ALERT: Mac OSX Security 2005-007 Issued

Computer Generated Baby

Learning Storage Performance
Joined
Dec 16, 2003
Messages
221
Location
Virtualworld
Apple Security Update 2005-007


:errr: Some of thesel are CRITICAL :errr:



  • Apache 2

    CVE-ID: CAN-2005-1344

    Available for: Mac OS X Server v10.3.9

    Impact: The htdigest program contains a buffer overflow, which, if used improperly in a CGI application, could allow a remote system compromise.

    Description: The htdigest program contains a buffer overflow, and could be used in a CGI application to manage user access controls to a web server. This update fixes the buffer overflow in htdigest. Apple does not provide any CGI applications that use the htdigest program. Apache 2 ships only with Mac OS X Server, and is off by default. This issue was fixed for Apache 1.3 in Security Update 2005-005. Credit to JxT of SNOsoft for reporting this issue.
  • Apache 2

    CVE-ID: CAN-2004-0942, CAN-2004-0885

    Available for: Mac OS X Server v10.3.9

    Impact: Multiple security issues in Apache 2.

    Description: The Apache Group fixed two vulnerabilities between versions 2.0.52 and 2.0.53 (the Apache Group security page for Apache 2 is located at http://httpd.apache.org/security/vulnerabilities_20.html). Apache 2 is updated to version 2.0.53 (the previous version was 2.0.52). Apache 2 ships only with Mac OS X Server, and is off by default.
  • Apache 2

    CVE-ID: CAN-2004-1083, CAN-2004-1084

    Available for: Mac OS X Server v10.3.9, Mac OS X Server v10.4.2

    Impact: Apache 2 example configurations do not fully block access to resource forks, ".ht" files, or ".DS_Store" files.

    Description: Apache 2 ships only with Mac OS X Server, and is off by default. It is important that administrators who enable this server manually are aware of the files that should be blocked to avoid security exposures. A default Apache 2 configuration blocks access to files starting with ".ht" in a case-sensitive way. The Apple HFS+ filesystem isn't case-sensitive when performing file access, and maps resource forks of files to path names. The Finder may also create .DS_Store files containing the names of files in locations used to serve webpages. This update modifies the sample Apache 2 configuration to show how to restrict access to these files and resource forks. This issue was fixed for Apache 1.3 in Security Update 2004-12-02. Additional information is available here.
  • AppKit

    CVE-ID: CAN-2005-2501

    Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.2, Mac OS X Server v10.4.2

    Impact: Opening a malicious, rich text file could lead to arbitrary code execution.

    Description: A buffer overflow in the handling of maliciously crafted rich text files could lead to arbitrary code execution. This update prevents the buffer overflow from occuring.
  • AppKit

    CVE-ID: CAN-2005-2502

    Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.2, Mac OS X Server v10.4.2

    Impact: Opening a maliciously crafted Microsoft Word .doc file could result in arbitrary code execution.

    Description: A buffer overflow in AppKit that is responsible for reading Word documents could allow arbitrary code execution. Only applications such as TextEdit that use AppKit to open Word documents are vulnerable. Microsoft Word for Mac OS X is not vulnerable. This update prevents the buffer overflow.
  • AppKit

    CVE-ID: CAN-2005-2503

    Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.2, Mac OS X Server v10.4.2

    Impact: A malicious user with physical access to a system could create additional local accounts.

    Description: A malicious user who has full physical access to a system could create additional accounts by forcing an error condition. This update prevents the error conditions from occurring at the login window.
  • Bluetooth

    CVE-ID: CAN-2005-2504

    Available for: Mac OS X v10.4.2, Mac OS X Server v10.4.2

    Impact: The System Profiler information about whether or not a Bluetooth device requires authentication is misleading.

    Description: Selecting "Require pairing for security" in Bluetooth preferences correctly sets the device to require authentication, but in System Profiler the device is labeled with "Requires Authentication: No." This update changes System Profiler to accurately reflect the Bluetooth security settings. This issue does not affect systems prior to Mac OS X 10.4. Credit to John M. Glenn of San Francisco for reporting this issue.
  • CoreFoundation

    CVE-ID: CAN-2005-2505

    Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9

    Impact: Buffer overflow via a command line argument for applications using the CoreFoundation framework.

    Description: The incorrect handling of a command line argument within the CoreFoundation framework can result in a buffer overflow that may be used to execute arbitrary code. This issue has been addressed by improved handling of command line arguments. This issue does not affect Mac OS X 10.4. Credit to David Remahl of www.remahl.se/david for reporting this issue.
  • CoreFoundation

    CVE-ID: CAN-2005-2506

    Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.2, Mac OS X Server v10.4.2

    Impact: Passing a malformed date to the CoreFoundation framework can cause applications to stall.

    Description: The parsing of Gregorian dates in the CoreFoundation framework is vulnerable to an algorithmic complexity attack that could result in a denial of service. This update modifies the algorithm to parse all valid dates within a fixed processing time. Credit to David Remahl of www.remahl.se/david for reporting this issue.
  • CUPS

    CVE-ID: CAN-2005-2525, CAN-2005-2526

    Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.2, Mac OS X Server v10.4.2

    Impact: The CUPS printing service will not print unless it is restarted.

    Description: When handling multiple, simultaneous, print jobs, the CUPS printing service can stop printing because it incorrectly tracks open file descriptors. In addition, if CUPS receives a partial IPP request and a client terminates the connection, the printing service will then consume all available CPUs. If the service is restarted, then printing will resume. This update corrects the handling of multiple, simultaneous print jobs and partial requests.
  • Directory Services

    CVE-ID: CAN-2005-2507

    Available for: Mac OS X Server v10.3.9, Mac OS X Server v10.4.2

    Impact: A buffer overflow in Directory Services could lead to remote execution of arbitrary code.

    Description: A buffer overflow in the handling of authentication can lead to arbitrary code execution by a remote attacker. This update prevents the buffer overflow from occurring.
  • Directory Services

    CVE-ID: CAN-2005-2508

    Available for: Mac OS X v10.4.2, Mac OS X Server v10.4.2

    Impact: The privileged tool dsidentity has several security flaws that can result in non-administrative users adding or removing identity user accounts in Directory Services.

    Description: This update addresses this issue by removing dsidentity and its documentation. This issue does not affect systems prior to Mac OS X 10.4. Credit to kf_lists[at]digitalmunition[dot]com and Neil Archibald of Suresec LTD for reporting this issue.
  • Directory Services

    CVE-ID: CAN-2005-2519

    Available for: Mac OS X Server v10.3.9

    Impact: Insecure temporary file creation could lead to a local privilege escalation.

    Description: slpd insecurely creates a root-owned file in the world-writable /tmp directory. This update moves the creation of the file to a directory that is not world-writable. This issue does not affect Mac OS X v10.4.
  • HItoolbox

    CVE-ID: CAN-2005-2513

    Available for: Mac OS X v10.4.2, Mac OS X Server v10.4.2

    Impact: VoiceOver may read content from secure input fields.

    Description: Under certain circumstances, secure input fields may be read by VoiceOver services. This update stops VoiceOver from exposing the content of these fields. This issue does not affect systems prior to Mac OS X v10.4.
  • Kerberos

    CVE-ID: CAN-2004-1189

    Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9

    Impact: An authenticated user could execute arbitrary code on the KDC host, compromising a Kerberos realm.

    Description: A heap buffer overflow in password history handling code could be exploited to execute arbitrary code on a Key Distribution Center (KDC). This issue does not affect Mac OS X 10.4. Credit to the MIT Kerberos team for reporting this isue. Their advisory for this vulnerability is located at http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2004-004-pwhist.txt
  • Kerberos

    CVE-ID: CAN-2005-1174, CAN-2005-1175, CAN-2005-1689, CERT VU#885830 VU#259798 VU#623332

    Available for: Mac OS X v10.4.2, Mac OS X Server v10.4.2

    Impact: Multiple buffer overflow vulnerabilities could result in denial of service or remote compromise of a KDC.

    Description: This update upgrades Kerberos for Macintosh to version 5.5.1, which contains fixes for this issue. The Kerberos security advisories for these issues are located at http://web.mit.edu/kerberos/www/advisories/
  • Kerberos

    CVE-ID: CAN-2005-2511

    Available for: Mac OS X v10.4.2, Mac OS X Server v10.4.2

    Impact: Kerberos-enabled logins when using LDAP can result in root compromise.

    Description: When Kerberos authentication is enabled in addition to LDAP, it was possible to gain access to a root Terminal window. Kerberos authentication has been updated to prevent this situation. This issue does not affect systems prior to Mac OS X v10.4. Credit to Jim Foraker of Carnegie Mellon University and colleagues at MacEnterprise.Org for reporting this issue.
  • loginwindow

    CVE-ID: CAN-2005-2509

    Available for: Mac OS X v10.4.2, Mac OS X Server v10.4.2

    Impact: A user can gain access to other logged-in accounts if Fast User Switching is enabled.

    Description: An error in the handling of Fast User Switching can allow a local user who knows the password for two accounts to log into a third account without knowing the password. This update corrects the authentication error. This issue does not affect systems prior to Mac OS X 10.4. Credit to Sam McCandlish for reporting this issue.
  • Mail

    CVE-ID: CAN-2005-2512

    Available for: Mac OS X v10.4.2, Mac OS X Server v10.4.2

    Impact: Loss of privacy due to Mail loading remote images in HTML emails.

    Description: When Mail.app is used to print or forward an HTML message, it will attempt to load remote images even if a user's preferences disallow it. As this network traffic is not expected, it may be considered a privacy leak. This update addresses the issue by having Mail.app only load remote images in HTML messages when the preferences allow it. This issue does not affect systems prior to Mac OS X v10.4. Credit to Brad Miller of CynicalPeak and John Pell of Foreseeable Solutions for reporting this issue.
  • MySQL

    CVE-ID: CAN-2005-0709, CAN-2005-0710, CAN-2005-0711

    Available for: Mac OS X Server v10.3.9

    Impact: Multiple vulnerabilities in MySQL, including arbitrary code execution by remote authenticated users.

    Description: MySQL is updated to version 4.0.24 to address several issues. This does not affect systems running Mac OS X v10.4 as Tiger shipped with MySQL version 4.1.10a, which is patched against this issue. The MySQL announcement for version 4.0.24 is located at http://dev.mysql.com/doc/mysql/en/news-4-0-24.html
  • OpenSSL

    CVE-ID: CAN-2004-0079, CAN-2004-0112

    Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.2, Mac OS X Server v10.4.2

    Impact: Multiple denial of service vulnerabilities in OpenSSL.

    Description: OpenSSL is updated to version 0.9.7g to address several issues. The OpenSSL advisory for these issues is located at http://www.openssl.org/news/secadv_20040317.txt
  • ping

    CVE-ID: CAN-2005-2514

    Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9

    Impact: A buffer overflow could result in local privilege escalation and arbitrary code execution.

    Description: The ping utility is vulnerable to a buffer overflow. This update prevents the buffer overflow from occurring. This issue does not affect systems running Mac OS X v10.4. Credit to Neil Archibald of Suresec LTD for reporting this issue.
  • QuartzComposerScreenSaver

    CVE-ID: CAN-2005-2515

    Available for: Mac OS X v10.4.2, Mac OS X Server v10.4.2

    Impact: Users could open webpages while the RSS Visualizer screen saver is locked.

    Description: It is possible to open displayed links from the RSS Visualizer in the background when the screen saver is configured to require a password. This update prevents the RSS Visualizer screen saver from opening a URL if a password is required to exit the screen saver. Credit to Jay Craft of GrooVault Entertainment, LLC for reporting this issue.
  • Safari

    CVE-ID: CAN-2005-2516

    Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.2, Mac OS X Server v10.4.2

    Impact: Clicking on a link in a maliciously-crafted rich text file in Safari could lead to arbitrary command execution.

    Description: Safari renders rich text content using code that allows URLs to be called directly, which bypasses the normal browser security checks. This update addresses the issue by handling all links in rich text through Safari.
  • Safari

    CVE-ID: CAN-2005-2517

    Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.2, Mac OS X Server v10.4.2

    Impact: Information can be inadvertently submitted to the wrong site.

    Description: When submitting forms in Safari on an XSL formatted page, data is sent to the next page browsed. This update addresses the issue by ensuring that form contents are submitted correctly. Credit to Bill Kuker for reporting this issue.
  • SecurityInterface

    CVE-ID: CAN-2005-2520

    Available for: Mac OS X v10.4.2, Mac OS X Server v10.4.2

    Impact: Recently-used passwords are visible via the password assistant.

    Description: The password assistant provides an easy mechanism for selecting a good password. If an administrator uses the password assistant while adding multiple accounts, they will be able to view previously suggested passwords. This only occurs when password assistant is used more than once from the same process. This update addresses the issue by resetting the suggested password list each time the password assistant is displayed. This issue does not affect systems prior to Mac OS X v10.4. Credit to Andrew Langmead of Boston.com for reporting this issue.
  • servermgrd

    CVE-ID: CAN-2005-2518

    Available for: Mac OS X Server v10.3.9, Mac OS X Server v10.4.2

    Impact: A buffer overflow in servermgrd could lead to remote execution of arbitrary code.

    Description: A buffer overflow in the handling of authentication can lead to arbitrary code execution by a remote attacker. This update prevents the buffer overflow from occurring.
  • servermgr_ipfilter

    CVE-ID: CAN-2005-2510

    Available for: Mac OS X Server v10.4.2

    Impact: Certain firewall policies created with the Server Admin tool are not always written to the Active Rules.

    Description: When using multiple subnets and Address Groups, the firewall rules are not always written to the Active Rules, depending on the order in which the IP subnets were entered into the Address Group. This update addresses the issue by generating correct rules irrespective of any ordering within the Address Group. This issue does not affect systems prior to Mac OS X 10.4. Credit to Matt Richard of Franklin & Marshall College and Chris Pepper of The Rockefeller University for reporting this issue.
  • SquirrelMail

    CVE-ID: CAN-2005-1769, CAN-2005-2095

    Available for: Mac OS X Server v10.3.9, Mac OS X Server v10.4.2

    Impact: Multiple vulnerabilities in SquirrelMail, including cross-site scripting and SquirrelMail user preference modification.

    Description: There are multiple vulnerabilities in SquirreMail prior to version 1.4.5. These fixes address cross-site scripting and an exposure that may allow attackers to modify user preferences. This update upgrades SquirrelMail to version 1.4.5. For more information, see http://www.squirrelmail.org.
  • traceroute

    CVE-ID: CAN-2005-2521

    Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9

    Impact: A buffer overflow could result in local privilege escalation and arbitrary code execution.

    Description: The traceroute utility is vulnerable to a buffer overflow. This update prevents the buffer overflow from occurring. This issue does not affect systems running Mac OS X v10.4. Credit to Neil Archibald of Suresec LTD for reporting this issue.
  • WebKit

    CVE-ID: CAN-2005-2522

    Available for: Mac OS X v10.4.2, Mac OS X Server v10.4.2

    Impact: Clicking on a link in a maliciously-crafted PDF file in Safari could lead to arbitrary command execution.

    Description: Safari renders PDF content using code that allows URLs to be called directly, which bypasses the normal browser security checks. This Safari issue does not affect systems prior to Mac OS X v10.4. This update addresses the issue by handling all links in PDF through Safari.
  • Weblog Server

    CVE-ID: CAN-2005-2523

    Available for: Mac OS X Server v10.4.2

    Impact: Multiple cross-site scripting issues in Weblog Server.

    Description: Several cross-site scripting problems were discovered in the Weblog Server. This update improves the sanitizing of user input before redisplaying it. This issue does not affect systems prior to Mac OS X v10.4. Credit to Donnie Werner (wood@exploitlabs.com) of Exploitlabs.com and Atsushi MATSUO for reporting this issue.
  • X11

    CVE-ID: CAN-2005-0605

    Available for: Mac OS X v10.4.2, Mac OS X Server v10.4.2

    Impact: A buffer overflow could result in arbitrary code execution.

    Description: An error in LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow. This issue does not affect systems prior to Mac OS X v10.4.
  • zlib

    CVE-ID: CAN-2005-2096, CAN-2005-1849

    Available for: Mac OS X v10.4.2, Mac OS X Server v10.4.2

    Impact: Applications linked against zlib are susceptible to denial of service attacks and potential execution of arbitrary code.

    Description: By carefully crafting a corrupt compressed data stream, an attacker can overwrite data structures in a zlib-using application, resulting in denial of service or possible arbitrary code execution. This update address the issue by updating zlib to version 1.2.3.



http://docs.info.apple.com/article.html?artnum=302163



 
Top