|
|
|
|
Mac OS X Security Update Fixes Multiple Vulnerabilities
|
|
Secunia Advisory:
|
SA16449
|
|
|
Release Date:
|
2005-08-16
|
|
Last Update:
|
2005-08-18
|
|
Popularity:
|
19,690 views
|
|
|
Critical:
|
Highly critical
|
|
Impact:
|
Security Bypass
Cross Site Scripting
Manipulation of data
Exposure of sensitive information
Privilege escalation
DoS
System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| OS: | Apple Macintosh OS X
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities 
|
| | CVE reference: | CVE-2004-0079
CVE-2004-0112
CVE-2004-0885
CVE-2004-0942
CVE-2004-1083
CVE-2004-1084
CVE-2004-1189
CVE-2005-0605
CVE-2005-0709
CVE-2005-0710
CVE-2005-0711
CVE-2005-1174
CVE-2005-1175
CVE-2005-1344
CVE-2005-1689
CVE-2005-1769
CVE-2005-1849
CVE-2005-2095
CVE-2005-2096
CVE-2005-2501
CVE-2005-2502
CVE-2005-2503
CVE-2005-2504
CVE-2005-2505
CVE-2005-2506
CVE-2005-2507
CVE-2005-2508
CVE-2005-2509
CVE-2005-2510
CVE-2005-2511
CVE-2005-2512
CVE-2005-2513
CVE-2005-2514
CVE-2005-2515
CVE-2005-2516
CVE-2005-2517
CVE-2005-2518
CVE-2005-2519
CVE-2005-2520
CVE-2005-2521
CVE-2005-2522
CVE-2005-2523
CVE-2005-2525
CVE-2005-2526
|
|
Description:
Apple has issued a security update for Mac OS X, which fixes more than 40 vulnerabilities.
1) A boundary error in htdigest can be exploited to cause a buffer overflow by passing an overly long realm argument.
NOTE: htdigest is by default only locally accessible and not setuid / setgid.
2) Two vulnerabilities in Apache 2 can be exploited by malicious people to bypass certain security restrictions or cause a DoS (Denial of Service).
For more information:
SA12787
SA13045
3) A security issue in Apache 2 results in access to ".DS_Store" files and files starting with ".ht" not being fully blocked. The problem is that the Apache configuration blocks access in a case sensitive way, but the Apple HFS+ filesystem performs file access in a case insensitive way.
4) A security issue in Apache 2 makes it possible to bypass the normal Apache file handlers and retrieve file data and resource fork content via HTTP. The problem is that the Apple HFS+ filesystem permits files to have multiple data streams.
NOTE: This issue may also affect other products installed on the HFS+ filesystem.
5) A boundary error in the AppKit component can be exploited to cause a buffer overflow and execute arbitrary code on a user's system when a specially crafted rich text file is opened.
6) A boundary error in the AppKit component can be exploited to cause a buffer overflow and execute arbitrary code on a user's system when a specially crafted Microsoft Word .doc file is opened in e.g. TextEdit.
7) An error in the AppKit component allows malicious, local users with physical access to create additional local accounts.
8) A bug in the System Profiler causes it to display misleading information about whether or not a Bluetooth device requires authentication.
9) A boundary error in the CoreFoundation framework when processing command line arguments can be exploited to cause a buffer overflow and execute arbitrary code.
10) An error in the CoreFoundation framework when parsing Gregorian date information can cause applications to stall.
11) Errors in the CUPS printing service can cause it to stop printing when handling multiple, simultaneous print jobs.
12) A boundary error in Directory Services during the authentication handling can be exploited to cause a buffer overflow and execute arbitrary code.
13) Various errors in the privileged tool dsidentity can be exploited by unprivileged users to add or remove identity user accounts in Directory Services.
14) The slpd program in Directory Services creates temporary files insecurely. This can be exploited via symlink attacks to overwrite arbitrary files with root privileges.
15) An error in Hltoolbox may allow VoiceOver services to read contents from secure input fields.
16) An error in Kerberos can potentially be exploited by malicious users to compromise a vulnerable system.
For more information:
SA13592
17) Multiple boundary errors in Kerberos can be exploited by malicious people to cause a DoS or potentially compromise a vulnerable system.
For more information:
SA16041
18) An error in Kerberos when Kerberos authentication is enabled in addition to LDAP can be exploited to gain access to the root Terminal window.
19) An error in loginwindow can be exploited by malicious users with knowledge of two passwords to access other logged-in accounts when "Fast User Switching" is enabled without knowing these passwords.
20) The Mail component loads remote images in HTML emails (even with this disabled in the user's preferences), which can be exploited to enumerate valid email addresses.
21) Various errors in MySQL can potentially be exploited by malicious users to compromise a vulnerable system and by malicious, local users to perform certain actions on a vulnerable system with escalated privileges.
For more information:
SA14547
22) Three vulnerabilities in OpenSSL can be exploited by malicious people to cause a DoS (Denial-of-Service).
For more information:
SA11139
23) An unspecified boundary error in the ping utility can be exploited to cause a buffer overflow and potentially gain escalated privileges.
24) An error in QuartzComposerScreenSaver can be exploited by malicious people with physical access to open web pages while the RSS Visualizer screen saver is locked.
25) An error in Safari can be exploited to bypass the normal browser security checks and execute arbitrary commands when a link in a specially crafted rich text file is clicked.
26) A security issue in Safari when submitting forms on a XSL formatted page may cause the information to be submitted to the next visited web page.
27) A security issue in the SecurityInterface component may cause recently used passwords to be visible in the password assistant.
28) A boundary error in servermgrd during the authentication process can be exploited to cause a buffer overflow and execute arbitrary code.
29) A security issue in servermgr_ipfilter may cause certain firewall policies created with the Server Admin tool to not be written to the Active Rules.
30) Some vulnerabilities in Squirrelmail can be exploited to conduct cross-site scripting attacks or disclose and manipulate sensitive information.
For more information:
SA15721
SA16058
31) A boundary error in the traceroute utility can be exploited to cause a buffer overflow and execute arbitrary code.
32) An error in WebKit can be exploited to bypass normal browser security checks and execute arbitrary commands when a link in a specially crafted PDF document is clicked.
33) Various errors in Weblog Server can be exploited to conduct cross-site scripting attacks.
34) A vulnerability in X11 can potentially be exploited by malicious people to compromise a vulnerable system.
For more information:
SA14460
35) Errors in zlib can be exploited by malicious people to conduct a DoS against a vulnerable application or potentially to execute arbitrary code.
For more information:
SA15949
SA16137
Solution:
Apply Security Update 2005-007.
Mac OS X 10.3.9 Client:
http://www.apple.com/support/download...ityupdate2005007macosx1039client.html
Mac OS X 10.3.9 Server:
http://www.apple.com/support/download...ityupdate2005007macosx1039server.html
Mac OS X 10.4.2 Client:
http://www.apple.com/support/download...update2005007v11macosx1042client.html
Mac OS X 10.4.2 Server:
http://www.apple.com/support/download...update2005007v11macosx1042server.html
Provided and/or discovered by:
1) JxT, SNOsoft.
8) John M. Glenn
9) David Remahl
10) David Remahl
13) KF and Neil Archibald.
18) Jim Foraker
20) Brad Miller and John Pell
23) Neil Archibald, Suresec LTD.
24) Jay Craft, GrooVault Entertainment.
26) Bill Kuker
27) Andrew Langmead
29) Matt Richard and Chris Pepper
31) Neil Archibald, Suresec LTD.
33) Donnie Werner and Atsushi MATSUO.
Changelog:
2005-08-18: Vendor issues updated security updates for Mac OS X 10.4.2.
Original Advisory:
Apple:
http://docs.info.apple.com/article.html?artnum=302163
Other References:
SA11139:
http://secunia.com/advisories/11139/
SA12787:
http://secunia.com/advisories/12787/
SA13045:
http://secunia.com/advisories/13045/
SA13592:
http://secunia.com/advisories/13592/
SA14460:
http://secunia.com/advisories/14460/
SA14547:
http://secunia.com/advisories/14547/
SA15721:
http://secunia.com/advisories/15721/
SA15949:
http://secunia.com/advisories/15949/
SA16041:
http://secunia.com/advisories/16041/
SA16058:
http://secunia.com/advisories/16058/
SA16137:
http://secunia.com/advisories/16137/
US-CERT VU#172948:
http://www.kb.cert.org/vuls/id/172948
US-CERT VU#420316:
http://www.kb.cert.org/vuls/id/420316
US-CERT VU#435188:
http://www.kb.cert.org/vuls/id/435188
US-CERT VU#461412:
http://www.kb.cert.org/vuls/id/461412
US-CERT VU#709220:
http://www.kb.cert.org/vuls/id/709220
US-CERT VU#913820:
http://www.kb.cert.org/vuls/id/913820
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
10th Oct, 2008
|
New advisories:
|
15 |
|
New vulnerabilities:
|
83 |
|
Updated advisories:
|
41 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
 Solutions | More...
|
|
|
|
Send Feedback to Secunia
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|
|
|
|
