Technical Cyber Security Alert TA06-053A - A file type determination vulnerability in Apple Safari could allow a remote attacker to execute arbitrary commands on a vulnerable system.
e78af957993380eb8d34d7bed3c1bf745e97d177298bd9e1219a921d7c7c119e
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
National Cyber Alert System
Technical Cyber Security Alert TA06-053A
Apple Mac OS X Safari Command Execution Vulnerability
Original release date: February 22, 2006
Last revised: --
Source: US-CERT
Systems Affected
Apple Safari running on Mac OS X
Overview
A file type determination vulnerability in Apple Safari could allow a
remote attacker to execute arbitrary commands on a vulnerable system.
I. Description
Apple Safari is a web browser that comes with Apple Mac OS X. The
default configuration of Safari allows it to automatically "Open
'safe' files after downloading." Due to this default configuration and
inconsistencies in how Safari and OS X determine which files are
"safe," Safari may execute arbitrary shell commands as the result of
viewing a specially crafted web page.
Details are available in the following Vulnerability Note:
VU#999708 - Apple Safari may automatically execute arbitrary shell
commands
II. Impact
A remote, unauthenticated attacker could execute arbitrary commands
with the privileges of the user running Safari. If the user is logged
on with administrative privileges, the attacker could take complete
control of an affected system.
III. Solution
Since there is no known patch for this issue at this time, US-CERT is
recommending a workaround.
Workaround
Disable "Open 'safe' files after downloading"
Disable the option to "Open 'safe' files after downloading," as
specified in the document "Securing Your Web Browser."
Appendix A. References
* US-CERT Vulnerability Note VU#999708 -
<http://www.kb.cert.org/vuls/id/999708>
* Securing Your Web Browser -
<http://www.us-cert.gov/reading_room/securing_browser/#sgeneral>
* Apple - Mac OS X - Safari RSS -
<http://www.apple.com/macosx/features/safari/>
____________________________________________________________________
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA06-053A.html>
____________________________________________________________________
Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "TA06-053A Feedback VU#999708" in the
subject.
____________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________
Produced 2006 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
Feb 22, 2006: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBQ/zKN30pj593lg50AQJgoQf/ZajorZz/6quzA40dc8cLxIBT70xcClH5
CKDN5nMXl1mRYYkDPF07GbcWL3lWarW5Hif0OiZfazaGNC3p9v4ZxDx/dW/ZmsYo
eDznsNWNphKB6yBSIbOUSfGyh/I7pQlG3qxXRWDTA9nVK12KIkvAAoPTgBe40obu
+x58gK5/ib4d+dEZ8F9SbO7/syYtcAzfzS2HrBYhG1lWWLYTaNC3hyI2nXF5lNV/
ymwaPv0ivAB9rpalus+KkajjiV5+J08dj+1JwgwcSpvuNMQ5c/8RCIILP+1bR+CL
lScvGuSRYk4S0QI9nmCDvwD52sluiwp2VO1atTQ1zcgpwhvLRGo3DQ==
=P2/3
-----END PGP SIGNATURE-----