Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
Database
Search
Advisories by Product
Advisories by Vendor
Terminology
Report Vulnerability
Insecure Library Loading
Highly critical

Apple Mac OS X Security Update Fixes Multiple Vulnerabilities

-

Release Date:  2009-02-13    Last Update:  2009-02-19    Views:  16,629

Secunia Advisory SA33937

Where:

From remote

Impact:

Unknown, Security Bypass, Exposure of sensitive information, Privilege escalation, DoS, System access

Solution Status:

Vendor Patch

Operating System:

CVE Reference(s):

Description


Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities.

1) A race condition error in the AFP Server can be exploited to trigger the execution of an infinite loop by sending a specially crafted file enumeration request.

2) An error in the handling of movie files using the Pixlet codec can be exploited to trigger a memory corruption.

3) An error in the Resource Manager related to CarbonCore can be exploited to trigger a memory corruption via a file containing a specially crafted resource fork.

Successful exploitation of vulnerabilities #2 and #3 may allow execution of arbitrary code.

4) Certificate Assistant handles temporary files in an insecure manner. This can be exploited to overwrite arbitrary files with the privileges of the user running the application.

5) Two errors in ClamAV can be exploited to cause a crash or potentially execute arbitrary code.

For more information:
SA32663
SA32926

6) An error in CoreText when processing specially crafted Unicode strings can be exploited to cause a heap-based buffer overflow via e.g. a specially crafted web page.

Successful exploitation of this vulnerability may allow execution of arbitrary code.

7) The dscl program accepts passwords passed via command line arguments. This can be exploited by local users to obtain the received passwords via the process list.

8) Multiple errors in fetchmail can be exploited by malicious people to cause a crash via overly large e-mail headers.

For more information:
SA30742

9) Folder Manager creates the "Downloads" folder with global read permissions after a user deletes it. This can be exploited by unprivileged local users to gain access to the "Downloads" folder.

10) An error in the fseventsd program can be exploited to disclose normally restricted filesystem activity via the FSEvents framework.

11) An error in perl when processing Unicode characters can be exploited to trigger a memory corruption and potentially execute arbitrary code.

This is related to:
SA27546

12) An error handling problem in csregprinter can be exploited to cause a heap-based buffer overflow and potentially gain system privileges.

13) Multiple errors in python have an unknown impact or can be exploited to cause a crash or potentially compromise a vulnerable system.

For more information:
SA26837
SA31305

14) An uninitialized memory access error in the Remote Apple events server can be exploited to disclose potentially sensitive memory contents via specially crafted Remote Apple events.

15) An error in Server Manager while validating authentication credentials can be exploited to alter the system configuration.

16) An integer overflow in the SMB implementation can be exploited to cause a heap-based buffer overflow by tricking a user into connecting to a malicious SMB server.

Successful exploitation of this vulnerability may allow execution of arbitrary code.

17) An error in the SMB implementation can be exploited to exhaust available memory resources and cause a system shutdown by tricking a user into connecting to a malicious SMB server.

18) An error in SquirrelMail can be exploited to inject and execute arbitrary HTML and script code via a specially crafted email.

For more information:
SA32143

19) Multiple errors in the X11 server can be exploited by malicious, local users to cause a DoS, disclose potentially sensitive information, or gain escalated privileges.

For more information:
SA30627

20) Multiple errors in FreeType can be exploited to cause a DoS or compromise an application using the library.

For more information:
SA20100
SA24768
SA30600

21) Multiple errors in LibX11 can be exploited by malicious, local users to disclose sensitive information, cause a DoS, and gain escalated privileges.

For more information:
SA24741

22) Xterm creates TTY devices accessible to all users, when used with "luit". This can be exploited to e.g. write data to another user's Xterm.


Solution:
Apply Apple Security Update 2009-001.

Further details available to Secunia VIM customers

Provided and/or discovered by:
The vendor credits:
6) Rosyna of Unsanity
9) Graham Perrin of CENTRIM, University of Brighton
10) Mark Dalrymple
12) Lars Haulin

Original Advisory:
http://support.apple.com/kb/HT3438

Deep Links:
Links available to Secunia VIM customers

Do you have additional information related to this advisory?

Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this information to vuln@secunia.com

Subject: Apple Mac OS X Security Update Fixes Multiple Vulnerabilities

No posts yet

-

You must be logged in to post a comment.



 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Factsheets
Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability