Mac OS X Security Update Fixes Multiple Vulnerabilities - Secunia Advisories - Vulnerability Intelligence

Home > Vulnerability Intelligence > Secunia Advisories > Mac OS X Security Update Fixes Multiple Vulnerabilities

Secunia Advisories

Advisories

Advisories by Product

Business Solutions Restricted

Partner Solutions Restricted

About

Mac OS X Security Update Fixes Multiple Vulnerabilities
Secunia Advisory:	SA19064	Advisory Toolbox: Issue ticket Save in to-do list Mark as handled Exploit information Download as PDF Review actions Add comment
Release Date:	2006-03-02
Last Update:	2006-03-06
Popularity:	20,161 views

Critical:	Extremely critical
Impact:	Security Bypass Cross Site Scripting Privilege escalation DoS System access
Where:	From remote
Solution Status:	Vendor Patch

OS:	Apple Macintosh OS X

Subscribe:	Instant alerts on relevant vulnerabilities

CVE reference:	CVE-2005-2713 CVE-2005-2714 CVE-2005-3319 CVE-2005-3353 CVE-2005-3391 CVE-2005-3392 CVE-2005-3706 CVE-2005-3712 CVE-2005-4217 CVE-2005-4504 CVE-2006-0383 CVE-2006-0384 CVE-2006-0386 CVE-2006-0387 CVE-2006-0388 CVE-2006-0389 CVE-2006-0390 CVE-2006-0391 CVE-2006-0394 CVE-2006-0395

Description: Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities. 1) Various security issues exist in the PHP Apache module and scripting environment. For more information: SA17371 2) An error in automount makes it possible for malicious file servers to cause a vulnerable system to mount file systems with reserved names, which can cause a DoS (Denial of Service) or potentially allow arbitrary code execution. 3) An input validation error in the BOM framework when unpacking certain archives can be exploited to cause files to be unpacked to arbitrary locations and overwrite files via directory traversal attacks. 4) The "passwd" program, when used with the "-i" parameter, allows the creation of files in arbitrary locations with "root" privileges. The created file can potentially have insecure file permissions due to "passwd" failing to set the umask. This can be exploited via symlink attacks to create or overwrite arbitrary files. 5) User directories are insecurely mounted when a FileVault image is created, which may allow unauthorised access to files. 6) An error in IPSec when handling certain error conditions can be exploited to cause a DoS against VPN connections. 7) An integer overflow error in the "vm_allocate()" syscall in the LibSystem component can be exploited by malicious people to cause a heap-based buffer overflow via applications when requesting large amounts of memory. This can potentially be exploited to execute arbitrary code in the context of a vulnerable application. 8) The "Download Validation" in the Mail component fails to warn users about unsafe file types when an e-mail attachment is double-clicked. 9) In certain cases a Perl program may fail to drop privileges. For more information: SA17922 10) A boundary error in rsync can be exploited by authenticated users to cause a heap-based buffer overflow when it's allowed to transfer extended attributes. This can be exploited to crash the rsync service or execute arbitrary code. 11) A boundary error in WebKit's handling of certain HTML can be exploited to cause a heap-based buffer overflow. This can be exploited via a malicious web site to execute arbitrary code on a user's system. 12) A boundary error in Safari when parsing JavaScript can be exploited to cause a stack-based buffer overflow and allows execution of arbitrary code when a malicious web page including specially crafted JavaScript is viewed. 13) An error in Safari's security model when handling HTTP redirection can be exploited to execute JavaScript in the local domain via a specially crafted web site. 14) An error in Safari / LaunchServices may cause a malicious application to appear as a safe file type. This may cause a malicious file to be executed automatically when the "Open safe files after downloading" option is enabled. This vulnerability is related to: SA18963 15) An input validation error in the Syndication (Safari RSS) component can be exploited to conduct cross-site scripting attacks when subscribing to malicious RSS content. Solution: Apply Security Update 2006-001. Mac OS X 10.4.5 (PPC): http://www.apple.com/support/downloads/securityupdate2006001macosx1045ppc.html Mac OS X 10.4.5 Client (Intel): http://www.apple.com/support/download...date2006001macosx1045clientintel.html Mac OS X 10.3.9 Client: http://www.apple.com/support/downloads/securityupdate20060011039client.html Mac OS X 10.3.9 Server: http://www.apple.com/support/downloads/securityupdate20060011039server.html Provided and/or discovered by: 3) The vendor credits Stéphane Kardas, CERTA. The vulnerability was also discovered by an anonymous person and reported via iDEFENSE. 4) Vade 79 (the vendor also credits Ilja van Sprundel). 6) The vendor credits OUSPG from the University of Oulu, NISCC, and CERT-FI. 7) The vendor credits Neil Archibald, Suresec LTD. 10) The vendor credits Jan-Derk Bakker. 11) The vendor credits Suresec LTD. Changelog: 2006-03-03: Added additional information from iDEFENSE. 2006-03-06: Added additional information from Suresec LTD. Updated "Description" and "Original Advisory" sections. Original Advisory: Apple: http://docs.info.apple.com/article.html?artnum=303382 Vade79: http://fakehalo.us/xosx-passwd.pl iDEFENSE: http://www.idefense.com/intelligence/vulnerabilities/display.php?id=399 http://www.idefense.com/intelligence/vulnerabilities/display.php?id=400 Suresec LTD: http://www.suresec.org/advisories/adv10.pdf http://www.suresec.org/advisories/adv11.pdf Other References: SA18963: http://secunia.com/advisories/18963/ SA17922: http://secunia.com/advisories/17922/ SA17371: http://secunia.com/advisories/17371/

Track this Secunia Advisory
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released. Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.

About this Secunia Advisory
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise. Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.

Latest Advisories

Today

New advisories:	6
New vulnerabilities:	7
Updated advisories:	11

Moderately // 21 views

MemHT Portal "stats_res" SQL Injection Vulnerability

Less // 36 views

libpng "png_push_read_zTXt( )" Off-By-One Vulnerability

Moderately // 33 views

phpAdultSite CMS SQL Injection And Cross-Site Scripting

Moderately // 52 views

Simple Machines Forum Password Reset Vulnerability

Moderately // 27 views

Gentoo update for courier-authlib

Less // 82 views

Linux Kernel "listxattr" Memory Corruption and CHRP Denial of Service

5th Sep, 2008

New advisories:	14
New vulnerabilities:	18
Updated advisories:	22

Less // 409 views

Netgear WN802T Wireless Access Point Two Vulnerabilities

Less // 317 views

Fedora update for xastir

Less // 408 views

XASTIR Insecure Temporary Files

Less // 336 views

Fedora update for samba

Solutions | More...

Send Feedback to Secunia
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com. Ideas, suggestions, and other feedback are most welcome.