Security update 2008-2

Discussion in 'Apple' started by Michelle Steiner, Mar 19, 2008.

  1. This document describes Security Update 2008-002, which can be
    downloaded and installed via Software Update preferences, or from Apple
    Downloads.
    For the protection of our customers, Apple does not disclose, discuss,
    or confirm security issues until a full investigation has occurred and
    any necessary patches or releases are available. To learn more about
    Apple Product Security, see the Apple Product Security website.
    For information about the Apple Product Security PGP Key, see "How to
    use the Apple Product Security PGP Key."
    Where possible, CVE IDs are used to reference the vulnerabilities for
    further information.
    To learn about other Security Updates, see "Apple Security Updates."
    Security Update 2008-002
    ? AFP Client
    CVE-ID: CVE-2008-0044
    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X
    v10.5.2, Mac OS X Server v10.5.2
    Impact: Accessing a maliciously crafted afp:// URL may lead to an
    application termination or arbitrary code execution
    Description: Multiple stack buffer overflow issues exist in AFP Client's
    handling of afp:// URLs. By enticing a user to connect to a malicious
    AFP Server, an attacker may cause an unexpected application termination
    or arbitrary code execution. This update addresses the issues through
    improved bounds checking.
    ? AFP Server
    CVE-ID: CVE-2008-0045
    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11
    Impact: Cross-realm authentication with AFP Server may be bypassed
    Description: An implementation issue exists in AFP Server's check of
    Kerberos principal realm names. This may allow unauthorized connections
    to the server, when cross-realm authentication with AFP Server is used.
    This update addresses the issue by through improved checks of Kerberos
    principal realm names. This issue does not affect systems running Mac OS
    X v10.5 or later. Credit to Ragnar Sundblad of KTH - Royal Institute of
    Technology, Stockholm, Sweden for reporting this issue.
    ? Apache
    CVE-ID: CVE-2005-3352, CVE-2006-3747, CVE-2007-3847, CVE-2007-5000,
    CVE-2007-6388
    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X
    Server v10.5.2
    Impact: Multiple vulnerabilities in Apache 1.3.33 and 1.3.39
    Description: Apache is updated to version 1.3.41 to address several
    vulnerabilities, the most serious of which may lead to arbitrary code
    execution. Further information is available via the Apache web site at
    http://httpd.apache.org For Mac OS X v10.5, Apache version 1.3.x is only
    shipped on Server configurations. mod_ssl is also updated from version
    2.8.24 to 2.8.31 to match the upgraded Apache; no security fixes are
    included in the update.
    ? Apache
    CVE-ID: CVE-2007-5000, CVE-2007-6203, CVE-2007-6388, CVE-2007-6421,
    CVE-2008-0005
    Available for: Mac OS X v10.5.2, Mac OS X Server v10.5.2
    Impact: Multiple vulnerabilities in Apache 2.2.6
    Description: Apache is updated to version 2.2.8 to address several
    vulnerabilities, the most serious of which may lead to cross-site
    scripting. Further information is available via the Apache web site at
    http://httpd.apache.org
    ? AppKit
    CVE-ID: CVE-2008-0048
    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11
    Impact: Usage of the NSDocument API to may lead to arbitrary code
    execution
    Description: A stack buffer overflow exists in the NSDocument API's
    handling of file names. On most file systems, this issue is not
    exploitable. This update addresses the issue through improved bounds
    checking. This issue does not affect systems running Mac OS X v10.5 or
    later.
    ? AppKit
    CVE-ID: CVE-2008-0049
    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11
    Impact: A local user may be able to execute arbitrary code with system
    privileges
    Description: A mach port in NSApplication intended for inter-thread
    synchronization is unintentionally available for inter-process
    communication. By sending maliciously crafted messages to privileged
    applications in the same bootstrap namespace, a local user may cause
    arbitrary code execution with the privileges of the target application.
    This update addresses the issue by removing the mach port in question
    and using another method to synchronize. This issue does not affect
    systems running Mac OS X v10.5 or later.
    ? AppKit
    CVE-ID: CVE-2008-0057
    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11
    Impact: Visiting a maliciously crafted website may lead to arbitrary
    code execution
    Description: Multiple integer overflow vulnerabilities exist in the
    parser for a legacy serialization format. By causing a maliciously
    formatted serialized property list to be parsed, an attacker could
    trigger a heap-based buffer overflow which may lead to arbitrary code
    execution. This update addresses the issue by performing additional
    validation of serialized input. This issue does not affect systems
    running Mac OS X v10.5 or later.
    ? AppKit
    CVE-ID: CVE-2008-0997
    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11
    Impact: Querying a network printer may cause an unexpected application
    termination or arbitrary code execution
    Description: A stack based buffer overflow exists in AppKit's handling
    of PPD files. By enticing a user to query a network printer, an attacker
    may cause an unexpected application termination or arbitrary code
    execution. This update addresses the issue through improved handling of
    PPD files. This issue does not affect systems running Mac OS X v10.5 or
    later.
    ? Application Firewall
    CVE-ID: CVE-2008-0046
    Available for: Mac OS X v10.5.2, Mac OS X Server v10.5.2
    Impact: The German translation of the Application Firewall preference
    pane was misleading
    Description: The "Set access for specific services and applications"
    radio button of the Application Firewall preference pane was translated
    into German as "Zugriff auf bestimmte Dienste und Programme festlegen",
    which is "Set access to specific services and applications". This might
    lead a user to believe that the listed services were the only ones that
    would be permitted to accept incoming connections. This update addresses
    the issue by changing the German text to semantically match the English
    text. This issue does not affect systems prior to Mac OS X v10.5.
    ? CFNetwork
    CVE-ID: CVE-2008-0050
    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11
    Impact: A malicious proxy server may spoof secure websites
    Description: A malicious HTTPS proxy server may return arbitrary data to
    CFNetwork in a 502 Bad Gateway error. A malicious proxy server could use
    this to spoof secure websites. This update addresses the issue by
    returning an error on any proxy error, instead of returning the
    proxy-supplied data. This issue is already addressed in systems running
    Mac OS X v10.5.2.
    ? ClamAV
    CVE-ID: CVE-2007-3725, CVE-2007-4510, CVE-2007-4560, CVE-2007-5759,
    CVE-2007-6335, CVE-2007-6336, CVE-2007-6337, CVE-2008-0318, CVE-2008-0728
    Available for: Mac OS X Server v10.5.2
    Impact: Multiple vulnerabilities in ClamAV 0.90.3
    Description: Multiple vulnerabilities exist in ClamAV 0.90.3 provided
    with Mac OS X Server v10.5 systems, the most serious of which may lead
    to arbitrary code execution. This update addresses the issue by updating
    to ClamAV 0.92.1. Further information is available via the ClamAV
    website at www.clamav.net
    ? ClamAV
    CVE-ID: CVE-2006-6481, CVE-2007-1745, CVE-2007-1997, CVE-2007-3725,
    CVE-2007-4510, CVE-2007-4560, CVE-2007-0897, CVE-2007-0898,
    CVE-2008-0318, CVE-2008-0728
    Available for: Mac OS X Server v10.4.11
    Impact: Multiple vulnerabilities in ClamAV 0.88.5
    Description: Multiple vulnerabilities exist in ClamAV 0.88.5 provided
    with Mac OS X Server v10.4.11, the most serious of which may lead to
    arbitrary code execution. This update addresses the issue by updating to
    ClamAV 0.92.1. Further information is available via the ClamAV website
    at www.clamav.net
    ? CoreFoundation
    CVE-ID: CVE-2008-0051
    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11
    Impact: A local user may be able to execute arbitrary code with system
    privileges
    Description: An integer overflow exists in CoreFoundation's handling of
    time zone data. This may allow a local user to cause arbitrary code
    execution with system privileges. This update addresses the issue
    through improved bounds checking on time zone data files. This issue
    does not affect systems running Mac OS X v10.5 or later.
    ? CoreServices
    CVE-ID: CVE-2008-0052
    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11
    Impact: Visiting a website could cause files to be opened in AppleWorks
    Description: Files with names ending in ".ief" can be automatically
    opened in AppleWorks if Safari's "Open 'Safe' files" preference is
    enabled. This is not the intended behavior and could lead to security
    policy violations. This update addresses the issue by removing ".ief"
    from the list of safe file types. This issue only affects systems prior
    to Mac OS X v10.5 with AppleWorks installed.
    ? CUPS
    CVE-ID: CVE-2008-0596
    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11
    Impact: A remote attacker may be able to cause an unexpected application
    termination if printer sharing is enabled
    Description: A memory leak exists in CUPS. By sending a large number of
    requests to add and remove shared printers, an attacker may be able to
    cause a denial of service. This issue can not result in arbitrary code
    execution. This update addresses the issue through improved memory
    management. This issue does not affect systems prior to Mac OS X v10.5.
    ? CUPS
    CVE-ID: CVE-2008-0047
    Available for: Mac OS X v10.5.2, Mac OS X Server v10.5.2
    Impact: A remote attacker may be able to cause an unexpected application
    termination or arbitrary code execution if printer sharing is enabled
    Description: A heap buffer overflow exists in the CUPS interface's
    processing of search expressions. If printer sharing is enabled, a
    remote attacker may be able to cause an unexpected application
    termination or arbitrary code execution with system privileges. If
    printer sharing is not enabled, a local user may be able to gain system
    privileges. This update addresses the issue by performing additional
    bounds checking. This issue does not affect systems prior to Mac OS X
    v10.5. Credit to regenrecht working with the VeriSign iDefense VCP for
    reporting this issue.
    ? CUPS
    CVE-ID: CVE-2008-0053, CVE-2008-0882
    Available for: Mac OS X v10.5.2, Mac OS X Server v10.5.2
    Impact: Multiple vulnerabilities in CUPS may lead to an unexpected
    application termination or arbitrary code execution with system
    privileges
    Description: Multiple input validation issues exist in CUPS, the most
    serious of which may lead to arbitrary code execution with system
    privileges. This update addresses the issues by updating to CUPS 1.3.6.
    These issues do not affect systems prior to Mac OS X v10.5.
    ? curl
    CVE-ID: CVE-2005-4077
    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11
    Impact: Running curl with a maliciously crafted URL may lead to an
    unexpected application termination or arbitrary code execution
    Description: A one byte buffer overflow exists in curl 7.13.1. By
    enticing a user to run curl with a maliciously crafted URL, an attacker
    may cause an unexpected application termination or arbitrary code
    execution. This update addresses the issue by updating curl to version
    7.16.3. Crash Reporter was updated to match the curl changes. This issue
    does not affect systems running Mac OS X v10.5 or later.
    ? Emacs
    CVE-ID: CVE-2007-6109
    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X
    v10.5.2, Mac OS X Server v10.5.2
    Impact: Format string vulnerability in Emacs Lisp may lead to an
    unexpected application termination or possibly arbitrary code execution
    Description: A stack buffer overflow exists in Emacs' format function.
    By exploiting vulnerable Emacs Lisp which allows an attacker to provide
    a format string containing a large precision value, an attacker may
    cause an unexpected application termination or possibly arbitrary code
    execution. Further information on the patch applied is available via the
    Savannah Emacs website at
    http://cvs.savannah.gnu.org/viewvc/emacs/emacs/src/editfns.c?r1=1.439.2.3
    &r2=1.439.2.9&view=patch
    ? Emacs
    CVE-ID: CVE-2007-5795
    Available for: Mac OS X v10.5.2, Mac OS X Server v10.5.2
    Impact: Safe mode checks in Emacs may be bypassed
    Description: A logic error in Emacs' hack-local-variable function allows
    any local variable to be set, even if `enable-local-variables' is set to
    :safe. By enticing a user to load a file containing a maliciously
    crafted local variables declaration, a local user may cause an
    unauthorized modification of Emacs Lisp variables leading to arbitrary
    code execution. This issue has been fixed through improved :safe mode
    checks. The patch applied is available via the Savannah Emacs website at
    http://cvs.savannah.gnu.org/viewvc/emacs/lisp/files.el?r1=1.937&r2=1.938&
    sortby=date&root=emacs&view=patch This issue does not affect systems
    prior to Mac OS X v10.5.
    ? file
    CVE-ID: CVE-2007-2799
    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11
    Impact: Running the file command on a maliciously crafted file may lead
    to an unexpected application termination or arbitrary code execution
    Description: An integer overflow vulnerability exists in the file
    command line tool, which may lead to an unexpected application
    termination or arbitrary code execution. This update addresses the issue
    through improved bounds checking. This issue does not affect systems
    running Mac OS X v10.5 or later. Credit to Colin Percival of the FreeBSD
    security team for reporting this issue.
    ? Foundation
    CVE-ID: CVE-2008-0054
    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11
    Impact: Usage of the NSSelectorFromString API may result in an
    unexpected method being called
    Description: An input validation issue exists in the
    NSSelectorFromString API. Passing it a malformed selector name may
    result in the return of an unexpected selector, which could lead to an
    unexpected application termination or arbitrary code execution. This
    update addresses the issue by performing additional validation on the
    selector name. This issue does not affect systems running Mac OS X v10.5
    or later.
    ? Foundation
    CVE-ID: CVE-2008-0055
    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11
    Impact: A local user can interfere in other users' file operations and
    may be able to obtain elevated privileges
    Description: When performing a recursive file copying operation,
    NSFileManager creates directories as world-writable, and only later
    restricts the permissions. This creates a race condition during which a
    local user can manipulate the directory and interfere in subsequent
    operations. This may lead to a privilege escalation to that of the
    application using t he API. This update addresses the issue by creating
    directories with restrictive permissions. This issue does not affect
    systems running Mac OS X v10.5 or later.
    ? Foundation
    CVE-ID: CVE-2008-0056
    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11
    Impact: Programs using the NSFileManager API could be manipulated to
    execute arbitrary code
    Description: A long pathname with an unexpected structure can expose a
    stack buffer overflow vulnerability in NSFileManager. Presenting a
    specially crafted path to a program using NSFileManager could lead to
    the execution of arbitrary code. This update addresses the issue by
    ensuring a properly sized destination buffer. This issue does not affect
    systems running Mac OS X v10.5 or later.
    ? Foundation
    CVE-ID: CVE-2008-0058
    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11
    Impact: Visiting a maliciously crafted website may lead to a denial of
    service or arbitrary code execution
    Description: A thread race condition exists in NSURLConnection's cache
    management, which can cause a deallocated object to receive messages.
    Triggering this issue may lead to a denial of service, or arbitrary code
    execution with the privileges of Safari or another program using
    NSURLConnection. This update addresses the issue by removing an
    unsynchronized caching operation. This issue does not affect systems
    running Mac OS X v10.5 or later. Credit to Daniel Jalkut of Red Sweater
    Software for reporting this issue.
    ? Foundation
    CVE-ID: CVE-2008-0059
    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11
    Impact: Processing an XML document may lead to an unexpected application
    termination or arbitrary code execution
    Description: A race condition exists in NSXML. By enticing a user to
    process an XML file in an application which uses NSXML, an attacker may
    cause an unexpected application termination or arbitrary code execution.
    This update addresses the issue through improvements to the error
    handling logic of NSXML. This issue does not affect systems running Mac
    OS X v10.5 or later.
    ? Help Viewer
    CVE-ID: CVE-2008-0060
    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X
    v10.5.2, Mac OS X Server v10.5.2
    Impact: Accessing a maliciously crafted help: URL may lead to arbitrary
    Applescript execution
    Description: A malicious help:topic_list URL may insert arbitrary HTML
    or JavaScript into the generated topic list page, which may redirect to
    a Help Viewer help:runscript link that runs Applescript. This update
    addresses the issue by performing HTML escaping on the URL data used in
    help topic lists before building the generated page. Credit to Brian
    Mastenbrook for reporting this issue.
    ? Image Raw
    CVE-ID: CVE-2008-0987
    Available for: Mac OS X v10.5.2, Mac OS X Server v10.5.2
    Impact: Viewing a maliciously crafted image may lead to an unexpected
    application termination or arbitrary code execution
    Description: A stack based buffer overflow exists in the handling of
    Adobe Digital Negative (DNG) image files. By enticing a user to open a
    maliciously crafted image file, an attacker may cause an unexpected
    application termination or arbitrary code execution. This update
    addresses the issue through improved validation of DNG image files. This
    issue does not affect systems prior to Mac OS X v10.5. Credit to Clint
    Ruoho of Laconic Security for reporting this issue.
    ? Kerberos
    CVE-ID: CVE-2007-5901, CVE-2007-5971, CVE-2008-0062, CVE-2008-0063
    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X
    v10.5.2, Mac OS X Server v10.5.2
    Impact: Multiple vulnerabilities in MIT Kerberos 5 may lead to an
    unexpected application termination or arbitrary code execution with
    system privileges
    Description: Multiple memory corruption issues exist in MIT Kerberos 5,
    which may lead to an unexpected application termination or arbitrary
    code execution with system privileges. Further information on the issues
    and the patches applied is available via the MIT Kerberos website at
    http://web.mit.edu/Kerberos/ CVE-2008-0062 and CVE-2008-0063 do not
    affect systems running Mac OS X v10.5 or later. CVE-2007-5901 does not
    affect systems prior to Mac OS X v10.4.
    ? libc
    CVE-ID: CVE-2008-0988
    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11
    Impact: Applications that use the strnstr API could be vulnerable to a
    denial of service
    Description: An off by one issue exists in Libsystem's strnstr(3)
    implementation. Applications that use the strnstr API can read one byte
    beyond the limit specified by the user, which may lead to an unexpected
    application termination. This update addresses the issue through
    improved bounds checking. This issue does not affect systems running Mac
    OS X v10.5 or later. Credit to Mike Ash of Rogue Amoeba Software for
    reporting this issue.
    ? mDNSResponder
    CVE-ID: CVE-2008-0989
    Available for: Mac OS X v10.5.2, Mac OS X Server v10.5.2
    Impact: A local user may be able to execute arbitrary code with system
    privileges
    Description: A format string issue exists in mDNSResponderHelper. By
    setting the local hostname to a maliciously crafted string, a local user
    could cause a denial of service or arbitrary code execution with the
    privileges of mDNSResponderHelper. This update addresses the issue by
    using a static format string. This issue does not affect systems prior
    to Mac OS X v10.5.
    ? notifyd
    CVE-ID: CVE-2008-0990
    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11
    Impact: A local user may be able to deny access to notifications
    Description: notifyd accepts Mach port death notifications without
    verifying that they come from the kernel. If a local user sends fake
    Mach port death notifications to notifyd, applications that use the
    notify(3) API to register for notifications may never receive the
    notifications. This update addresses the issue by only accepting Mach
    port death notifications from the kernel. This issue does not affect
    systems running Mac OS X v10.5 or later.
    ? OpenSSH
    CVE-ID: CVE-2007-4752
    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X
    v10.5.2, Mac OS X Server v10.5.2
    Impact: A remote attacker may be able to execute arbitrary code with
    elevated privileges
    Description: OpenSSH forwards a trusted X11 cookie when it cannot create
    an untrusted one. This may allow a remote attacker to gain elevated
    privileges. This update addresses the issue by updating OpenSSH to
    version 4.7. Further information is available via the OpenSSH website at
    http://www.openssh.org/txt/release-4.7
    ? pax archive utility
    CVE-ID: CVE-2008-0992
    Available for: Mac OS X v10.5.2, Mac OS X Server v10.5.2
    Impact: Running the pax command on a maliciously crafted archive may
    lead to arbitrary code execution
    Description: The pax command line tool does not check a length in its
    input before using it as an array index, which may lead to an unexpected
    application termination or arbitrary code execution. This update
    addresses the issue by checking the index. This issue does not affect
    systems prior to Mac OS X v10.5.
    ? PHP
    CVE-ID: CVE-2007-1659, CVE-2007-1660, CVE-2007-1661, CVE-2007-1662,
    CVE-2007-4766, CVE-2007-4767, CVE-2007-4768, CVE-2007-4887
    Available for: Mac OS X v10.5.2, Mac OS X Server v10.5.2
    Impact: Multiple vulnerabilities in PHP 5.2.4
    Description: PHP is updated to version 5.2.5 to address multiple
    vulnerabilities, the most serious of which may lead to arbitrary code
    execution. Further information is available via the PHP website at
    http://www.php.net/ PHP version 5.2.x is only provided with Mac OS X
    v10.5 systems.
    ? PHP
    CVE-ID: CVE-2007-3378, CVE-2007-3799
    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X
    Server v10.5.2
    Impact: Multiple vulnerabilities in PHP 4.4.7
    Description: PHP is updated to version 4.4.8 to address multiple
    vulnerabilities, the most serious of which may lead to arbitrary code
    execution. Further information is available via the PHP website at
    http://www.php.net/
    ? Podcast Producer
    CVE-ID: CVE-2008-0993
    Available for: Mac OS X v10.5.2, Mac OS X Server v10.5.2
    Impact: Podcast Capture exposes passwords to other local users
    Description: The Podcast Capture application provides passwords to a
    subtask through the arguments, potentially exposing the passwords to
    other local users. This update corrects the issue by providing passwords
    to the subtask through a pipe. This issue does not affect systems prior
    to Mac OS X v10.5. Credit to Maximilian Reiss of Chair for Applied
    Software Engineering, TUM for reporting this issue.
    ? Preview
    CVE-ID: CVE-2008-0994
    Available for: Mac OS X v10.5.2, Mac OS X Server v10.5.2
    Impact: Saving to encrypted PDF in Preview produces files that may be
    read without the password
    Description: When Preview saves a PDF file with encryption, it uses
    40-bit RC4. This encryption algorithm may be broken with significant but
    readily available computing power. A person with access to the file may
    apply a brute-force technique to view it. This update enhances the
    encryption to 128-bit RC4.
    ? Printing
    CVE-ID: CVE-2008-0995
    Available for: Mac OS X v10.5.2, Mac OS X Server v10.5.2
    Impact: Printing to encrypted PDF produces files that may be read
    without the `open' password
    Description: Printing to a PDF file and setting an 'open' password uses
    40-bit RC4. This encryption algorithm may be broken with significant but
    readily available computing power. A person with access to the file may
    apply a brute-force technique to view it. This update enhances the
    encryption to 128-bit RC4. This issue does not affect systems prior to
    Mac OS X v10.5.
    ? Printing
    CVE-ID: CVE-2008-0996
    Available for: Mac OS X v10.5.2, Mac OS X Server v10.5.2
    Impact: Printing to an authenticated print queue may disclose login
    credentials
    Description: An information disclosure issue exists in the handling of
    authenticated print queues. When starting a job on an authenticated
    print queue, the credentials used for authentication may be saved to
    disk. This update addresses the issue by removing user credentials from
    printing presets before saving them to disk. This issue does not affect
    systems prior to Mac OS X v10.5.
    ? System Configuration
    CVE-ID: CVE-2008-0998
    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X
    v10.5.2, Mac OS X Server v10.5.2
    Impact: A local user may be able to execute arbitrary code with system
    privileges
    Description: The privileged tool NetCfgTool uses distributed objects to
    communicate with untrusted client programs on the local machine. By
    sending a maliciously crafted message, a local user can bypass the
    authorization step and may cause arbitrary code execution with the
    privileges of the privileged program. This update addresses the issue by
    performing additional validation of distributed objects.
    ? UDF
    CVE-ID: CVE-2008-0999
    Available for: Mac OS X v10.5.2, Mac OS X Server v10.5.2
    Impact: Opening a maliciously crafted disk image may lead to an
    unexpected system shutdown
    Description: A null pointer dereference issue exists in the handling of
    Universal Disc Format (UDF) file systems. By enticing a user to open a
    maliciously crafted disk image, an attacker may cause an unexpected
    system shutdown. This update addresses the issue through improved
    validation of UDF file systems. This issue does not affect systems prior
    to Mac OS X v10.5. Credit to Paul Wagland of Redwood Software, and Wayne
    Linder of Iomega for reporting this issue.
    ? Wiki Server
    CVE-ID: CVE-2008-1000
    Available for: Mac OS X v10.5.2, Mac OS X Server v10.5.2
    Impact: A user with access to edit wiki content may be able to execute
    arbitrary commands as the wiki server
    Description: A path traversal issue exists in the Mac OS X v10.5 Server
    Wiki Server. Attackers with access to edit wiki content may upload files
    that leverage this issue to place content wherever the wiki server can
    write, which may lead to arbitrary code execution with the privileges of
    the wiki server. This update addresses the issue through improved file
    name handling. This issue does not affect systems prior to Mac OS X
    v10.5. Credit to Rodrigo Carvalho, from the Core Security Consulting
    Services (CSC) team of CORE Security Technologies.
    ? X11
    CVE-ID: CVE-2007-4568, CVE-2007-4990
    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11
    Impact: Multiple Vulnerabilities in X11 X Font Server (XFS) 1.0.4
    Description: Multiple vulnerabilities exist in X11 X Font Server (XFS)
    1.0.4, the most serious of which may lead to arbitrary code execution.
    This update addresses the issue by updating to version 1.0.5. Further
    information is available via the X.Org website at
    http://www.x.org/wiki/Development/Security These issues are already
    addressed in systems running Mac OS X v10.5.2.
    ? X11
    CVE-ID: CVE-2006-3334, CVE-2006-5793, CVE-2007-2445, CVE-2007-5266,
    CVE-2007-5267, CVE-2007-5268, CVE-2007-5269
    Available for: Mac OS X v10.5.2, Mac OS X Server v10.5.2
    Impact: Multiple vulnerabilities in X11's libpng 1.2.8
    Description: The PNG reference library (libpng) is updated to version
    1.2.24 to address several vulnerabilities, the most serious of which may
    lead to a remote denial of service or arbitrary code execution. Further
    information is available via the libpng website at
    http://www.libpng.org/pub/png/libpng.html This issue affects libpng
    within X11. It does not affect systems prior to Mac OS X v10.5.
    ? X11
    CVE-ID: CVE-2007-5958, CVE-2008-0006, CVE-2007-6427, CVE-2007-6428,
    CVE-2007-6429
    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X
    v10.5.2, Mac OS X Server v10.5.2
    Impact: Multiple vulnerabilities in the X11 server
    Description: Numerous vulnerabilities in the X11 server allow execution
    of arbitrary code with the privileges of the user running the X11 server
    if the attacker can authenticate to the X11 server. This is a security
    vulnerability only if the X11 server is configured to not require
    authentication, which Apple does not recommend. This update fixes the
    issue by applying the updated X.Org patches. Further information is
    available via the X.Org website at
    http://www.x.org/wiki/Development/Security

    --
    Support the troops: Bring them home ASAP.
     
    Michelle Steiner, Mar 19, 2008
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Derek Currie
    Replies:
    2
    Views:
    302
    Derek Currie
    Apr 20, 2006
  2. David Ryeburn

    Security Update 2008-001 and permissions

    David Ryeburn, Feb 18, 2008, in forum: Apple
    Replies:
    2
    Views:
    206
    David Ryeburn
    Feb 22, 2008
  3. Ibn Jibn
    Replies:
    2
    Views:
    207
    Ibn Jibn
    Mar 24, 2008
  4. Barry Margolin

    Security Update 2008-007

    Barry Margolin, Oct 10, 2008, in forum: Apple
    Replies:
    8
    Views:
    223
    Warren Oates
    Oct 14, 2008
  5. Michelle Steiner
    Replies:
    3
    Views:
    437
    David Empson
    May 15, 2012
Loading...

Share This Page