what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Secunia Security Advisory 33937

Secunia Security Advisory 33937
Posted Feb 13, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities.

tags | advisory, vulnerability
systems | apple, osx
SHA-256 | 4b78f6c9c1edee5f5c84af78f11dee4df98970f3650a86d85cdef7b98e807b22

Secunia Security Advisory 33937

Change Mirror Download
----------------------------------------------------------------------

Did you know that a change in our assessment rating, exploit code
availability, or if an updated patch is released by the vendor, is
not part of this mailing-list?

Click here to learn more:
http://secunia.com/advisories/business_solutions/

----------------------------------------------------------------------

TITLE:
Apple Mac OS X Security Update Fixes Multiple Vulnerabilities

SECUNIA ADVISORY ID:
SA33937

VERIFY ADVISORY:
http://secunia.com/advisories/33937/

CRITICAL:
Highly critical

IMPACT:
Unknown, Security Bypass, Exposure of sensitive information,
Privilege escalation, DoS, System access

WHERE:
>From remote

OPERATING SYSTEM:
Apple Macintosh OS X
http://secunia.com/advisories/product/96/

DESCRIPTION:
Apple has issued a security update for Mac OS X, which fixes multiple
vulnerabilities.

1) A race condition error in the AFP Server can be exploited to
trigger the execution of an infinite loop by sending a specially
crafted file enumeration request.

2) An error in the handling of movie files using the Pixlet codec can
be exploited to trigger a memory corruption.

3) An error in the Resource Manager related to CarbonCore can be
exploited to trigger a memory corruption via a file containing a
specially crafted resource fork.

Successful exploitation of vulnerabilities #2 and #3 may allow
execution of arbitrary code.

4) Certificate Assistant handles temporary files in an insecure
manner. This can be exploited to overwrite arbitrary files with the
privileges of the user running the application.

5) Two errors in ClamAV can be exploited to cause a crash or
potentially execute arbitrary code.

For more information:
SA32663
SA32926

6) An error in CoreText when processing specially crafted Unicode
strings can be exploited to cause a heap-based buffer overflow via
e.g. a specially crafted web page.

Successful exploitation of this vulnerability may allow execution of
arbitrary code.

7) The dscl program accepts passwords passed via command line
arguments. This can be exploited by local users to obtain the
received passwords via the process list.

8) Multiple errors in fetchmail can be exploited by malicious people
to cause a crash via overly large e-mail headers.

For more information:
SA30742

9) Folder Manager creates the "Downloads" folder with global read
permissions after a user deletes it. This can be exploited by
unprivileged local users to gain access to the "Downloads" folder.

10) An error in the fseventsd program can be exploited to disclose
normally restricted filesystem activity via the FSEvents framework.


11) An error in perl when processing Unicode characters can be
exploited to trigger a memory corruption and potentially execute
arbitrary code.

This is related to:
SA27546

12) An error handling problem in csregprinter can be exploited to
cause a heap-based buffer overflow and potentially gain system
privileges.

13) Multiple errors in python have an unknown impact or can be
exploited to cause a crash or potentially compromise a vulnerable
system.

For more information:
SA26837
SA31305

14) An uninitialized memory access error in the Remote Apple events
server can be exploited to disclose potentially sensitive memory
contents via specially crafted Remote Apple events.

15) An error in Server Manager while validating authentication
credentials can be exploited to alter the system configuration.

16) An integer overflow in the SMB implementation can be exploited to
cause a heap-based buffer overflow by tricking a user into connecting
to a malicious SMB server.

Successful exploitation of this vulnerability may allow execution of
arbitrary code.

17) An error in the SMB implementation can be exploited to exhaust
available memory resources and cause a system shutdown by tricking a
user into connecting to a malicious SMB server.

18) An error in SquirrelMail can be exploited to inject and execute
arbitrary HTML and script code via a specially crafted email.

For more information:
SA32143

19) Multiple errors in the X11 server can be exploited by malicious,
local users to cause a DoS, disclose potentially sensitive
information, or gain escalated privileges.

For more information:
SA30627

20) Multiple errors in FreeType can be exploited to cause a DoS or
compromise an application using the library.

For more information:
SA20100
SA24768
SA30600

21) Multiple errors in LibX11 can be exploited by malicious, local
users to disclose sensitive information, cause a DoS, and gain
escalated privileges.

For more information:
SA24741

22) Xterm creates TTY devices accessible to all users, when used with
"luit". This can be exploited to e.g. write data to another user's
Xterm.

SOLUTION:
Apply Apple Security Update 2009-001.
http://www.apple.com/support/downloads/

PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
6) Rosyna of Unsanity
9) Graham Perrin of CENTRIM, University of Brighton
10) Mark Dalrymple
12) Lars Haulin

ORIGINAL ADVISORY:
http://support.apple.com/kb/HT3438

OTHER REFERENCES:
SA20100:
http://secunia.com/advisories/20100/

SA24741:
http://secunia.com/advisories/24741/

SA24768:
http://secunia.com/advisories/24768/

SA26837:
http://secunia.com/advisories/26837/

SA27546:
http://secunia.com/advisories/27546/

SA30600:
http://secunia.com/advisories/30600/

SA30627:
http://secunia.com/advisories/30627/

SA30742:
http://secunia.com/advisories/30742/

SA31305:
http://secunia.com/advisories/31305/

SA32143:
http://secunia.com/advisories/32143/

SA32663:
http://secunia.com/advisories/32663/

SA32926:
http://secunia.com/advisories/32926/

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Login or Register to add favorites

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    0 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close