Secunia

Community Login

Customer Login

Partner Login

Overview

Advisories

Research

Forums

Create Profile

Our Commitment

Database

Advisories by Product

Advisories by Vendor

Terminology

Report Vulnerability

Insecure Library Loading

Secunia Advisory SA14655

Mac OS X Security Update Fixes Multiple Vulnerabilities

Secunia Advisory

SA14655

Release Date

2005-03-22

Last Update

2005-03-29

Popularity

12,739 views

Comments

0 comments

Criticality level

Highly critical

Impact

Security Bypass
Spoofing
Exposure of sensitive information
Privilege escalation
DoS
System access

Where

From remote

Authentication level

Available in Customer Area

Report reliability

Available in Customer Area

Solution Status

Vendor Patch

Systems affected

Available in Customer Area

Approve distribution

Available in Customer Area

Remediation status

Secunia CSI, Secunia PSI

Automated scanning

Secunia CSI, Secunia PSI

Operating System

Apple Macintosh OS X

Secunia CVSS Score

Available in Customer Area

CVE Reference(s)

Description

Apple has issued a security update for Mac OS X, which fixes various vulnerabilities.

1) A signedness error in AFP Server can be exploited to crash the application via a specially crafted FPLoginExt packet.

2) An access control error in AFP Server can be exploited to gain knowledge of the contents of a Drop Box.

3) An error in Bluetooth Setup Assistant can be exploited to bypass security restrictions when using a Bluetooth input device.

4) A boundary error in the Core Foundation library when handling the CF_CHARSET_PATH environment variables can be exploited to cause a buffer overflow.

Successful exploitation allows malicious, local users to execute arbitrary code with escalated privileges.

5) Multiple vulnerabilities in Cyrus IMAP Server can be exploited by malicious people to compromise a vulnerable system.

For more information:
SA13274

6) Some vulnerabilities in Cyrus SASL can be exploited to crash or potentially compromise applications linked against the library.

For more information:
SA12760

7) Insecure permissions on various directories may result in race conditions and allow local privilege escalation.

8) A vulnerability in Mailman can be exploited by malicious people to disclose sensitive information.

For more information:
SA14211

9) A security issue in Safari can be exploited by a malicious web site to spoof the URL displayed in the address bar, SSL certificate, and status bar.

For more information:
SA14164

10) Two boundary errors in the telnet utility can be exploited by malicious people to compromise a user's system.

For more information:
SA14745

Solution
Apply Security Update 2005-003.
Further details available in Customer Area

Provided and/or discovered by
1) nemo
2) John M. Glenn
4) iDEFENSE and Adriano Lima
7) Eric Hall, Michael Haller, and root[at]addcom.de.
10) Gaël Delalleau

Changelog
Further details available in Customer Area

Original Advisory
Apple:
http://docs.info.apple.com/article.html?artnum=301061

iDEFENSE:
http://www.idefense.com/application/poi/display?id=219&type=vulnerabilities
http://www.idefense.com/application/poi/display?id=220&type=vulnerabilities
http://www.idefense.com/application/poi/display?id=221&type=vulnerabilities

Other references
Further details available in Customer Area

Deep Links
Links available in Customer Area

Do you have additional information related to this advisory?

Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this information to vuln@secunia.com

Subject: Mac OS X Security Update Fixes Multiple Vulnerabilities

No posts yet

Secunia

Secunia Advisory SA14655

Mac OS X Security Update Fixes Multiple Vulnerabilities

Do you have additional information related to this advisory?

You must be logged in to post a comment.

Secunia Customer Login

Not a customer already?