漏洞信息详情

CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Mac OS X iChat操作目录遍历漏洞

• CNNVD编号：CNNVD-201006-286
• 危害等级： 中危
  
• CVE编号： CVE-2010-1374
• 漏洞类型： 路径遍历
• 发布时间： 2010-06-21
• 威胁类型： 远程
• 更新时间： 2010-06-21
• 厂        商： CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple
• 漏洞来源： CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple; Adrian 'pag...

漏洞简介

CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Mac OS X是苹果家族电脑所使用的操作系统，Font Book是Mac OS X中所包括的字体管理工具。

CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Mac OS X的iChat操作目录遍历漏洞，当使用AIM时，远程攻击者可利用内联式影像转移操作的目录遍历序列创建任意文件。

漏洞公告

目前厂商已经发布了升级补丁以修复这个安全问题，补丁下载链接：

CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Mac OS X Server 10.6

CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple MacOSXServUpdCombo10.6.4.dmg

http://www.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/support/downloads/

CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Mac OS X 10.6

CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple MacOSXUpdCombo10.6.4.dmg

http://www.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/support/downloads/

CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Mac OS X Server 10.5.8

CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple SecUpdSrvr2010-004.dmg

http://www.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/support/downloads/

CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Mac OS X 10.5.8

CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple SecUpd2010-004.dmg

http://www.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/support/downloads/

CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Mac OS X Server 10.6.1

CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple MacOSXServUpdCombo10.6.4.dmg

http://www.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/support/downloads/

CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Mac OS X 10.6.1

CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple MacOSXUpdCombo10.6.4.dmg

http://www.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/support/downloads/

CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Mac OS X 10.6.2

CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple MacOSXUpdCombo10.6.4.dmg

http://www.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/support/downloads/

CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Mac OS X Server 10.6.2

CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple MacOSXServUpdCombo10.6.4.dmg

http://www.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/support/downloads/

CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Mac OS X 10.6.3

CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple MacOSXUpd10.6.4.dmg

http://www.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/support/downloads/

CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Mac OS X Server 10.6.3

CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple MacOSXServerUpd10.6.4.dmg

http://www.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/support/downloads/

参考网址

来源: BID

名称: 40871

链接:http://www.securityfocus.com/bid/40871

来源: support.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com

链接:http://support.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/kb/HT4188

来源: VUPEN

名称: ADV-2010-1481

链接:http://www.vupen.com/english/advisories/2010/1481

来源: SECTRACK

名称: 1024103

链接:http://securitytracker.com/id?1024103

来源: SECUNIA

名称: 40220

链接:http://secunia.com/advisories/40220

来源: CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple

名称: CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple-SA-2010-06-15-1

链接:http://lists.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/archives/security-announce/2010//Jun/msg00001.HTML

受影响实体

• CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Mac_os_x_server:10.6.0  
• CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Mac_os_x_server:10.6.1  
• CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Mac_os_x_server:10.6.2  
• CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Mac_os_x_server:10.6.3  
• CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Mac_os_x:10.6.3  

补丁

• Security Update 2010-004 (Leopard-Server)
• Mac OS X v10.6.4 Update Mac mini (Mid 2010)
• Mac OS X Server v10.6.4 Update Mac mini (Mid 2010)
• Mac OS X v10.6.4 Update (Combo)
• Mac OS X Server v10.6.4 Update (Combo)