Secunia Security Advisory - Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities.
976db78db524c537c6179daa91b32086222cd87aa45f80962acbd0be69f7ddd6
----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
For more information visit:
http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to
discuss how we can help you with our capabilities contact us at:
sales@secunia.com
----------------------------------------------------------------------
TITLE:
Apple Mac OS X Security Update Fixes Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA37313
VERIFY ADVISORY:
http://secunia.com/advisories/37313/
DESCRIPTION:
Apple has issued a security update for Mac OS X, which fixes multiple
vulnerabilities.
1) A boundary error in the AFP Client component can be exploited to
corrupt memory and potentially execute arbitrary code when a user
accesses a specially crafted AFP server.
2) A weakness in the Adaptive Firewall component can lead to brute
force or dictionary attacks not being detected.
3) Some vulnerabilities in Apache can be exploited by malicious,
local users to bypass certain security restrictions, and by malicious
users and malicious people to disclose potentially sensitive
information or cause a DoS (Denial of Service).
For more information:
SA34827
SA35261
SA35691
SA35781
SA35797
4) A weakness in Apache can be exploited to conduct cross-site
scripting attacks via the HTTP TRACE method.
5) Some vulnerabilities in Apache Portable Runtime can be exploited
by malicious users and malicious people to disclose potentially
sensitive information, cause a DoS (Denial of Service), or compromise
an application using the library.
For more information:
SA36138
6) Multiple boundary errors exist in Apple Type Services when
handling embedded fonts. These can be exploited to cause buffer
overflows and execute arbitrary code when a document containing a
specially crafted embedded font is being viewed or downloaded.
7) A weakness in the Certificate Assistant component can mislead a
user into accepting a specially crafted certificate, containing NUL
characters in the Common Name field, as it visually appears to match
the domain visited by the user.
8) Multiple integer overflow errors exist in the CoreGraphics
component, which can be exploited to cause heap-based buffer
overflows and execute arbitrary code when a specially crafted PDF
file is opened.
9) Multiple errors in CoreMedia and QuickTime can be exploited by
malicious people to compromise a vulnerable system.
For more information:
SA36627
10) A vulnerability in CUPS can be exploited by malicious people to
conduct cross-site scripting attacks.
For more information:
SA37308
11) An unspecified design error in the Dictionary component can be
exploited to write arbitrary data to arbitrary locations on the
user's filesystem.
Successful exploitation allows execution of arbitrary code, but
requires access to the local network.
12) An error in the DirectoryService component can be exploited to
corrupt memory and execute arbitrary code on systems that are
configured as DirectoryService servers.
13) An error in the Disk Images component can be exploited to cause a
heap-based buffer overflow and execute arbitrary code when a specially
crafted image containing a FAT filesystem is downloaded.
14) Multiple vulnerabilities in Dovecot can be exploited by malicious
users to potentially compromise a vulnerable system.
For more information:
SA36698
15) An input validation error exists in the Event Monitor component.
This can be exploited to inject certain data to log files by passing
specially crafted authentication information to the SSH server.
NOTE: This can potentially lead to a DoS (Denial of Service) in
services that process the affected log files.
16) A vulnerability in fetchmail can be exploited by malicious people
to conduct spoofing attacks.
For more information:
SA36179
17) A boundary error in the "file" utility can be exploited to cause
buffer overflows and execute arbitrary code when a user uses "file"
on a specially crafted Common Document Format (CDF) file.
18) An error in the FTP Server component can be exploited to cause a
buffer overflow and execute arbitrary code via the CWD command.
19) The Help Viewer component does not use HTTPS for viewing remote
Apple Help content, which can be exploited to spoof HTTP responses
containing malicious help:runscript links.
Successful exploitation allows execution of arbitrary code.
20) A boundary error in the ImageIO component when handling TIFF
images can be exploited to cause a buffer underflow and potentially
execute arbitrary code.
This is related to:
SA35515
21) An unspecified error within the UCCompareTextDefault API in
International Components for Unicode can be exploited to cause a
buffer overflow and potentially execute arbitrary code.
22) A weakness in IOKit can be exploited by non-privileged users to
update the firmware in an attached USB or Bluetooth Apple keyboard.
23) Multiple vulnerabilities in the IPSec component can be exploited
by malicious people to cause a DoS (Denial of Service).
For more information:
SA31478
24) Multiple input validation errors exist in the Kernel when
handling task state segments. These can be exploited to disclose
sensitive information, cause a DoS, or gain escalated privileges.
25) An error in the Launch Services component when opening a
quarantined folder can lead to a missing warning dialog.
26) Some vulnerabilities in libxml can be exploited by malicious
people to cause a DoS (Denial of Service).
For more information:
SA36207
27) A race condition in the Login Window component can be exploited
to log in to any account without providing a password.
Successful exploitation requires that an account without a password
(such as the Guest account) exists on the system.
28) An error in the handling of SSL certificates in OpenLDAP can be
exploited to conduct MitM (Man-in-the-Middle) attacks via
certificates containing NUL characters in the Common Name field.
29) Multiple vulnerabilities in OpenLDAP can be exploited by
malicious users to cause a DoS (Denial of Service).
For more information:
SA27424
30) Multiple vulnerabilities in OpenSSH can be exploited by malicious
people to disclose sensitive information.
For more information:
SA32760
31) Multiple vulnerabilities with an unspecified impact exist in
PHP.
For more information:
SA36791
32) An unspecified error in the handling of PICT images can be
exploited to cause a heap-based buffer overflow and execute arbitrary
code.
33) An integer overflow error in QuickLook when handling Microsoft
Office files can be exploited to cause a buffer overflow and execute
arbitrary code.
34) A vulnerability in FreeRADIUS can be exploited by malicious
people to cause a DoS.
For more information:
SA36676
35) Multiple unspecified errors in the Screen Sharing client can be
exploited to cause a memory corruption and execute arbitrary code
when a specially crafted VNC server is being accessed, e.g. by
opening a "vnc://" URL.
36) An insecure file operation in the Spotlight component can be
exploited to overwrite files with privileges of another user.
37) Multiple vulnerabilities in Subversion can be exploited by
malicious users and malicious people to compromise a vulnerable
system.
For more information:
SA36184
SOLUTION:
Update to Mac OS X 10.6.2 or apply Security Update 2009-006.
Mac OS X Server v10.6.2 Update:
http://support.apple.com/downloads/DL960/en_US/MacOSXServerUpd10.6.2.dmg
Mac OS X v10.6.2 Update (Combo):
http://support.apple.com/downloads/DL959/en_US/MacOSXUpdCombo10.6.2.dmg
Mac OS X Server v10.6.2 Update (Combo):
http://support.apple.com/downloads/DL961/en_US/MacOSXServerUpdCombo10.6.2.dmg
Security Update 2009-006 Server:
http://support.apple.com/downloads/DL962/en_US/SecUpdSrvr2009-006.dmg
Security Update 2009-006 Client:
http://support.apple.com/downloads/DL963/en_US/SecUpd2009-006.dmg
Mac OS X v10.6.2 Update:
http://support.apple.com/downloads/DL958/en_US/MacOSXUpd10.6.2.dmg
PROVIDED AND/OR DISCOVERED BY:
9) The vendor credits:
* Tom Ferris of the Adobe Secure Software Engineering Team.
* An anonymous researcher working with the ZDI.
* Alex Selivanov
* Damian Put working with the ZDI.
21) The vendor credits Nikita Zhuk and Petteri Kamppuri of MK&C.
22) The vendor credits K. Chen of Georgia Institute of Technology.
25) The vendor credits Regis Duchesne of VMware, Inc.
26) The vendor credits Rauli Kaksonen and Jukka Taimisto from the
CROSS project at Codenomicon Ltd.
32) The vendor credits Nicolas Joly of VUPEN Vulnerability Research
Team.
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT3937
OTHER REFERENCES:
SA27424:
http://secunia.com/advisories/27424/
SA28926:
http://secunia.com/advisories/28926/
SA31478:
http://secunia.com/advisories/31478/
SA32760:
http://secunia.com/advisories/32760/
SA34827:
http://secunia.com/advisories/34827/
SA35261:
http://secunia.com/advisories/35261/
SA35284:
http://secunia.com/advisories/35284/
SA35515:
http://secunia.com/advisories/35515/
SA35691:
http://secunia.com/advisories/35691/
SA35781:
http://secunia.com/advisories/35781/
SA35797:
http://secunia.com/advisories/35797/
SA36138:
http://secunia.com/advisories/36138/
SA36179:
http://secunia.com/advisories/36179/
SA36184:
http://secunia.com/advisories/36184/
SA36207:
http://secunia.com/advisories/36207/
SA36627:
http://secunia.com/advisories/36627/
SA36676:
http://secunia.com/advisories/36676/
SA36698:
http://secunia.com/advisories/36698/
SA36791:
http://secunia.com/advisories/36791/
SA37308:
http://secunia.com/advisories/37308/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------