Alert GCSA-08029 - Vulnerabilita' multiple in Apple Safari
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-08029
Data : 21 Marzo 2008
Titolo : Vulnerabilita' multiple in Apple Safari
******************************************************************
:: Descrizione del problema
Sono state identificate varie vulnerabilita' in Apple Safari per Mac
OS X e Windows. Tali vulnerabilita' possono essere sfruttate da un
aggressore remoto per aggirare alcune restrizioni di sicurezza,
condurre attachi di tipo cross-site scripting e compromettere un
sistema vulnerabile.
:: Software interessato:
Safari versioni 2.x
Safari versioni 3.x
:: Impatto
bypass di alcune restrizioni di sicurezza
attacchi di tipo cross-site scripting
compromissione di un sistema vulnerabile
esecuzione di codice arbitrario
autenticazione con credenziali basate sul furto di cookie
ottenimento di informazioni sensibili
crash dell'applicazione vulnerabile
:: Soluzioni
Aggiornare la versione 3.1 di Safari usando lo strumento 'Software
Update' o scaricarla da Apple Downloads:
http://www.apple.com/support/downloads/safari31.html
:: Riferimenti
About the security content of Safari 3.1
http://docs.info.apple.com/article.html?artnum=307563
FrSirt
http://www.frsirt.com/english/advisories/2008/0920
Secunia
http://secunia.com/advisories/29393/
US-CERT Technical Cyber Security Alert TA08-079A
http://www.us-cert.gov/cas/techalerts/TA08-079A.html
Security Focus
http://www.securityfocus.com/bid/28356
http://www.securityfocus.com/bid/28321
http://www.securityfocus.com/bid/28328
http://www.securityfocus.com/bid/28330
http://www.securityfocus.com/bid/28347
http://www.securityfocus.com/bid/28326
http://www.securityfocus.com/bid/28332
http://www.securityfocus.com/bid/28335
http://www.securityfocus.com/bid/28336
http://www.securityfocus.com/bid/28337
http://www.securityfocus.com/bid/28338
http://www.securityfocus.com/bid/28342
Mitre's CVE ID:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1002
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1003
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1004
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1005
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1006
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1007
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1008
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1009
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1010
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1011
-----BEGIN PGP SIGNATURE-----
iQCVAwUBR+PHT/OB+SpikaiRAQK/uwQAktTRi99H6Sebs1YFdMqVUuntsvLdWpcS
cpkyUbYhX03UMZBrPnGUCCKlX8R2QgzVr+RgSOEB5DCIK+ZnFA0p2RwEDGGOejKT
2fBa4t2Bi3kjRdQJXhO/KKynVR+Zzhtid51ys+IUK2olipBzGUWtq2toJuISX+vs
tjhG69a0YQM=
=HDzv
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-08029
Data : 21 Marzo 2008
Titolo : Vulnerabilita' multiple in Apple Safari
******************************************************************
:: Descrizione del problema
Sono state identificate varie vulnerabilita' in Apple Safari per Mac
OS X e Windows. Tali vulnerabilita' possono essere sfruttate da un
aggressore remoto per aggirare alcune restrizioni di sicurezza,
condurre attachi di tipo cross-site scripting e compromettere un
sistema vulnerabile.
:: Software interessato:
Safari versioni 2.x
Safari versioni 3.x
:: Impatto
bypass di alcune restrizioni di sicurezza
attacchi di tipo cross-site scripting
compromissione di un sistema vulnerabile
esecuzione di codice arbitrario
autenticazione con credenziali basate sul furto di cookie
ottenimento di informazioni sensibili
crash dell'applicazione vulnerabile
:: Soluzioni
Aggiornare la versione 3.1 di Safari usando lo strumento 'Software
Update' o scaricarla da Apple Downloads:
http://www.apple.com/support/downloads/safari31.html
:: Riferimenti
About the security content of Safari 3.1
http://docs.info.apple.com/article.html?artnum=307563
FrSirt
http://www.frsirt.com/english/advisories/2008/0920
Secunia
http://secunia.com/advisories/29393/
US-CERT Technical Cyber Security Alert TA08-079A
http://www.us-cert.gov/cas/techalerts/TA08-079A.html
Security Focus
http://www.securityfocus.com/bid/28356
http://www.securityfocus.com/bid/28321
http://www.securityfocus.com/bid/28328
http://www.securityfocus.com/bid/28330
http://www.securityfocus.com/bid/28347
http://www.securityfocus.com/bid/28326
http://www.securityfocus.com/bid/28332
http://www.securityfocus.com/bid/28335
http://www.securityfocus.com/bid/28336
http://www.securityfocus.com/bid/28337
http://www.securityfocus.com/bid/28338
http://www.securityfocus.com/bid/28342
Mitre's CVE ID:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1002
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1003
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1004
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1005
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1006
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1007
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1008
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1009
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1010
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1011
-----BEGIN PGP SIGNATURE-----
iQCVAwUBR+PHT/OB+SpikaiRAQK/uwQAktTRi99H6Sebs1YFdMqVUuntsvLdWpcS
cpkyUbYhX03UMZBrPnGUCCKlX8R2QgzVr+RgSOEB5DCIK+ZnFA0p2RwEDGGOejKT
2fBa4t2Bi3kjRdQJXhO/KKynVR+Zzhtid51ys+IUK2olipBzGUWtq2toJuISX+vs
tjhG69a0YQM=
=HDzv
-----END PGP SIGNATURE-----