----------------------------------------------------------------------

Bist Du interessiert an einem neuen Job in IT-Sicherheit?


Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT-
Sicherheit:
http://secunia.com/secunia_vacancies/

----------------------------------------------------------------------

TITLE:
Mac OS X Security Update Fixes Multiple Vulnerabilities

SECUNIA ADVISORY ID:
SA15481

VERIFY ADVISORY:
http://secunia.com/advisories/15481/

CRITICAL:
Highly critical

IMPACT:
Unknown, Security Bypass, Exposure of system information, Exposure of
sensitive information, Privilege escalation, DoS, System access

WHERE:
>From remote

OPERATING SYSTEM:
Apple Macintosh OS X
http://secunia.com/product/96/

DESCRIPTION:
Apple has issued a security update for Mac OS X, which fixes various
vulnerabilities.

1) A boundary error in AFP Server within the support for legacy
clients can be exploited to cause a buffer overflow.

Successful exploitation allows execution of arbitrary code.

2) A bug in AFP Server when using an ACL-enabled storage volume may
in certain situations result in an ACL remaining attached when a file
with POSIX-only permissions is copied.

3) An input validation error can be exploited to access arbitrary
files on a Bluetooth-enabled system using directory traversal attacks
via the Bluetooth file and object exchange services.

4) A weakness in CoreGraphics can be exploited via a specially
crafted PDF document to crash an application using either PDFKit or
CoreGraphics to rendor PDF documents.

5) An error in the CoreGraphics Window Server can be exploited by
console users to gain escalated privileges by launching commands into
a root session.

6) Insecure folder permissions are set on the system's cache folder
and Dashboard system widgets.

7) A race condition in the temporary file creation of launchd can be
exploited by malicious, local users to take ownership of arbitrary
files on the system.

8) An error in LaunchServices can result in file extensions and MIME
types marked as unsafe to bypass download safety checks if they're
not mapped to an Apple UTI (Uniform Type Identifier).

9) A security issue in MCX Client may disclose Portable Home
Directory credentials to local users.

10) A security issue in NFS causes a NFS export restricted using
"-network" and "-mask" to be exported to "everyone".

11) Multiple vulnerabilities in PHP can be exploited by malicious
people to cause a DoS (Denial of Service) and potentially compromise
a vulnerable system.

For more information:
SA14792

12) A boundary error in vpnd can be exploited by malicious, local
users to cause a buffer overflow via an overly long Server_id
parameter and execute arbitrary code with escalated privileges on
systems configured as a VPN server.

SOLUTION:
Apply Security Update 2005-006.

Mac OS X 10.3.9:
http://www.apple.com/support/downloads/securityupdate2005006macosx1039.html

Mac OS X 10.4.1:
http://www.apple.com/support/downloads/securityupdate2005006macosx1041.html

PROVIDED AND/OR DISCOVERED BY:
3) Kevin Finisterre, digitalmunition.com.
4) Chris Evans
6) Michael Haller
7) Neil Archibald
12) Pieter de Boer

ORIGINAL ADVISORY:
Apple:
http://docs.info.apple.com/article.html?artnum=301742

OTHER REFERENCES:
SA14792:
http://secunia.com/advisories/14792/

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------