Server v10.6.4 Update (Combo)
评论