CVE-2009-1699 Information

Description

The XSL stylesheet implementation in WebKit in Apple Safari before 4.0 iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle XML external entities which allows remote attackers to read arbitrary files via a crafted DTD as demonstrated by a file:///etc/passwd URL in an entity declaration related to an \XXE attack.\

Reference

http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://osvdb.org/54972 http://scary.beasts.org/security/CESA-2009-006.html http://scarybeastsecurity.blogspot.com/2009/06/apples-safari-4-fixes-local-file-theft.html http://secunia.com/advisories/35379 http://secunia.com/advisories/43068 http://support.apple.com/kb/HT3613 http://support.apple.com/kb/HT3639 http://www.securityfocus.com/bid/35260 http://www.securityfocus.com/bid/35321 http://www.ubuntu.com/usn/USN-857-1 http://www.vupen.com/english/advisories/2009/1522 http://www.vupen.com/english/advisories/2009/1621 http://www.vupen.com/english/advisories/2011/0212 https://www.exploit-db.com/exploits/8907