|
|
|
|
Mac OS X Security Update Fixes Multiple Vulnerabilities
|
|
Secunia Advisory:
|
SA24479
|
|
|
Release Date:
|
2007-03-14
|
|
Last Update:
|
2007-03-16
|
|
Popularity:
|
14,440 views
|
|
|
Critical:
|
Highly critical
|
|
Impact:
|
Security Bypass
Cross Site Scripting
Manipulation of data
Exposure of sensitive information
Privilege escalation
DoS
System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| OS: | Apple Macintosh OS X
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities 
|
| | CVE reference: | CVE-2005-2959
CVE-2006-0225
CVE-2006-0300
CVE-2006-1516
CVE-2006-1517
CVE-2006-2753
CVE-2006-3081
CVE-2006-3469
CVE-2006-4031
CVE-2006-4226
CVE-2006-4829
CVE-2006-4924
CVE-2006-5051
CVE-2006-5052
CVE-2006-5330
CVE-2006-5679
CVE-2006-5836
CVE-2006-6061
CVE-2006-6062
CVE-2006-6097
CVE-2006-6129
CVE-2006-6130
CVE-2006-6173
CVE-2007-0229
CVE-2007-0236
CVE-2007-0267
CVE-2007-0299
CVE-2007-0318
CVE-2007-0463
CVE-2007-0467
CVE-2007-0588
CVE-2007-0719
CVE-2007-0720
CVE-2007-0721
CVE-2007-0722
CVE-2007-0723
CVE-2007-0724
CVE-2007-0728
CVE-2007-0726
CVE-2007-0730
CVE-2007-0731
CVE-2007-0733
CVE-2007-1071
|
|
Description:
Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities.
1) A boundary error exists in the handling of embedded ColorSync profiles. This can be exploited by malicious people to cause a stack based buffer overflow by enticing a user to open a specially crafted image.
Successful exploitation may allow execution of arbitrary code.
2) An error in Crash Reporter can be exploited by a process with admin privileges to write to arbitrary files with root privileges.
3) An unspecified error in CUPS can be exploited to prevent other requests from being served via a partially negotiated SSL connection.
4) An unspecified error in diskimages-helper can be exploited by malicious people to cause a memory corruption via a specially crafted disk image and may allow execution of arbitrary code.
5) An integer overflow in the handler for AppleSingleEncoding disk images can potentially be exploited by malicious people to execute arbitrary code by tricking a user to mount a specially crafted disk image.
6) Various errors exist in the processing of disk images, which can be exploited to gain escalated privileges, cause a DoS (Denial of Service), or to compromise a user's system.
For more information:
SA22736
SA23012
SA23703
SA23721
SA23725
7) An unspecified error in DS Plug-Ins can be exploited by malicious users to change the local root password.
8) An error in Flash Player can be exploited by malicious people to bypass certain restrictions.
For more information:
SA22467
9) Multiple errors in GNU Tar can be exploited by malicious people to cause a DoS, overwrite arbitrary files, or to compromise a vulnerable system.
For more information:
SA18973
SA23115
10) An error in the handling of HFS+ file systems can be exploited by malicious people to cause a DoS.
For more information:
SA23742
11) An error in the IOKit HID interface can be exploited by malicious, local users to capture console keystrokes from other users.
12) An integer overflow error in the handling of GIF files in ImageIO can potentially be exploited by malicious people to execute arbitrary code by tricking a users to open a specially crafted GIF file.
NOTE: Systems prior to Mac OS X v10.4 are not affected.
13) An error in the handling of RAW images can be exploited by malicious people to cause a memory corruption and may allow execution of arbitrary code by tricking a user to open a specially crafted RAW image.
NOTE: Systems prior to Mac OS X v10.4 are not affected.
14) An error in the kernel can be exploited by malicious, local users to cause a DoS.
For more information:
SA22808
15) An error in the kernel can be exploited by malicious, local users to cause a DoS or potentially gain escalated privileges.
For more information:
SA23088
16) An error in the kernel can be exploited by malicious, local users to gain escalated privileges.
For more information:
SA23120
17) Some vulnerabilities in MySQL can be exploited by malicious users to disclose potentially sensitive information, bypass certain security restrictions, cause a DoS, and compromise a vulnerable system, and by malicious people to conduct SQL injection attacks
For more information:
SA19929
SA20365
SA21259
SA21506
18) Errors in the AppleTalk protocol handler can be exploited by malicious, local users to cause a DoS or potentially gain escalated privileges.
For more information:
SA23134
SA23708
19) An error in the handling of SSH key generation in OpenSSH can be exploited by malicious people to destroy established trust between SSH hosts. Systems that have already enabled SSH and rebooted at least once are not vulnerable to this issue.
20) Errors in OpenSSH can be exploited by malicious, local users to perform certain actions with escalated privileges, and by malicious people to cause a DoS or potentially compromise a vulnerable system.
For more information:
SA18579
SA22091
SA22173
21) An error in the print system can be exploited by malicious, local users to overwrite arbitrary files with system privileges.
22) An error in Apple QuickDraw can be exploited by malicious people to cause a heap based buffer overflow and may allow execution of arbitrary code via a specially crafted PICT file.
23) An error in Apple QuickDraw can be exploited by malicious people to cause a DoS.
For more information:
SA23859
24) An error in servermgrd can be exploited by malicious people to access Server Manager without valid credentials
25) A boundary error in SMB File Server can be exploited by malicious users to cause stack based buffer overflow, which results in a DoS or potentially in arbitrary code execution.
26) A format string error in Software Update can be exploited by malicious people to execute arbitrary code by tricking a user to open a specially crafted Software Update Catalog.
27) An error in sudo can be exploited by malicious, local users to gain escalated privileges.
For more information:
SA17318
28) An error in WebLog can be exploited by malicious people to conduct cross-site scripting attacks.
For more information:
SA21935
Solution:
Update to Mac OS X 10.4.9 or install Security Update 2007-003:
Security Update 2007-003 (10.3.9 Client):
http://www.apple.com/support/downloads/securityupdate20070031039client.html
Security Update 2007-003 (10.3.9 Server):
http://www.apple.com/support/downloads/securityupdate20070031039server.html
Mac OS X Server 10.4.9 Update (PPC):
http://www.apple.com/support/downloads/macosxserver1049updateppc.html
Mac OS X 10.4.9 Combo Update (PPC):
http://www.apple.com/support/downloads/macosx1049comboupdateppc.html
Mac OS X 10.4.9 Combo Update (Intel):
http://www.apple.com/support/downloads/macosx1049comboupdateintel.html
Mac OS X 10.4.9 Update (PPC):
http://www.apple.com/support/downloads/macosx1049updateppc.html
Mac OS X 10.4.9 Update (Intel):
http://www.apple.com/support/downloads/macosx1049updateintel.html
Mac OS X Server 10.4.9 Update (Universal):
http://www.apple.com/support/downloads/macosxserver1049updateuniversal.html
Mac OS X Server 10.4.9 Combo Update (Universal):
http://www.apple.com/support/downloads/macosxserver1049comboupdateuniversal.html
Mac OS X Server 10.4.9 Combo Update (PPC):
http://www.apple.com/support/downloads/macosxserver1049comboupdateppc.html
Provided and/or discovered by:
The vendor credits:
1, 12) Tom Ferris, Security-Protocols
2) KF
11) Andrew Garber of University of Victoria, Alex Harper, and Michael Evans
13) Luke Church, University of Cambridge
19) Jeff Mccune, The Ohio State University
22) Tom Ferris, Security-Protocols and Mike Price, McAfee AVERT Labs
25) Cameron Kay of Massey University, New Zealand
26) Kevin Finisterre, DigitalMunition
Changelog:
2007-03-15: Added links to US-CERT.
2007-03-16: Added links to US-CERT.
Original Advisory:
Apple:
http://docs.info.apple.com/article.html?artnum=305214
MOAB:
2) http://projects.info-pull.com/moab/MOAB-28-01-2007.html
26) http://projects.info-pull.com/moab/MOAB-24-01-2007.html
Other References:
SA17318:
http://secunia.com/advisories/17318/
SA18579:
http://secunia.com/advisories/18579/
SA18973:
http://secunia.com/advisories/18973/
SA19929:
http://secunia.com/advisories/19929/
SA20365:
http://secunia.com/advisories/20365/
SA21259:
http://secunia.com/advisories/21259/
SA21506:
http://secunia.com/advisories/21506/
SA21935:
http://secunia.com/advisories/21935/
SA22091:
http://secunia.com/advisories/22091/
SA22173:
http://secunia.com/advisories/22173/
SA22467:
http://secunia.com/advisories/22467/
SA22736:
http://secunia.com/advisories/22736/
SA22808:
http://secunia.com/advisories/22808/
SA23012:
http://secunia.com/advisories/23012/
SA23088:
http://secunia.com/advisories/23088/
SA23115:
http://secunia.com/advisories/23115/
SA23120:
http://secunia.com/advisories/23120/
SA23134:
http://secunia.com/advisories/23134/
SA23703:
http://secunia.com/advisories/23703/
SA23708:
http://secunia.com/advisories/23708/
SA23721:
http://secunia.com/advisories/23721/
SA23725:
http://secunia.com/advisories/23725/
SA23742:
http://secunia.com/advisories/23742/
SA23859:
http://secunia.com/advisories/23859/
US-CERT VU#346656:
http://www.kb.cert.org/vuls/id/346656
US-CERT VU#363112:
http://www.kb.cert.org/vuls/id/363112
US-CERT VU#396820:
http://www.kb.cert.org/vuls/id/396820
US-CERT VU#449440:
http://www.kb.cert.org/vuls/id/449440
US-CERT VU#557064:
http://www.kb.cert.org/vuls/id/557064
US-CERT VU#559444:
http://www.kb.cert.org/vuls/id/559444
US-CERT VU#873868:
http://www.kb.cert.org/vuls/id/873868
US-CERT VU#515792:
http://www.kb.cert.org/vuls/id/515792
US-CERT VU#124280:
http://www.kb.cert.org/vuls/id/124280
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
10th Oct, 2008
|
New advisories:
|
15 |
|
New vulnerabilities:
|
83 |
|
Updated advisories:
|
41 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
 Solutions | More...
|
|
|
|
Send Feedback to Secunia
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|
|
|
|
