Apple Safari Remote Directory Traversal Vulnerability
BID:16926
Info
Apple Safari Remote Directory Traversal Vulnerability
| Bugtraq ID: | 16926 |
| Class: | Input Validation Error |
| CVE: |
CVE-2005-3702 |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 29 2005 12:00AM |
| Updated: | May 06 2008 03:25AM |
| Credit: | Discovered by an unknown researcher. |
| Vulnerable: |
Apple Mac OS X Server 10.4.3 Apple Mac OS X Server 10.4.2 Apple Mac OS X Server 10.4.1 Apple Mac OS X Server 10.4 Apple Mac OS X Server 10.3.9 Apple Mac OS X Server 10.3.8 Apple Mac OS X Server 10.3.7 Apple Mac OS X Server 10.3.6 Apple Mac OS X Server 10.3.5 Apple Mac OS X Server 10.3.4 Apple Mac OS X Server 10.3.3 Apple Mac OS X Server 10.3.2 Apple Mac OS X Server 10.3.1 Apple Mac OS X Server 10.3 Apple Mac OS X 10.4.3 Apple Mac OS X 10.4.2 Apple Mac OS X 10.4.1 Apple Mac OS X 10.4 Apple Mac OS X 10.3.9 Apple Mac OS X 10.3.8 Apple Mac OS X 10.3.7 Apple Mac OS X 10.3.6 Apple Mac OS X 10.3.5 Apple Mac OS X 10.3.4 Apple Mac OS X 10.3.3 Apple Mac OS X 10.3.2 Apple Mac OS X 10.3.1 Apple Mac OS X 10.3 |
| Not Vulnerable: | |
Discussion
Apple Safari Remote Directory Traversal Vulnerability
Safari is prone to a remote directory-traversal vulnerability.
The vulnerability presents itself when a user tries to download a file from a remote location and the file name is excessively long.
NOTE: This issue was previously discussed in BID 15647 (Apple Mac OS X Security Update 2005-009 Multiple Vulnerabilities), but has been assigned its own record to better document the vulnerability.
Safari is prone to a remote directory-traversal vulnerability.
The vulnerability presents itself when a user tries to download a file from a remote location and the file name is excessively long.
NOTE: This issue was previously discussed in BID 15647 (Apple Mac OS X Security Update 2005-009 Multiple Vulnerabilities), but has been assigned its own record to better document the vulnerability.
Exploit / POC
Apple Safari Remote Directory Traversal Vulnerability
To exploit this issue, an attacker must trick a vicitm into downloading a specific file.
To exploit this issue, an attacker must trick a vicitm into downloading a specific file.
Solution / Fix
Apple Safari Remote Directory Traversal Vulnerability
Solution:
Apple has released advisory APPLE-SA-2005-11-29 and fixes to address this issue.
Apple Mac OS X Server 10.3
Apple Mac OS X 10.3
Apple Mac OS X Server 10.3.1
Apple Mac OS X 10.3.1
Apple Mac OS X 10.3.2
Apple Mac OS X Server 10.3.2
Apple Mac OS X Server 10.3.3
Apple Mac OS X 10.3.3
Apple Mac OS X Server 10.3.4
Apple Mac OS X 10.3.4
Apple Mac OS X Server 10.3.5
Apple Mac OS X 10.3.5
Apple Mac OS X 10.3.6
Apple Mac OS X Server 10.3.6
Apple Mac OS X Server 10.3.7
Apple Mac OS X 10.3.7
Apple Mac OS X Server 10.3.8
Apple Mac OS X 10.3.8
Apple Mac OS X 10.3.9
Apple Mac OS X Server 10.3.9
Apple Mac OS X Server 10.4
Apple Mac OS X 10.4
Apple Mac OS X Server 10.4.1
Apple Mac OS X 10.4.1
Apple Mac OS X 10.4.2
Apple Mac OS X Server 10.4.2
Apple Mac OS X Server 10.4.3
Apple Mac OS X 10.4.3
Solution:
Apple has released advisory APPLE-SA-2005-11-29 and fixes to address this issue.
Apple Mac OS X Server 10.3
-
Apple SecUpdSrvr2005-009Pan.dmg
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=08841&cat= 1&platform=osx&method=sa/
Apple Mac OS X 10.3
-
Apple SecUpd2005-009Pan.dmg
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=08840&cat= 1&platform=osx&method=sa/
Apple Mac OS X Server 10.3.1
-
Apple SecUpdSrvr2005-009Pan.dmg
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=08841&cat= 1&platform=osx&method=sa/
Apple Mac OS X 10.3.1
-
Apple SecUpd2005-009Pan.dmg
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=08840&cat= 1&platform=osx&method=sa/
Apple Mac OS X 10.3.2
-
Apple SecUpd2005-009Pan.dmg
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=08840&cat= 1&platform=osx&method=sa/
Apple Mac OS X Server 10.3.2
-
Apple SecUpdSrvr2005-009Pan.dmg
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=08841&cat= 1&platform=osx&method=sa/
Apple Mac OS X Server 10.3.3
-
Apple SecUpdSrvr2005-009Pan.dmg
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=08841&cat= 1&platform=osx&method=sa/
Apple Mac OS X 10.3.3
-
Apple SecUpd2005-009Pan.dmg
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=08840&cat= 1&platform=osx&method=sa/
Apple Mac OS X Server 10.3.4
-
Apple SecUpdSrvr2005-009Pan.dmg
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=08841&cat= 1&platform=osx&method=sa/
Apple Mac OS X 10.3.4
-
Apple SecUpd2005-009Pan.dmg
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=08840&cat= 1&platform=osx&method=sa/
Apple Mac OS X Server 10.3.5
-
Apple SecUpdSrvr2005-009Pan.dmg
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=08841&cat= 1&platform=osx&method=sa/
Apple Mac OS X 10.3.5
-
Apple SecUpd2005-009Pan.dmg
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=08840&cat= 1&platform=osx&method=sa/
Apple Mac OS X 10.3.6
-
Apple SecUpd2005-009Pan.dmg
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=08840&cat= 1&platform=osx&method=sa/
Apple Mac OS X Server 10.3.6
-
Apple SecUpdSrvr2005-009Pan.dmg
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=08841&cat= 1&platform=osx&method=sa/
Apple Mac OS X Server 10.3.7
-
Apple SecUpdSrvr2005-009Pan.dmg
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=08841&cat= 1&platform=osx&method=sa/
Apple Mac OS X 10.3.7
-
Apple SecUpd2005-009Pan.dmg
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=08840&cat= 1&platform=osx&method=sa/
Apple Mac OS X Server 10.3.8
-
Apple SecUpdSrvr2005-009Pan.dmg
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=08841&cat= 1&platform=osx&method=sa/
Apple Mac OS X 10.3.8
-
Apple SecUpd2005-009Pan.dmg
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=08840&cat= 1&platform=osx&method=sa/
Apple Mac OS X 10.3.9
-
Apple SecUpd2005-009Pan.dmg
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=08840&cat= 1&platform=osx&method=sa/
Apple Mac OS X Server 10.3.9
-
Apple SecUpdSrvr2005-009Pan.dmg
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=08841&cat= 1&platform=osx&method=sa/
Apple Mac OS X Server 10.4
-
Apple SecUpdSrvr2005-009Ti.dmg
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=08839&cat= 1&platform=osx&method=sa/SecUpdSrvr2005-009Ti.dmg
Apple Mac OS X 10.4
-
Apple SecUpd2005-009Ti.dmg
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=08835&cat= 1&platform=osx&method=sa/SecUpd2005-009Ti.dmg
Apple Mac OS X Server 10.4.1
-
Apple SecUpdSrvr2005-009Ti.dmg
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=08839&cat= 1&platform=osx&method=sa/SecUpdSrvr2005-009Ti.dmg
Apple Mac OS X 10.4.1
-
Apple SecUpd2005-009Ti.dmg
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=08835&cat= 1&platform=osx&method=sa/SecUpd2005-009Ti.dmg
Apple Mac OS X 10.4.2
-
Apple SecUpd2005-009Ti.dmg
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=08835&cat= 1&platform=osx&method=sa/SecUpd2005-009Ti.dmg
Apple Mac OS X Server 10.4.2
-
Apple SecUpdSrvr2005-009Ti.dmg
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=08839&cat= 1&platform=osx&method=sa/SecUpdSrvr2005-009Ti.dmg
Apple Mac OS X Server 10.4.3
-
Apple SecUpdSrvr2005-009Ti.dmg
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=08839&cat= 1&platform=osx&method=sa/SecUpdSrvr2005-009Ti.dmg
Apple Mac OS X 10.4.3
References
Apple Safari Remote Directory Traversal Vulnerability
References:
References: