Mac OS X Security Update Fixes Multiple Vulnerabilities - Secunia Advisories - Vulnerability Intelligence

Mac OS X Security Update Fixes Multiple Vulnerabilities
Secunia Advisory:	SA13362	Advisory Toolbox: Issue ticket Save in to-do list Mark as handled Exploit information Download as PDF Review actions Add comment
Release Date:	2004-12-03
Last Update:	2005-02-17
Popularity:	21,783 views

Critical:	Highly critical
Impact:	Security Bypass Spoofing Exposure of sensitive information Privilege escalation DoS System access
Where:	From remote
Solution Status:	Vendor Patch

OS:	Apple Macintosh OS X

Subscribe:	Instant alerts on relevant vulnerabilities

CVE reference:	CVE-2003-0020 CVE-2003-0987 CVE-2004-0174 CVE-2004-0488 CVE-2004-0492 CVE-2004-0642 CVE-2004-0643 CVE-2004-0644 CVE-2004-0747 CVE-2004-0748 CVE-2004-0751 CVE-2004-0772 CVE-2004-0786 CVE-2004-0803 CVE-2004-0804 CVE-2004-0885 CVE-2004-0886 CVE-2004-0940 CVE-2004-1081 CVE-2004-1082 CVE-2004-1083 CVE-2004-1084 CVE-2004-1085 CVE-2004-1086 CVE-2004-1087 CVE-2004-1088 CVE-2004-1089 CVE-2004-1121 CVE-2004-1122 CVE-2004-1123

Description: Apple has issued a security update for Mac OS X, which fixes various vulnerabilities. 1) A vulnerability in the Apache "mod_digest_apple" authentication can be exploited by malicious people to conduct replay attacks. 2) Multiple vulnerabilities in Apache and mod_ssl can be exploited to inject potentially malicious characters into error logfiles, bypass certain security restrictions, gain escalated privileges, gain unauthorised access to other web sites, cause a DoS (Denial of Service), and potentially compromise a vulnerable system. For more information: SA8146 SA10789 SA11170 SA11534 SA11841 SA12787 SA12898 3) A security issue in Apache results in access to ".DS_Store" files and files starting with ".ht" not being fully blocked. The problem is that the Apache configuration blocks access in a case sensitive way, but the Apple HFS+ filesystem performs file access in a case insensitive way. 4) A security issue in Apache makes it possible to bypass the normal Apache file handlers and retrieve file data and resource fork content via HTTP. The problem is that the Apple HFS+ filesystem permits files to have multiple data streams. NOTE: This issue may also affect other products installed on the HFS+ filesystem. 5) Multiple vulnerabilities in Apache2 can be exploited by malicious people to cause a DoS or potentially compromise a system, or by malicious, local users to gain escalated privileges. For more information: SA12434 SA12540 6) A security issue in Appkit causes secure text fields to not enable secure input correctly in some circumstances. This allows other applications in the same window session to read the entered characters. 7) Multiple vulnerabilities in Appkit can potentially be exploited by malicious people to compromise a user's system or cause a DoS (Denial of Service). For more information: SA12818 8) A vulnerability in Cyrus IMAP when using Kerberos authentication can be exploited by malicious, authenticated users to access other mailboxes on the system. 9) A security issue in HIToolbox can be exploited by malicious users to quit applications in kiosk mode via a certain key combination. 10) Multiple vulnerabilities have been reported in Kerberos, where the most serious potentially can be exploited by malicious people to compromise a vulnerable system. For more information: SA12408 11) A vulnerability in Postfix when using CRAM-MD5 can be exploited by malicious users to send mails without being properly authenticated. The problem is that the credentials used to successfully authenticate a user can be re-used for a small time period, which can be exploited via replay attacks. 12) A vulnerability in PSNormalizer can potentially be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error when converting PostScript to PDF. 13) A vulnerability in QuickTime Streaming Server can be exploited by malicious people to cause a DoS via a specially crafted DESCRIBE request. 14) A weakness in Safari can be exploited by malicious people to trick users into visiting a malicious web site by obfuscating URLs. For more information: SA13047 15) A vulnerability in Safari can be exploited by malicious web sites to spoof dialog boxes. For more information: SA12892 16) A weakness in Terminal may result in the "Secure Keyboard Entry" menu setting erroneously looking like it is active when it's not. Solution: Apply Security Update 2004-12-02. Mac OS X 10.2.8 Client: http://www.apple.com/support/download...2_v_1_0_(Mac_OS_X_10_2_8_Client).html Mac OS X 10.2.8 Server: http://www.apple.com/support/download...2_v_1_0_(Mac_OS_X_10_2_8_Server).html Mac OS X 10.3.6 Client: http://www.apple.com/support/download...2_v_1_0_(Mac_OS_X_10_3_6_Client).html Mac OS X 10.3.6 Server: http://www.apple.com/support/download...2_v_1_0_(Mac_OS_X_10_3_6_Server).html Provided and/or discovered by: 4) NetSec 8) Johan Gradvall 9) Glenn Blauvelt 11) Victor Duchovni 13) Anonymous person via iDEFENSE 15) Secunia Research 16) Jonathan "Wolf" Rentzsch Changelog: 2005-02-17: Added note to #4 about other products potentially being affected. Original Advisory: iDEFENSE: http://idefense.com/application/poi/display?id=159&type=vulnerabilities Other References: SA8146: http://secunia.com/advisories/8146/ SA10789: http://secunia.com/advisories/10789/ SA11170: http://secunia.com/advisories/11170/ SA11534: http://secunia.com/advisories/11534/ SA11841: http://secunia.com/advisories/11841/ SA12408: http://secunia.com/advisories/12408/ SA12787: http://secunia.com/advisories/12787/ SA12818: http://secunia.com/advisories/12818/ SA12898: http://secunia.com/advisories/12898/ SA12434: http://secunia.com/advisories/12434/ SA12540: http://secunia.com/advisories/12540/ SA12892: http://secunia.com/advisories/12892/ SA13047: http://secunia.com/advisories/13047/

Track this Secunia Advisory
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released. Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.

About this Secunia Advisory
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise. Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.

Latest Advisories

Today

New advisories:	9
New vulnerabilities:	29
Updated advisories:	10

Moderately // 36 views

noName CMS "index.php" SQL Injection Vulnerabilities

Less // 117 views

Juniper Products Neighbor Discovery Protocol Neighbor Solicitation Vulnerability

Highly // 120 views

SUSE update for MozillaFirefox

Less // 131 views

HP-UX NFS/ONCplus Denial of Service Vulnerability

Not // 116 views

D-Bus "_dbus_validate_sign ature_with_reason()" Denial of Service

Highly // 116 views

iseemedia LPViewer ActiveX Control Multiple Buffer Overflow Vulnerabilities

Moderately // 132 views

IBM Lotus Quickr Security Issues and Denial of Service

Moderately // 106 views

Kwalbum "UploaditemsPage.php " File Upload Vulnerability

Moderately // 137 views

Debian update for lighttpd

6th Oct, 2008

New advisories:	19
New vulnerabilities:	52
Updated advisories:	26

Moderately // 445 views

Serv-U File Renaming Directory Traversal and STOU Denial of Service

Solutions | More...

Send Feedback to Secunia
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com. Ideas, suggestions, and other feedback are most welcome.