Mac OS X Security Update Fixes Multiple Vulnerabilities - Secunia Advisories - Vulnerability Intelligence

Home > Vulnerability Intelligence > Secunia Advisories > Mac OS X Security Update Fixes Multiple Vulnerabilities

Secunia Advisories

Advisories

Advisories by Product

Business Solutions Restricted

Partner Solutions Restricted

About

Mac OS X Security Update Fixes Multiple Vulnerabilities
Secunia Advisory:	SA24479	Advisory Toolbox: Issue ticket Save in to-do list Mark as handled Exploit information Download as PDF Review actions Add comment
Release Date:	2007-03-14
Last Update:	2007-03-16
Popularity:	14,128 views

Critical:	Highly critical
Impact:	Security Bypass Cross Site Scripting Manipulation of data Exposure of sensitive information Privilege escalation DoS System access
Where:	From remote
Solution Status:	Vendor Patch

OS:	Apple Macintosh OS X

Subscribe:	Instant alerts on relevant vulnerabilities

CVE reference:	CVE-2005-2959 CVE-2006-0225 CVE-2006-0300 CVE-2006-1516 CVE-2006-1517 CVE-2006-2753 CVE-2006-3081 CVE-2006-3469 CVE-2006-4031 CVE-2006-4226 CVE-2006-4829 CVE-2006-4924 CVE-2006-5051 CVE-2006-5052 CVE-2006-5330 CVE-2006-5679 CVE-2006-5836 CVE-2006-6061 CVE-2006-6062 CVE-2006-6097 CVE-2006-6129 CVE-2006-6130 CVE-2006-6173 CVE-2007-0229 CVE-2007-0236 CVE-2007-0267 CVE-2007-0299 CVE-2007-0318 CVE-2007-0463 CVE-2007-0467 CVE-2007-0588 CVE-2007-0719 CVE-2007-0720 CVE-2007-0721 CVE-2007-0722 CVE-2007-0723 CVE-2007-0724 CVE-2007-0728 CVE-2007-0726 CVE-2007-0730 CVE-2007-0731 CVE-2007-0733 CVE-2007-1071

Description: Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities. 1) A boundary error exists in the handling of embedded ColorSync profiles. This can be exploited by malicious people to cause a stack based buffer overflow by enticing a user to open a specially crafted image. Successful exploitation may allow execution of arbitrary code. 2) An error in Crash Reporter can be exploited by a process with admin privileges to write to arbitrary files with root privileges. 3) An unspecified error in CUPS can be exploited to prevent other requests from being served via a partially negotiated SSL connection. 4) An unspecified error in diskimages-helper can be exploited by malicious people to cause a memory corruption via a specially crafted disk image and may allow execution of arbitrary code. 5) An integer overflow in the handler for AppleSingleEncoding disk images can potentially be exploited by malicious people to execute arbitrary code by tricking a user to mount a specially crafted disk image. 6) Various errors exist in the processing of disk images, which can be exploited to gain escalated privileges, cause a DoS (Denial of Service), or to compromise a user's system. For more information: SA22736 SA23012 SA23703 SA23721 SA23725 7) An unspecified error in DS Plug-Ins can be exploited by malicious users to change the local root password. 8) An error in Flash Player can be exploited by malicious people to bypass certain restrictions. For more information: SA22467 9) Multiple errors in GNU Tar can be exploited by malicious people to cause a DoS, overwrite arbitrary files, or to compromise a vulnerable system. For more information: SA18973 SA23115 10) An error in the handling of HFS+ file systems can be exploited by malicious people to cause a DoS. For more information: SA23742 11) An error in the IOKit HID interface can be exploited by malicious, local users to capture console keystrokes from other users. 12) An integer overflow error in the handling of GIF files in ImageIO can potentially be exploited by malicious people to execute arbitrary code by tricking a users to open a specially crafted GIF file. NOTE: Systems prior to Mac OS X v10.4 are not affected. 13) An error in the handling of RAW images can be exploited by malicious people to cause a memory corruption and may allow execution of arbitrary code by tricking a user to open a specially crafted RAW image. NOTE: Systems prior to Mac OS X v10.4 are not affected. 14) An error in the kernel can be exploited by malicious, local users to cause a DoS. For more information: SA22808 15) An error in the kernel can be exploited by malicious, local users to cause a DoS or potentially gain escalated privileges. For more information: SA23088 16) An error in the kernel can be exploited by malicious, local users to gain escalated privileges. For more information: SA23120 17) Some vulnerabilities in MySQL can be exploited by malicious users to disclose potentially sensitive information, bypass certain security restrictions, cause a DoS, and compromise a vulnerable system, and by malicious people to conduct SQL injection attacks For more information: SA19929 SA20365 SA21259 SA21506 18) Errors in the AppleTalk protocol handler can be exploited by malicious, local users to cause a DoS or potentially gain escalated privileges. For more information: SA23134 SA23708 19) An error in the handling of SSH key generation in OpenSSH can be exploited by malicious people to destroy established trust between SSH hosts. Systems that have already enabled SSH and rebooted at least once are not vulnerable to this issue. 20) Errors in OpenSSH can be exploited by malicious, local users to perform certain actions with escalated privileges, and by malicious people to cause a DoS or potentially compromise a vulnerable system. For more information: SA18579 SA22091 SA22173 21) An error in the print system can be exploited by malicious, local users to overwrite arbitrary files with system privileges. 22) An error in Apple QuickDraw can be exploited by malicious people to cause a heap based buffer overflow and may allow execution of arbitrary code via a specially crafted PICT file. 23) An error in Apple QuickDraw can be exploited by malicious people to cause a DoS. For more information: SA23859 24) An error in servermgrd can be exploited by malicious people to access Server Manager without valid credentials 25) A boundary error in SMB File Server can be exploited by malicious users to cause stack based buffer overflow, which results in a DoS or potentially in arbitrary code execution. 26) A format string error in Software Update can be exploited by malicious people to execute arbitrary code by tricking a user to open a specially crafted Software Update Catalog. 27) An error in sudo can be exploited by malicious, local users to gain escalated privileges. For more information: SA17318 28) An error in WebLog can be exploited by malicious people to conduct cross-site scripting attacks. For more information: SA21935 Solution: Update to Mac OS X 10.4.9 or install Security Update 2007-003: Security Update 2007-003 (10.3.9 Client): http://www.apple.com/support/downloads/securityupdate20070031039client.html Security Update 2007-003 (10.3.9 Server): http://www.apple.com/support/downloads/securityupdate20070031039server.html Mac OS X Server 10.4.9 Update (PPC): http://www.apple.com/support/downloads/macosxserver1049updateppc.html Mac OS X 10.4.9 Combo Update (PPC): http://www.apple.com/support/downloads/macosx1049comboupdateppc.html Mac OS X 10.4.9 Combo Update (Intel): http://www.apple.com/support/downloads/macosx1049comboupdateintel.html Mac OS X 10.4.9 Update (PPC): http://www.apple.com/support/downloads/macosx1049updateppc.html Mac OS X 10.4.9 Update (Intel): http://www.apple.com/support/downloads/macosx1049updateintel.html Mac OS X Server 10.4.9 Update (Universal): http://www.apple.com/support/downloads/macosxserver1049updateuniversal.html Mac OS X Server 10.4.9 Combo Update (Universal): http://www.apple.com/support/downloads/macosxserver1049comboupdateuniversal.html Mac OS X Server 10.4.9 Combo Update (PPC): http://www.apple.com/support/downloads/macosxserver1049comboupdateppc.html Provided and/or discovered by: The vendor credits: 1, 12) Tom Ferris, Security-Protocols 2) KF 11) Andrew Garber of University of Victoria, Alex Harper, and Michael Evans 13) Luke Church, University of Cambridge 19) Jeff Mccune, The Ohio State University 22) Tom Ferris, Security-Protocols and Mike Price, McAfee AVERT Labs 25) Cameron Kay of Massey University, New Zealand 26) Kevin Finisterre, DigitalMunition Changelog: 2007-03-15: Added links to US-CERT. 2007-03-16: Added links to US-CERT. Original Advisory: Apple: http://docs.info.apple.com/article.html?artnum=305214 MOAB: 2) http://projects.info-pull.com/moab/MOAB-28-01-2007.html 26) http://projects.info-pull.com/moab/MOAB-24-01-2007.html Other References: SA17318: http://secunia.com/advisories/17318/ SA18579: http://secunia.com/advisories/18579/ SA18973: http://secunia.com/advisories/18973/ SA19929: http://secunia.com/advisories/19929/ SA20365: http://secunia.com/advisories/20365/ SA21259: http://secunia.com/advisories/21259/ SA21506: http://secunia.com/advisories/21506/ SA21935: http://secunia.com/advisories/21935/ SA22091: http://secunia.com/advisories/22091/ SA22173: http://secunia.com/advisories/22173/ SA22467: http://secunia.com/advisories/22467/ SA22736: http://secunia.com/advisories/22736/ SA22808: http://secunia.com/advisories/22808/ SA23012: http://secunia.com/advisories/23012/ SA23088: http://secunia.com/advisories/23088/ SA23115: http://secunia.com/advisories/23115/ SA23120: http://secunia.com/advisories/23120/ SA23134: http://secunia.com/advisories/23134/ SA23703: http://secunia.com/advisories/23703/ SA23708: http://secunia.com/advisories/23708/ SA23721: http://secunia.com/advisories/23721/ SA23725: http://secunia.com/advisories/23725/ SA23742: http://secunia.com/advisories/23742/ SA23859: http://secunia.com/advisories/23859/ US-CERT VU#346656: http://www.kb.cert.org/vuls/id/346656 US-CERT VU#363112: http://www.kb.cert.org/vuls/id/363112 US-CERT VU#396820: http://www.kb.cert.org/vuls/id/396820 US-CERT VU#449440: http://www.kb.cert.org/vuls/id/449440 US-CERT VU#557064: http://www.kb.cert.org/vuls/id/557064 US-CERT VU#559444: http://www.kb.cert.org/vuls/id/559444 US-CERT VU#873868: http://www.kb.cert.org/vuls/id/873868 US-CERT VU#515792: http://www.kb.cert.org/vuls/id/515792 US-CERT VU#124280: http://www.kb.cert.org/vuls/id/124280

Track this Secunia Advisory
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released. Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.

About this Secunia Advisory
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise. Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.

Latest Advisories

5th Sep, 2008

New advisories:	14
New vulnerabilities:	18
Updated advisories:	22

Less // 298 views

Netgear WN802T Wireless Access Point Two Vulnerabilities

Less // 239 views

Fedora update for xastir

Less // 301 views

XASTIR Insecure Temporary Files

Less // 243 views

Fedora update for samba

Less // 248 views

Fedora update for bitlbee

Less // 653 views

3Com Wireless 8760 Access Point HTTP Request Processing Denial of Service

Moderately // 534 views

CS-Cart "cs_cookies" SQL Injection Vulnerability

Less // 619 views

Drupal Content Construction Kit Script Insertion Vulnerabilities

Less // 610 views

HP OpenView Select Identity Connectors Information Disclosure

Moderately // 492 views

rPath update for libtiff

Solutions | More...

Send Feedback to Secunia
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com. Ideas, suggestions, and other feedback are most welcome.