Mac OS X Security Update Fixes Multiple Vulnerabilities - Secunia Advisories - Vulnerability Intelligence

Home > Vulnerability Intelligence > Secunia Advisories > Mac OS X Security Update Fixes Multiple Vulnerabilities

Secunia Advisories

Advisories

Advisories by Product

Business Solutions Restricted

Partner Solutions Restricted

About

Mac OS X Security Update Fixes Multiple Vulnerabilities
Secunia Advisory:	SA23155	Advisory Toolbox: Issue ticket Save in to-do list Mark as handled Exploit information Download as PDF Review actions Add comment
Release Date:	2006-11-29
Last Update:	2006-12-05
Popularity:	14,719 views

Critical:	Highly critical
Impact:	Security Bypass Manipulation of data Exposure of sensitive information Privilege escalation DoS System access
Where:	From remote
Solution Status:	Vendor Patch

OS:	Apple Macintosh OS X

Subscribe:	Instant alerts on relevant vulnerabilities

CVE reference:	CVE-2005-3962 CVE-2006-1490 CVE-2006-1990 CVE-2006-2937 CVE-2006-2940 CVE-2006-3403 CVE-2006-3738 CVE-2006-4182 CVE-2006-4334 CVE-2006-4335 CVE-2006-4336 CVE-2006-4337 CVE-2006-4338 CVE-2006-4339 CVE-2006-4343 CVE-2006-4396 CVE-2006-4398 CVE-2006-4400 CVE-2006-4401 CVE-2006-4402 CVE-2006-4403 CVE-2006-4404 CVE-2006-4406 CVE-2006-4407 CVE-2006-4408 CVE-2006-4409 CVE-2006-4410 CVE-2006-4411 CVE-2006-4412 CVE-2006-5465 CVE-2006-5710

Description: Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities. 1) An error in the Airport driver can be exploited by malicious people to compromise a vulnerable system. For more information: SA22679 2) The Apple Type Services (ATS) server creates error log files insecurely. This can be exploited by malicious, local users to create or overwrite files with system privileges. 3) Multiple boundary errors in the Apple Type Services (ATS) server can be exploited by malicious, local users to cause a buffer overflow and execute arbitrary code with system privileges by sending a specially crafted request. 4) A boundary error in Apple Type Services (ATS) can be exploited to cause a stack-based buffer overflow via specially crafted font files and allows execution of arbitrary code with system privileges. 5) An error in the CFNetwork framework can be exploited to cause a user's FTP client to issue arbitrary FTP commands when a user accesses a specially crafted FTP URI. This may facilitate exploitation via other line oriented protocols. 6) Vulnerabilities in ClamAV can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. For more information: SA22370 7) A boundary error in Finder can be exploited to cause a heap-based buffer overflow and may allow arbitrary code execution when a user browses a directory containing a specially crafted ".DS_Store" file. 8) An error in the ftpd can be exploited by malicious people to determine valid account names and to cause a DoS (Denial of Service) via failed login attempts with a valid username. 9) Some vulnerabilities in gnuzip can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. For more information: SA21996 10) Some vulnerabilities in OpenSSL can be exploited by malicious people to cause a DoS (Denial of Service), bypass certain security restrictions, or compromise a vulnerable system. For more information: SA21709 SA22130 11) A vulnerability in Perl can be exploited by malicious people to cause a Denial of Service and potentially to compromise a vulnerable Perl application. For more information: SA17802 12) Some vulnerabilities in PHP can be exploited by malicious people to gain knowledge of potentially sensitive information, to cause a DoS (Denial of Service), or to compromise a vulnerable system. For more information: SA19383 SA19803 SA22653 13) A boundary error in PPP can be exploited to cause a buffer overflow. This can be exploited to cause a DoS (Denial of Service) or execute arbitrary code with system privileges. 14) A vulnerability in Samba can be exploited by malicious users to cause a DoS (Denial of Service). For more information: SA20980 15) A security issue exists in the Security Framework where Secure Transport may not negotiate the best cipher available. 16) An error in the Security Framework when processing X.509 certificates can be exploited to cause a DoS (Denial of Service). NOTE: Systems prior to Mac OS X v10.4 are not affected. 17) A security issue exists in the Security Framework where the Online Certificate Status Protocol (OCSP) service cannot retrieve certificate revocation lists when using a HTTP proxy. 18) A security issue exists in the Security Framework where certain revoked certificates may be erroneously honored. 19) An error in the VPN server can be exploited by malicious, local users to execute commands with system privileges. 20) An error in WebKit can be exploited to execute arbitrary code via a specially crafted HTML document. 21) A weakness exists in Installer where system privileges are used without explicit authorisation. Solution: Apply Security Update 2006-007. Security Update 2006-007 (10.3.9 Client): http://www.apple.com/support/downloads/securityupdate20060071039client.html Security Update 2006-007 (10.3.9 Server): http://www.apple.com/support/downloads/securityupdate20060071039server.html Security Update 2006-007 (10.4.8 Client Intel): http://www.apple.com/support/downloads/securityupdate20060071048clientintel.html Security Update 2006-007 (10.4.8 Client PPC): http://www.apple.com/support/downloads/securityupdate20060071048clientppc.html Security Update 2006-007 (10.4.8 Server PPC): http://www.apple.com/support/downloads/securityupdate20060071048serverppc.html Security Update 2006-007 (10.4.8 Server Universal): http://www.apple.com/support/download...update20060071048serveruniversal.html Provided and/or discovered by: 1) The vendor credits H D Moore. 8) The vendor credits Benjamin Williams, University of Canterbury. 13) The vendor credits Mu Security. 15) The vendor credits Eric Cronin of gizmolabs. 16) The vendor credits Dr. Stephen N. Henson of Open Network Security. 17) The vendor credits Timothy J. Miller of the MITRE Corporation. 18) The vendor credits Jose Nazario of Arbor Networks. 20) The vendor credits Tom Ferris of Security-Protocols. Changelog: 2006-11-30: Added links to US-CERT. 2006-12-01: Added links to US-CERT. 2006-12-05: Added links to US-CERT. Original Advisory: http://docs.info.apple.com/article.html?artnum=304829 Other References: SA17802: http://secunia.com/advisories/17802/ SA19803: http://secunia.com/advisories/19803/ SA19383: http://secunia.com/advisories/19383/ SA20980: http://secunia.com/advisories/20980/ SA21709: http://secunia.com/advisories/21709/ SA21996: http://secunia.com/advisories/21996/ SA22130: http://secunia.com/advisories/22130/ SA22370: http://secunia.com/advisories/22370/ SA22653: http://secunia.com/advisories/22653/ SA22679: http://secunia.com/advisories/22679/ Mu Security: http://labs.musecurity.com/advisories/MU-200611-01.txt US-CERT VU#848960: http://www.kb.cert.org/vuls/id/848960 US-CERT VU#870960: http://www.kb.cert.org/vuls/id/870960 US-CERT VU#258744: http://www.kb.cert.org/vuls/id/258744 US-CERT VU#835936: http://www.kb.cert.org/vuls/id/835936 US-CERT VU#191336: http://www.kb.cert.org/vuls/id/191336 US-CERT VU#800296: http://www.kb.cert.org/vuls/id/800296 US-CERT VU#323424: http://www.kb.cert.org/vuls/id/323424 US-CERT VU#681056: http://www.kb.cert.org/vuls/id/681056 US-CERT VU#734032: http://www.kb.cert.org/vuls/id/734032 US-CERT VU#371648: http://www.kb.cert.org/vuls/id/371648 US-CERT VU#811384: http://www.kb.cert.org/vuls/id/811384

Track this Secunia Advisory
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released. Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.

About this Secunia Advisory
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise. Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.

Latest Advisories

8th Jan, 2009

New advisories:	24
New vulnerabilities:	99
Updated advisories:	26

Moderately // 314 views

Drupal Project Module File Upload and Cross-Site Scripting

Less // 319 views

SmbFTPD Long Command Processing Vulnerability

Less // 368 views

Drupal Project Issue Tracking Module Multiple Vulnerabilities

Less // 328 views

PHP-Fusion Members CV Module "sortby" SQL Injection Vulnerability

Moderately // 367 views

Lasso OpenSSL "DSA_verify()" Spoofing Vulnerability

Moderately // 308 views

Xdg-utils mailcap Command Execution Security Issue

Less // 343 views

FreeBSD update for lukemftpd

Less // 326 views

tnftpd Long Command Processing Vulnerability

Moderately // 459 views

Cisco Global Site Selector DNS Request Denial of Service

Less // 406 views

NTP OpenSSL "EVP_VerifyFinal()" Spoofing Vulnerability

Solutions | More...

Send Feedback to Secunia
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com. Ideas, suggestions, and other feedback are most welcome.