Intrusion Prevention

Apple.Safari.SSH.URI.Processing.Flaw

Description

This indicates that an attacker attempted to exploit a processing flaw in Apple Safari SSH.
The Safari web browser contains a vulnerability that could allow an attacker to execute abritrary code. The flaw lies in the implementation of the SSH protocol for the Mac OS X. The protocol can be invoked through a web browser. An attacker can craft an HTML link such that if a user clicks on it, it will invoke code to be executed through the SSH client.

Affected Products

Apple Mac OS X Server 10.3.3 and earlier versions
Apple Mac OS X 10.3.3 and earlier versions

Impact

System compromise: remote code execution.

Recommended Actions

Apply appropriate patch from the vendor or upgrade to a non-vulnerable version if available.

CVE References

CVE-2004-0489