Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
Database
Search
Advisories by Product
Advisories by Vendor
Terminology
Report Vulnerability
Insecure Library Loading
Highly critical

Apple Mac OS X Security Update Fixes Multiple Vulnerabilities

-

Release Date:  2008-09-16    Views:  13,106

Secunia Advisory SA31882

Where:

From remote

Impact:

Security Bypass, Cross Site Scripting, Spoofing, Manipulation of data, Exposure of system information, Exposure of sensitive information, DoS, System access

Solution Status:

Vendor Patch

Operating System:

CVE Reference(s):

Description


Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities.

1) A boundary error in the handling of PostScript font names in Apple Type Services can be exploited to cause a heap-based buffer overflow when a document containing a specially crafted font is viewed.

Successful exploitation may allow execution of arbitrary code.

2) Some vulnerabilities in ClamAV can be exploited by malicious people to bypass certain security restrictions, cause a DoS (Denial of Service), or compromise a vulnerable system.

For more information:
SA29000
SA30657

3) An error exists in Directory Services when it is configured to authenticate users with Active Directory. This can be exploited to disclose a list of user names from Active Directory in the Login Window by supplying wildcard characters in the user name field.

4) A vulnerability is caused due to an insecure file operation within the "slapconfig" tool, which can be exploited by a malicious, local user to disclose the password that are entered by administrative users using "slapconfig".

5) An weakness in Finder causes the "Get Info" window to incorrectly display the privileges for a file.

6) A null pointer dereference error exists in Finder when searching for a remote disc. This can be exploited by malicious people with access to the local network to cause Finder to exit immediately after it starts.

7) A vulnerability in ImageIO can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise a user's system.

For more information:
SA31610

8) An unspecified error exists in ImageIO when handling TIFF images. This can be exploited to cause a memory corruption and allows crashing an application or potentially arbitrary code execution.

9) An unspecified error in ImageIO when processing embedded ICC profiles in JPEG images can be exploited to crash an application or potentially execute arbitrary code.

10) A vulnerability in ImageIO can be exploited by malicious people to cause a DoS (Denial of Service), disclose potentially sensitive information, or potentially compromise an application using the library.

For more information:
SA29792

11) An error in the Kernel when a vnode is recycled can be exploited by malicious, local users to read or write certain files without proper permissions.

12) A security issue exists in libresolv and mDNSResponder due to DNS query port number not being sufficiently randomised, which can be exploited to poison the DNS cache.

13) A race condition exists in Login Window, which can be exploited to log in as an arbitrary user without providing any credentials if the system has an account without password enabled, e.g. the "Guest" account.

14) A weakness exists due to Login Window not properly clearing the password after a failed password change, which can be exploited by malicious people with access to the Login Screen to reset a user's password.

Successful exploitation requires that a user leaves a system with the error message displayed after a failed password change.

15) A vulnerability and a weakness in OpenSSH can be exploited by malicious, local users to disclose sensitive information or to bypass certain security restrictions.

For more information:
SA29522
SA29602

16) A vulnerability in QuickDraw Manager can be exploited by malicious people to compromise a user's system.

For more information see vulnerability #5 in:
SA31821

17) A vulnerability in Ruby can be exploited by malicious people to cause a DoS (Denial of Service).

For more information:
SA30924

18) Integer overflow errors exist in unspecified functions within the SearchKit framework. These can be exploited to crash an application or execute arbitrary code when an application passes untrusted input to SearchKit.

19) An error in System Configuration exists due to PPP passwords being stored unencrypted in a world readable file.

20) An error exists in Time Machine due to log files being stored with insecure permissions on the backup drive , which can lead to disclosure of sensitive information.

21) A memory corruption error exists in the handling of H.264 encoded media within the VideoConference framework. This can be exploited to crash an application and potentially execute arbitrary code e.g. when a user starts a video conference with a malicious person.

22) Certain input in emails is not properly sanitised before being used in the mailing list archive in Wiki Server. This can be exploited to insert arbitrary HTML and script code, which will be executed in another user's browser session in context of an affected site e.g. when a malicious mail is viewed.


Solution:
Update to Mac OS X 10.5.5 or apply Security Update 2008-006.

Further details available to Secunia VIM customers

Provided and/or discovered by:
1) The vendor credits Chris Ries, Carnegie Mellon University Computing Services.
3) The vendor credits IT Department of the West Seneca Central School District
5) The vendor credits Michel Colman.
6) The vendor credits Yuxuan Wang, Sogou.
8) The vendor credits Robert Swiecki, Google Security Team.
11) The vendor credits Nevin Liber, Thomas Pelaia of Oak Ridge National Lab, Thomas Tempelmann, and Ram Kolli.
12) Dan Kaminsky, IOActive
14) The vendor credits Christopher A. Grande, Middlesex Community College
15) The vendor credits an anonymous person via iDefense VCP.
19) The vendor credits Hernan Ochoa of Core Security Technologies, Tore Halset of pvv.org, and Matt Johnston of the University Computer Club.
20) The vendor credits Edwin McKenzie.
22) The vendor credits Leon von Tippelskirch and Matthias Wieczorek of the Chair for Applied Software Engineering, TU Munich

Original Advisory:
Apple:
http://support.apple.com/kb/HT3137

Deep Links:
Links available to Secunia VIM customers

Do you have additional information related to this advisory?

Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this information to vuln@secunia.com

Subject: Apple Mac OS X Security Update Fixes Multiple Vulnerabilities

No posts yet

-

You must be logged in to post a comment.



 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Factsheets
Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability