Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3617

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2008-3617
Last Modified 07 Mar 2011 10:11:03
Published 16 Sep 2008 07:00:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-3617

Summary

Remote Management and Screen Sharing in Apple Mac OS X 10.5 through 10.5.4, when used to set a password for a VNC viewer, displays additional input characters beyond the maximum password length, which might make it easier for attackers to guess passwords that the user believed were longer.

Vulnerable Systems

Operating System

  • Apple Mac Os X 10.5

  • Apple Mac Os X 10.5.1

  • Apple Mac Os X 10.5.2

  • Apple Mac Os X 10.5.3

  • Apple Mac Os X 10.5.4

  • Apple Mac Os X Server 10.5

  • Apple Mac Os X Server 10.5.1

  • Apple Mac Os X Server 10.5.2

  • Apple Mac Os X Server 10.5.3

  • Apple Mac Os X Server 10.5.4


References

CERT - TA08-260A

BID - 31189

APPLE - APPLE-SA-2008-09-15

XF - macos-vncviewer-weak-security(45174)

VUPEN - ADV-2008-2584

SECTRACK - 1020882

Related Patches

Apple 2008-09-15 Security Update 2008-006 (PPC)

Apple 2008-09-15 Security Update 2008-006 Server (PPC)

Apple 2008-09-15 Mac OS X 10.5.5 Update

Apple 2008-09-15 Mac OS X Server 10.5.5 Combo Update

Apple 2008-09-15 Mac OS X Server 10.5.5 Update

Apple 2008-09-15 Security Update 2008-006 (Intel)

Apple 2008-09-15 Mac OS X 10.5.5 Combo Update

Apple 2008-09-15 Security Update 2008-006 Server (Intel)


Last Updated: 27 May 2016 10:48:14