|
Mac OS X Security Update Fixes Multiple Vulnerabilities
|
|
Secunia Advisory:
|
SA24966
|
|
|
Release Date:
|
2007-04-20
|
|
Last Update:
|
2007-05-02
|
|
Popularity:
|
12,959 views
|
|
|
Critical:
|
Highly critical
|
|
Impact:
|
Security Bypass
Manipulation of data
Exposure of sensitive information
Privilege escalation
DoS
System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| OS: | Apple Macintosh OS X
|
|
|
Secunia CVSS-2 Score:
|
Available in Secunia business solutions 
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities
|
|
| Advisory Content (Page 1 of 3) | [ 1 ] [ 2 ] [ 3 ] | |
|
Description:
Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities.
1) An error in the AFP Client can be exploited by malicious, local users to create files or execute commands with system privileges.
2) A boundary error exists in the AirPortDriver module, which can be exploited by malicious, local users to cause a buffer overflow.
Successful exploitation may allow execution of arbitrary code with escalated privileges.
NOTE: This does not affect systems with the AirPort Extreme card.
3) An error in the CoreServices daemon can be exploited by malicious, local users to obtain a send right to its Mach task port.
Successful exploitation may allow execution of arbitrary code with escalated privileges.
4) An error in fsck can be exploited to cause memory corruption via a specially crafted UFS file system.
Successful exploitation may allow execution of arbitrary code, when a malicious UFS file system is opened.
5) An error in fetchmail can be exploited by malicious people to gain knowledge of sensitive information.
For more information:
SA23631
6) An error in ftpd can be exploited by malicious users to compromise a vulnerable system.
For more information:
SA23178
7) A boundary error in GNU Tar can be exploited by malicious people to cause a DoS (Denial of Service) or to compromise a user's system.
For more information:
SA18973
8) A format string error in the Help Viewer application can be exploited by malicious people to execute arbitrary code.
Successful exploitation requires that a user is tricked into downloading and opening a help file with a specially crafted name.
9) An error in the IOKit HID interface can be exploited by malicious, local users to capture console keystrokes from other users.
NOTE: This fix was originally distributed via the Mac OS X v10.4.9 update. However, due to a packaging issue it may not have been delivered to all systems.
10) A format string error in the Installer application can be exploited by malicious people to execute arbitrary code.
Successful exploitation requires that a user is tricked into downloading and opening an installer package with a specially crafted name.
11) An error in Kerberos can be exploited by malicious people to cause an DoS (Denial of Service) or to compromise a vulnerable system.
For more information:
SA23696
12) Some errors in Kerberos can be exploited by malicious users to cause a DoS or to compromise a vulnerable system.
For more information see vulnerabilities #2 and #3 in:
SA24740
13) An error in Libinfo can cause a previously deallocated object to be accessed when a specially crafted web page is viewed.
Successful exploitation may allow execution of arbitrary code.
14) An integer overflow exists in the RPC library when processing XDR strings. This can be exploited by malicious people to cause a DoS or to execute arbitrary code as the user "daemon" by sending a specially crafted AUTH_UNIX packet to any enabled RPC service.
15) An error in Login Window in the processing of environment variables can be exploited by malicious, local users to execute arbitrary code with system privileges.
16) Under certain conditions it is possible to bypass the screen saver authentication dialog.
17) Under certain conditions it is possible for a person with physical access to the system to log in without authentication when the software update window appears beneath the Login Window.
18) An error in natd within the handling of RTSP packets can be exploited by malicious people to cause a buffer overflow by sending a specially crafted packet to an affected system.
Successful exploitation may allow execution of arbitrary code, but requires that Internet Sharing is enabled.
19) An error in SMB can be exploited by malicious, local users to create files or execute commands with system privileges.
20) A weakness in the System Configuration can be exploited by malicious, local users to gain escalated privileges.
For more information:
SA23793
21) The username and password used to mount remote file systems via SMB are passed to the mount_smb command as command line arguments. This can be exploited by malicious, local users to gain knowledge of other users' credentials.
22) An error in the VideoConference framework can be exploited by malicious people to cause a heap-based buffer overflow by sending a specially crafted SIP packet when initialising a conference.
Successful exploitation may allow execution of arbitrary code.
23) An error in the load_webdav program when mounting a WebDAV filesystem can be exploited by malicious, local users to create files or to execute commands with system privileges.
24) An error in WebFoundation allows cookies set by subdomains to be accessible to the parent domain.
NOTE: This does not affect systems running Mac OS X v10.4.
Change Page:
[ 1 ] [ 2 ] [ 3 ]
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
9th Jul, 2009
|
New advisories:
|
18 |
|
New vulnerabilities:
|
21 |
|
Updated advisories:
|
25 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
 Solutions | More...
|
|
