漏洞起因
设计错误
影响系统
Apple Mac OS X Server 10.5.6
Apple Mac OS X Server 10.5.5
Apple Mac OS X Server 10.5.4
Apple Mac OS X Server 10.5.3
Apple Mac OS X Server 10.5.2
Apple Mac OS X Server 10.5.1
Apple Mac OS X Server 10.4.11
Apple Mac OS X Server 10.4.11
Apple Mac OS X Server 10.4.10
Apple Mac OS X Server 10.4.9
Apple Mac OS X Server 10.4.8
Apple Mac OS X Server 10.4.7
Apple Mac OS X Server 10.4.6
Apple Mac OS X Server 10.4.5
Apple Mac OS X Server 10.4.4
Apple Mac OS X Server 10.4.3
Apple Mac OS X Server 10.4.2
Apple Mac OS X Server 10.4.1
Apple Mac OS X Server 10.4
Apple Mac OS X Server 10.5
Apple Mac OS X 10.5.6
Apple Mac OS X 10.5.5
Apple Mac OS X 10.5.4
Apple Mac OS X 10.5.3
Apple Mac OS X 10.5.2
Apple Mac OS X 10.5.1
Apple Mac OS X 10.4.11
Apple Mac OS X 10.4.11
Apple Mac OS X 10.4.10
Apple Mac OS X 10.4.9
Apple Mac OS X 10.4.8
Apple Mac OS X 10.4.7
Apple Mac OS X 10.4.6
Apple Mac OS X 10.4.5
Apple Mac OS X 10.4.4
Apple Mac OS X 10.4.3
Apple Mac OS X 10.4.2
Apple Mac OS X 10.4.1
Apple Mac OS X 10.4
Apple Mac OS X 10.5
不受影响系统
Apple Mac OS X Server 10.5.7
Apple Mac OS X 10.5.7
危害
远程攻击可以利用漏洞获得敏感信息。
攻击所需条件
攻击者必须构建恶意WEB页,诱使用户访问。
漏洞信息
Apple Mac OS是一款基于BSD的操作系统。
Apple Mac OS CFNetwork处理set-cookie头字段存在实现问题,部分COOKIE会以非加密连接方式发送,远程攻击可以利用漏洞获得敏感信息。
目前没有详细漏洞细节提供。
测试方法
厂商解决方案
升级程序:
Apple Mac OS X 10.5
Apple MacOSXUpdCombo10.5.7.dmg
http://support.apple.com/downloads/DL827/MacOSXUpdCombo10.5.7.dmg
Apple Mac OS X Server 10.5
Apple MacOSXServerUpdCombo10.5.7.dmg
http://support.apple.com/downloads/DL829/MacOSXServerUpdCombo10.5.7.dm g
Apple Mac OS X Server 10.5.1
Apple MacOSXServerUpdCombo10.5.7.dmg
http://support.apple.com/downloads/DL829/MacOSXServerUpdCombo10.5.7.dm g
Apple Mac OS X 10.5.1
Apple MacOSXUpdCombo10.5.7.dmg
http://support.apple.com/downloads/DL827/MacOSXUpdCombo10.5.7.dmg
Apple Mac OS X 10.5.2
Apple MacOSXUpdCombo10.5.7.dmg
http://support.apple.com/downloads/DL827/MacOSXUpdCombo10.5.7.dmg
Apple Mac OS X Server 10.5.2
Apple MacOSXServerUpdCombo10.5.7.dmg
http://support.apple.com/downloads/DL829/MacOSXServerUpdCombo10.5.7.dm g
Apple Mac OS X 10.5.3
Apple MacOSXUpdCombo10.5.7.dmg
http://support.apple.com/downloads/DL827/MacOSXUpdCombo10.5.7.dmg
Apple Mac OS X Server 10.5.3
Apple MacOSXServerUpdCombo10.5.7.dmg
http://support.apple.com/downloads/DL829/MacOSXServerUpdCombo10.5.7.dm g
Apple Mac OS X 10.5.4
Apple MacOSXUpdCombo10.5.7.dmg
http://support.apple.com/downloads/DL827/MacOSXUpdCombo10.5.7.dmg
Apple Mac OS X Server 10.5.4
Apple MacOSXServerUpdCombo10.5.7.dmg
http://support.apple.com/downloads/DL829/MacOSXServerUpdCombo10.5.7.dm g
Apple Mac OS X 10.5.5
Apple MacOSXUpdCombo10.5.7.dmg
http://support.apple.com/downloads/DL827/MacOSXUpdCombo10.5.7.dmg
Apple Mac OS X Server 10.5.5
Apple MacOSXServerUpdCombo10.5.7.dmg
http://support.apple.com/downloads/DL829/MacOSXServerUpdCombo10.5.7.dm g
Apple Mac OS X Server 10.5.6
Apple MacOSXServerUpd10.5.7.dmg
http://support.apple.com/downloads/DL828/MacOSXServerUpd10.5.7.dmg
Apple Mac OS X 10.5.6
Apple MacOSXUpd10.5.7.dmg
http://support.apple.com/downloads/DL826/MacOSXUpd10.5.7.dmg
漏洞提供者
Andrew Mortensen of the University of Michigan
0 条评论。