{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"Apple Mac 0S X versions v10.4.x.","product":{"name":"N/A","vendor":{"name":"Apple","scada":false}}},{"description":"Apple Mac OS X version v10.5.x ;","product":{"name":"N/A","vendor":{"name":"Apple","scada":false}}}],"affected_systems_content":null,"content":"## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s concernant le syst\u00e8me d'exploitation Apple Mac\nOS X ont \u00e9t\u00e9 identifi\u00e9es :\n\n-   le serveur AFP (Apple Filing Protocol) ne v\u00e9rifie pas correctement\n    la coh\u00e9rence d'acc\u00e8s entre r\u00e9pertoires et fichiers.\n-   le serveur Apache est mis \u00e0 jour en 2.0.63 pour les versions Mac OS\n    X Server v10.4.x ; nouvelle version qui corrige des vuln\u00e9rabilit\u00e9s\n    permettant des attaques par injection de code indirecte ;\n-   l'impression d'un document PDF sp\u00e9cialement construit par ATS peut\n    provoquer l'ex\u00e9cution de code arbitraire ;\n-   l'impression de documents via CUPS \u00e0 destination d'une imprimante\n    peut permettre sous certaines conditions de r\u00e9cup\u00e9rer des\n    informations sensibles, y compris si une protection par mot de passe\n    est d\u00e9ploy\u00e9e ;\n-   des vuln\u00e9rabilit\u00e9s dans le module Flash Player sont corrig\u00e9es (cf.\n    CERTA-2008-AVI-197) ;\n-   les vuln\u00e9rabilit\u00e9s d\u00e9taill\u00e9es dans l'alerte CERTA-2008-ALE-007\n    concernant iCal sont corrig\u00e9es ;\n-   etc.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 Apple pour l'obtention des correctifs\n(cf. section Documentation).\n","cves":[{"name":"CVE-2008-1574","url":"https://www.cve.org/CVERecord?id=CVE-2008-1574"},{"name":"CVE-2008-1032","url":"https://www.cve.org/CVERecord?id=CVE-2008-1032"},{"name":"CVE-2007-3847","url":"https://www.cve.org/CVERecord?id=CVE-2007-3847"},{"name":"CVE-2008-1572","url":"https://www.cve.org/CVERecord?id=CVE-2008-1572"},{"name":"CVE-2008-1655","url":"https://www.cve.org/CVERecord?id=CVE-2008-1655"},{"name":"CVE-2006-3747","url":"https://www.cve.org/CVERecord?id=CVE-2006-3747"},{"name":"CVE-2007-5000","url":"https://www.cve.org/CVERecord?id=CVE-2007-5000"},{"name":"CVE-2008-1575","url":"https://www.cve.org/CVERecord?id=CVE-2008-1575"},{"name":"CVE-2008-1031","url":"https://www.cve.org/CVERecord?id=CVE-2008-1031"},{"name":"CVE-2008-1571","url":"https://www.cve.org/CVERecord?id=CVE-2008-1571"},{"name":"CVE-2008-1027","url":"https://www.cve.org/CVERecord?id=CVE-2008-1027"},{"name":"CVE-2008-1577","url":"https://www.cve.org/CVERecord?id=CVE-2008-1577"},{"name":"CVE-2008-1576","url":"https://www.cve.org/CVERecord?id=CVE-2008-1576"},{"name":"CVE-2008-1035","url":"https://www.cve.org/CVERecord?id=CVE-2008-1035"},{"name":"CVE-2007-6612","url":"https://www.cve.org/CVERecord?id=CVE-2007-6612"},{"name":"CVE-2005-3357","url":"https://www.cve.org/CVERecord?id=CVE-2005-3357"},{"name":"CVE-2008-1573","url":"https://www.cve.org/CVERecord?id=CVE-2008-1573"},{"name":"CVE-2008-1036","url":"https://www.cve.org/CVERecord?id=CVE-2008-1036"},{"name":"CVE-2008-1028","url":"https://www.cve.org/CVERecord?id=CVE-2008-1028"},{"name":"CVE-2007-5267","url":"https://www.cve.org/CVERecord?id=CVE-2007-5267"},{"name":"CVE-2007-5268","url":"https://www.cve.org/CVERecord?id=CVE-2007-5268"},{"name":"CVE-2008-1033","url":"https://www.cve.org/CVERecord?id=CVE-2008-1033"},{"name":"CVE-2007-6019","url":"https://www.cve.org/CVERecord?id=CVE-2007-6019"},{"name":"CVE-2007-5275","url":"https://www.cve.org/CVERecord?id=CVE-2007-5275"},{"name":"CVE-2008-1030","url":"https://www.cve.org/CVERecord?id=CVE-2008-1030"},{"name":"CVE-2008-1578","url":"https://www.cve.org/CVERecord?id=CVE-2008-1578"},{"name":"CVE-2008-1034","url":"https://www.cve.org/CVERecord?id=CVE-2008-1034"},{"name":"CVE-2007-5269","url":"https://www.cve.org/CVERecord?id=CVE-2007-5269"},{"name":"CVE-2008-0177","url":"https://www.cve.org/CVERecord?id=CVE-2008-0177"},{"name":"CVE-2007-6243","url":"https://www.cve.org/CVERecord?id=CVE-2007-6243"},{"name":"CVE-2008-1579","url":"https://www.cve.org/CVERecord?id=CVE-2008-1579"},{"name":"CVE-2008-1580","url":"https://www.cve.org/CVERecord?id=CVE-2008-1580"},{"name":"CVE-2007-6359","url":"https://www.cve.org/CVERecord?id=CVE-2007-6359"},{"name":"CVE-2008-1654","url":"https://www.cve.org/CVERecord?id=CVE-2008-1654"},{"name":"CVE-2005-3352","url":"https://www.cve.org/CVERecord?id=CVE-2005-3352"},{"name":"CVE-2007-0071","url":"https://www.cve.org/CVERecord?id=CVE-2007-0071"},{"name":"CVE-2007-4465","url":"https://www.cve.org/CVERecord?id=CVE-2007-4465"},{"name":"CVE-2007-6388","url":"https://www.cve.org/CVERecord?id=CVE-2007-6388"},{"name":"CVE-2007-1863","url":"https://www.cve.org/CVERecord?id=CVE-2007-1863"}],"links":[{"title":"Alerte CERTA-2008-ALE-007, \u00ab Multiples vuln\u00e9rabilit\u00e9s dans    Apple Ical \u00bb, du 23 mai 2008 :","url":"http://www.certa.ssi.gouv.fr/site/CERTA-2008-ALE-007/"},{"title":"D\u00e9tails de la mise \u00e0 jour de s\u00e9curit\u00e9 2008-003 / Mac OS X    10.5.3 :","url":"http://support.apple.com/kb/HT1897"},{"title":"Bulletin de s\u00e9curit\u00e9 Apple 106704 du 28 mai 2008 :","url":"http://docs.info.apple.com/article.html?artnum=106704"},{"title":"Tableau r\u00e9capitulatif des mises \u00e0 jour de s\u00e9curit\u00e9 pour Mac    OS X :","url":"http://support.apple.com/kb/HT1222?viewlocale=fr_FR"}],"reference":"CERTA-2008-AVI-278","revisions":[{"description":"version initiale.","revision_date":"2008-05-29T00:00:00.000000"}],"risks":[{"description":"D\u00e9ni de service \u00e0 distance"},{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"},{"description":"Contournement de la politique de s\u00e9curit\u00e9"},{"description":"\u00c9l\u00e9vation de privil\u00e8ges"}],"summary":"Plusieurs vuln\u00e9rabilit\u00e9s concernant le syst\u00e8me d'exploitation Apple Mac\nOS X ont \u00e9t\u00e9 identifi\u00e9es. L'exploitation de ces derni\u00e8res peut avoir\nplusieurs cons\u00e9quences, dont des ex\u00e9cutions de codes arbitraires \u00e0\ndistance.\n","title":"Mutliples vuln\u00e9rabilit\u00e9s dans Apple Mac OS X","vendor_advisories":[{"published_at":null,"title":"Mises \u00e0 jour de s\u00e9curit\u00e9 Apple 2008-003 du 28 mai 2008","url":null}]}