Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0152

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2009-0152
Last Modified 16 May 2009 01:28:56
Published 13 May 2009 11:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2009-0152

Summary

iChat in Apple Mac OS X 10.5 before 10.5.7 disables SSL for AOL Instant Messenger (AIM) communication in certain circumstances that are inconsistent with the Require SSL setting, which allows remote attackers to obtain sensitive information by sniffing the network.

Vulnerable Systems

Operating System

  • Apple Mac Os X 10.5.0

  • Apple Mac Os X 10.5.1

  • Apple Mac Os X 10.5.2

  • Apple Mac Os X 10.5.3

  • Apple Mac Os X 10.5.4

  • Apple Mac Os X 10.5.5

  • Apple Mac Os X 10.5.6

  • Apple Mac Os X Server 10.5.0

  • Apple Mac Os X Server 10.5.1

  • Apple Mac Os X Server 10.5.2

  • Apple Mac Os X Server 10.5.3

  • Apple Mac Os X Server 10.5.4

  • Apple Mac Os X Server 10.5.5

  • Apple Mac Os X Server 10.5.6


References

CERT - TA09-133A

CONFIRM - http://support.apple.com/kb/HT3549

APPLE - APPLE-SA-2009-05-12

XF - macos-ichat-ssl-weak-security(50487)

VUPEN - ADV-2009-1297

SECTRACK - 1022212

BID - 34926

SECUNIA - 35074

Related Patches

Apple 2009-05-12 Mac OS X 10.5.7 Combo Update

Apple 2009-05-12 Mac OS X Server 10.5.7 Update

Apple 2009-05-12 Mac OS X 10.5.7 Update

Apple 2009-05-12 Mac OS X Server 10.5.7 Combo Update


Last Updated: 27 May 2016 10:50:08