On Tue, 27 May 2008, security curmudgeon wrote: > No mention of CVE-2008-1035 in the [CORE] advisory other than the header > CVE name reference. BID seems to have split the three vulnerabilities, > but given two of them the same CVE. CVE does not have descriptions open > yet. The descriptions are below - for CVE-2008-2006, we merged on the rough criteria of "insufficient validation of a length field". > Could someone from CORE, SecurityFocus or CVE confirm if CVE-2008-1035 is > supposed to be in the mix, and if CVE-2008-2006 does correspond to two > of the vulnerabilities listed? CVE-2008-2006 intentionally corresponds to both. I am not sure where CORE got CVE-2008-1035 from - that number was part of a pool of numbers that were allocated to Apple, for them to assign to issues in Apple products (this makes them effectively a CNA; see http://cve.mitre.org/cve/cna.html for more info). CORE obtained CVE-2008-2006 and CVE-2008-2007 directly from MITRE. It's most likely that during CORE's collaboration with Apple, Apple might have given them CVE-2008-1035 from Apple's own pool, to cover one or more of those issues. This type of "reservation duplicate" happens periodically when both researcher/coordinator and vendor use CVEs. BUT - this is just a guess, either CORE or Apple would need to provide a more concrete answer. We are currently keeping CVE-2008-1035 blank until there's more clarity. - Steve ====================================================== Name: CVE-2008-2006 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2006 Reference: BUGTRAQ:20080521 CORE-2008-0126: Multiple vulnerabilities in iCal Reference: URL:http://www.securityfocus.com/archive/1/archive/1/492414/100/0/threaded Reference: MISC:http://www.coresecurity.com/?action=item&id=2219 Reference: BID:28632 Reference: URL:http://www.securityfocus.com/bid/28632 Reference: BID:28629 Reference: URL:http://www.securityfocus.com/bid/28629 Reference: FRSIRT:ADV-2008-1601 Reference: URL:http://www.frsirt.com/english/advisories/2008/1601 Apple iCal 3.0.1 on Mac OS X allows remote CalDAV servers, and user-assisted remote attackers, to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via a .ics file containing (1) a large 16-bit integer on a TRIGGER line, or (2) a large integer in a COUNT field on an RRULE line. NOTE: this might be a duplicate of CVE-2008-1035. ====================================================== Name: CVE-2008-2007 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2007 Reference: BUGTRAQ:20080521 CORE-2008-0126: Multiple vulnerabilities in iCal Reference: URL:http://www.securityfocus.com/archive/1/archive/1/492414/100/0/threaded Reference: MISC:http://www.coresecurity.com/?action=item&id=2219 Reference: BID:28633 Reference: URL:http://www.securityfocus.com/bid/28633 Reference: FRSIRT:ADV-2008-1601 Reference: URL:http://www.frsirt.com/english/advisories/2008/1601 Apple iCal 3.0.1 on Mac OS X allows remote CalDAV servers, and user-assisted remote attackers, to trigger memory corruption or possibly execute arbitrary code via an "ATTACH;VALUE=URI:S=osumi" line in a .ics file, which triggers a "resource liberation" bug.
