AlphaOne Technology Support Forums
Welcome, Guest. Please login or register.
December 02, 2008, 06:10:17 AM

Login with username, password and session length
Search:     Advanced search
1733 Posts in 827 Topics by 4755 Members
Latest Member: typetroyk
* Home Help Search Login Register
AlphaOne Technology Support Forums  |  IMPORTANT ANNOUNCEMENTS  |  Security Announcements  |  Topic: Apple Security Update Fixes Multiple Mac OS X Vulnerabilities 0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: Apple Security Update Fixes Multiple Mac OS X Vulnerabilities  (Read 731 times)
TJ
Tech Team
Hero Member
********
Offline Offline

Posts: 136



View Profile
Apple Security Update Fixes Multiple Mac OS X Vulnerabilities
« on: August 17, 2005, 04:42:36 PM »
* Technical Description *

Apple has released security patches to correct multiple vulnerabilities affecting Mac OS X. These flaws could be exploited by remote or local attackers to execute arbitrary commands, cause a denial of service, obtain elevated privileges, or disclose sensitive information.

- A buffer overflow error in the apache htdigest program could be exploited by a remote attacker to execute arbitrary commands.

- Apache restricts access to files in a case sensitive manner, but the HFS+ filesystem accesses files in a case insensitive manner, which could be exploited by remote attackers to read ".ht*" and ".DS_Store" files.

- An error in apache makes it possible to bypass the normal file handlers, which could be exploited by attackers to retrieve file data and resource fork content via HTTP requests.

- A buffer overflow error in AppKit when processing specially crafted rich text files could be exploited by attackers to execute arbitrary commands.

- A buffer overflow error in AppKit when processing specially crafted Word (.doc) files could be exploited to execute arbitrary commands.

- An unspecified error in AppKit could be exploited by malicious users (with physical access) to create additional accounts.

- An error when selecting the "Require pairing for security" option in Bluetooth preferences could cause the System Profiler to be labeled with "Requires Authentication: No.".

- A buffer overflow error in the CoreFoundation framework when handling specially crafted command line arguments could be exploited to execute arbitrary commands.

- An error in CUPS when handling multiple simultaneous print jobs or when receiving a partial IPP request and a client terminates could be exploited by attackers to cause a denial of service.

- A buffer overflow error in Directory Services when handling authentication could be exploited by remote attackers to execute arbitrary commands.

- Multiple errors in the privileged tool "dsidentity" could be exploited by malicious users to add or remove identity user accounts in Directory Services.

- An error in "slpd" could lead to an insecure temporary file creation in the world-writable "/tmp" directory, which could be exploited by local attackers to obtain elevated privileges.

- An error in HItoolbox could cause, under certain circumstances, secure input fields to be disclosed to VoiceOver services.

- A heap overflow error in Kerberos when handling password history could be exploited by local attackers to execute arbitrary code on a Key Distribution Center (KDC).

- Multiple buffer overflow vulnerabilities in Kerberos could b exploited by remote attackers to compromise a KDC or cause a denial of service. For additional information, see : FrSIRT/ADV-2005-1066

- An error in Kerberos authentication when enabled in addition to LDAP could be exploited by attackers to gain "root" privileges.

- An error in the handling of Fast User Switching can allow a local user who knows the password for two accounts to log into a third account without knowing the password.

- An error in Mail.app when used to print or forward HTML messages, could cause the application to load remote images even if a user's preferences disallow it, which may be considered as a privacy leak.

- Multiple errors in MySQL could be exploited by remote authenticated users to execute arbitrary commands.

- Multiple errors in OpenSSL could be exploited by remote attackers to cause a denial of service.

- A buffer overflow error in the "ping" utility could be exploited by local users to obtain elevated privileges.

- An error in QuartzComposerScreenSaver could be exploited by local users to open webpages while the RSS Visualizer screen saver is locked.

- An error in Safari when clicking on a link in a specially crafted rich text file could be exploited by attackers to execute arbitrary commands.

- An error in Safari when handling submitted forms in an XSL formatted page could cause sensitive information to be inadvertently submitted to the wrong site.

- An error in the password assistant when adding multiple accounts could cause the previously suggested passwords to be disclosed.

- A buffer overflow error in the authentication procedure of "servermgrd" could be exploited by remote attackers to execute arbitrary commands.

- An error in the Server Admin tool could cause certain firewall policies to not be written to the Active Rules.

- Multiple input validation errors in SquirrelMail could be exploited by attackers to cause arbitrary scripting code to be executed by the user's browser. For additional information, see : FrSIRT/ADV-2005-0800

- A buffer overflow error in the "traceroute" utility could be exploited by local users to obtain elevated privileges.

- An error in Safari when clicking on a link in a specially crafted PDF file could be exploited by attackers to execute arbitrary commands.

- Multiple input validation errors in Weblog Server could be exploited to conduct cross site scripting attacks.

- An integer overflow error in libXPM when handling a specially crafted "bitmap_unit" value could be exploited by attackers to execute arbitrary commands or cause a denial of service. For additional information, see : FrSIRT/ADV-2005-0471

- A buffer overflow error in Zlib when processing malformed data streams could be exploited by attackers to execute arbitrary code. For additional information, see : FrSIRT/ADV-2005-0978

 * Affected Products *

Apple Mac OS X Server 10.4.2
Apple Mac OS X Server 10.3.9
Apple Mac OS X 10.4.2
Apple Mac OS X 10.3.9

 * Solution *

Apple Mac OS X 10.3.9 :
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=07801&platform=osx&method=sa/SecUpd2005-007Pan.dmg

Apple Mac OS X 10.4.2 :
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=07794&platform=osx&method=sa/SecUpd2005-007Ti.dmg

Apple Mac OS X Server 10.3.9 :
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=07796&platform=osx&method=sa/SecUpdSrvr2005-007Pan.dmg

Apple Mac OS X Server 10.4.2 :
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=07795&platform=osx&method=sa/SecUpdSrvr2005-007Ti.dmg

 * References *

http://www.frsirt.com/english/advisories/2005/1419
http://docs.info.apple.com/article.html?artnum=302163
Logged
Pages: [1] Go Up Print 
AlphaOne Technology Support Forums  |  IMPORTANT ANNOUNCEMENTS  |  Security Announcements  |  Topic: Apple Security Update Fixes Multiple Mac OS X Vulnerabilities « previous next »
Jump to:  

Powered by MySQL Powered by PHP AlphaOne Technology Support Forums | Powered by SMF 1.0.7.
© 2001-2005, Lewis Media. All Rights Reserved. 		Valid XHTML 1.0! Valid CSS!