Multiple vulnerabilities have been discovered in Apple Mac OS X, where some of the specified issues can be exploited to gain knowledge of sensitive information, cause a DoS (Denial of Service), and potentially compromise a vulnerable system.

1) An unspecified vulnerability exists in the CoreFoundation notification logging.

2) An unspecified vulnerability exists in the DiskArbitration when handling initialisation of writeable removable media.

3) An unspecified vulnerability in exists in IPSec while checking key exchanges.

4) An assert error in QuickTime Streaming Server can be exploited by malicious people to cause a DoS. See the following advisory for more information:
SA10956

5) An unspecified vulnerability exists in Safari when displaying URLs in the status bar.

6) Multiple vulnerabilities in tcpdump can potentially be exploited by malicious people to cause a DoS or compromise a vulnerable system. See the following advisory for more information:
SA10636

7) A format string error in the "option_error()" function in pppd when handling command line arguments can be exploited by malicious, local users to read arbitrary memory accessible by the process. This may potentially expose PAP/CHAP authentication credentials if a system runs as a PPP server.

Solution
Apply Security Update 2004-02-23.
Further details available to Secunia VIM customers

Provided and/or discovered by
1+2) aaron
7) Dave G. of @stake and Justin Tibbs of Secure Network Operations.

Changelog
Further details available to Secunia VIM customers

Original Advisory
@stake:
http://www.atstake.com/research/advisories/2004/a022304-1.txt

Other references
Further details available to Secunia VIM customers

Deep Links
Links available to Secunia VIM customers