|
Mac OS X Security Update Fixes Multiple Vulnerabilities
|
|
Secunia Advisory:
|
SA29420
|
|
|
Release Date:
|
2008-03-19
|
|
Last Update:
|
2008-03-27
|
|
Popularity:
|
12,902 views
|
|
|
Critical:
|
Highly critical
|
|
Impact:
|
Unknown
Security Bypass
Cross Site Scripting
Spoofing
Exposure of sensitive information
Privilege escalation
DoS
System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| OS: | Apple Macintosh OS X
|
|
|
Secunia CVSS-2 Score:
|
Available in Secunia business solutions 
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities
|
|
| Advisory Content (Page 1 of 3) | [ 1 ] [ 2 ] [ 3 ] | |
|
Description:
Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities.
1) Multiple boundary errors in AFP client when processing "afp://" URLs can be exploited to cause stack-based buffer overflows when a user connects to a malicious AFP server.
Successful exploitation may allow execution of arbitrary code.
2) An error exists in AFP Server when checking Kerberos principal realm names. This can be exploited to make unauthorized connections to the server when cross-realm authentication with AFP Server is used.
3) Multiple vulnerabilities in Apache can be exploited by malicious people to conduct cross-site scripting attacks, cause a DoS (Denial of Service), or potentially compromise a vulnerable system.
For more information:
SA18008
SA21197
SA26636
SA27906
SA28046
4) A boundary error within the handling of file names in the NSDocument API in AppKit can be exploited to cause a stack-based buffer overflow.
5) An error in NSApplication in AppKit can potentially be exploited to execute code with escalated privileges by sending a maliciously crafted messages to privileged applications in the same bootstrap namespace.
6) Multiple integer overflow errors exist in the parser for a legacy serialization format. This can be exploited to cause a heap-based buffer overflow when a specially crafted serialized property list is parsed.
Successful exploitation may allow execution of arbitrary code.
7) An error in CFNetwork can be exploited to spoof secure websites via 502 Bad Gateway errors from a malicious HTTPS proxy server.
8) Multiple vulnerabilities in ClamAV can be exploited by malicious people to cause a DoS (Denial of Service) or to compromise a vulnerable system.
For more information:
SA23347
SA24187
SA24891
SA26038
SA26530
SA28117
SA28907
9) An integer overflow error exists in CoreFoundation when handling time zone data. This can be exploited by a malicious, local user to execute arbitrary code with system privileges.
10) The problem is that files with names ending in ".ief" can be automatically opened in AppleWorks if "Open 'Safe' files" is enabled in Safari.
11) A vulnerability in CUPS can be exploited to execute arbitrary code with system privileges.
For more information:
SA29431
12) Multiple input validation errors exist in CUPS, which can be exploited to execute arbitrary code with system privileges.
13) A boundary error in curl can be exploited to compromise a user's system.
For more information:
SA17907
14) A vulnerability in emacs can be exploited by malicious people to compromise a user's system.
For more information:
SA27508
15) A vulnerability in "file" can be exploited by malicious people to compromise a vulnerable system.
For more information:
SA24548
16) An input validation error exists in the NSSelectorFromString API, which can potentially be exploited to execute arbitrary code via a malformed selector name.
17) A race condition error in NSFileManager can potentially be exploited to gain escalated privileges.
18) A boundary error in NSFileManager can potentially be exploited to cause a stack-based buffer overflow via an overly long pathname with a specially crafted structure.
19) A race condition error exists in the cache management of NSURLConnection. This can be exploited to cause a DoS or execute arbitrary code in applications using the library (e.g. Safari).
20) A race condition error exists in NSXML. This can be exploited to execute arbitrary code by enticing a user to process an XML file in an application which uses NSXML.
21) An error in Help Viewer can be exploited to insert arbitrary HTML or JavaScript into the generated topic list page via a specially crafted "help:topic_list" URL and may redirect to a Help Viewer "help:runscript" link that runs Applescript.
22) A boundary error exists in Image Raw within the handling of Adobe Digital Negative (DNG) image files. This can be exploited to cause a stack-based buffer overflow by enticing a user to open a maliciously crafted image file.
23) Multiple vulnerabilities in Kerberos can be exploited to cause a DoS or to compromise a vulnerable system.
For more information:
SA29428
24) An off-by-one error the "strnstr()" in libc can be exploited to cause a DoS.
25) A format string error exists in mDNSResponderHelper, which can be exploited by a malicious, local user to cause a DoS or execute arbitrary code with privileges of mDNSResponderHelper by setting the local hostname to a specially crafted string.
26) An error in notifyd can be exploited by a malicious, local user to deny access to notifications by sending fake Mach port death notifications to notifyd.
27) An array indexing error in the pax command line tool can be exploited to execute arbitrary code.
28) Multiple vulnerabilities in php can be exploited to bypass certain security restrictions.
For more information:
SA27648
SA28318
29) A security issue is caused due to the Podcast Capture application providing passwords to a subtask through the arguments.
30) Printing and Preview handle PDF files with weak encryption.
31) An error in Printing in the handling of authenticated print queues can lead to credentials being saved to disk.
32) An error in NetCfgTool can be exploited by a malicious, local user to execute arbitrary code with escalated privileges via a specially crafted message.
33) A null-pointer dereference error exists in the handling of Universal Disc Format (UDF) file systems, which can be exploited to cause a system shutdown by enticing a user to open a maliciously crafted disk image.
34) An input validation error exists in the Mac OS X 10.5 Server Wiki Server. This can be exploited by malicious users to upload arbitrary files with privileges of the wiki server execute arbitrary code.
35) Some vulnerabilities in X11 can be exploited by malicious, local users to gain escalated privileges.
For more information:
SA27040
SA28532
36) Some vulnerabilities in libpng can be exploited by malicious people to cause a DoS (Denial of Service).
For more information:
SA22900
SA25292
SA27093
SA27130
Change Page:
[ 1 ] [ 2 ] [ 3 ]
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
6th Nov, 2009
|
New advisories:
|
17 |
|
New vulnerabilities:
|
65 |
|
Updated advisories:
|
21 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
 Solutions | More...
|
|
