---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secunia_vacancies/ ---------------------------------------------------------------------- TITLE: Mac OS X Security Update Fixes Multiple Vulnerabilities SECUNIA ADVISORY ID: SA15481 VERIFY ADVISORY: http://secunia.com/advisories/15481/ CRITICAL: Highly critical IMPACT: Unknown, Security Bypass, Exposure of system information, Exposure of sensitive information, Privilege escalation, DoS, System access WHERE: >From remote OPERATING SYSTEM: Apple Macintosh OS X http://secunia.com/product/96/ DESCRIPTION: Apple has issued a security update for Mac OS X, which fixes various vulnerabilities. 1) A boundary error in AFP Server within the support for legacy clients can be exploited to cause a buffer overflow. Successful exploitation allows execution of arbitrary code. 2) A bug in AFP Server when using an ACL-enabled storage volume may in certain situations result in an ACL remaining attached when a file with POSIX-only permissions is copied. 3) An input validation error can be exploited to access arbitrary files on a Bluetooth-enabled system using directory traversal attacks via the Bluetooth file and object exchange services. 4) A weakness in CoreGraphics can be exploited via a specially crafted PDF document to crash an application using either PDFKit or CoreGraphics to rendor PDF documents. 5) An error in the CoreGraphics Window Server can be exploited by console users to gain escalated privileges by launching commands into a root session. 6) Insecure folder permissions are set on the system's cache folder and Dashboard system widgets. 7) A race condition in the temporary file creation of launchd can be exploited by malicious, local users to take ownership of arbitrary files on the system. 8) An error in LaunchServices can result in file extensions and MIME types marked as unsafe to bypass download safety checks if they're not mapped to an Apple UTI (Uniform Type Identifier). 9) A security issue in MCX Client may disclose Portable Home Directory credentials to local users. 10) A security issue in NFS causes a NFS export restricted using "-network" and "-mask" to be exported to "everyone". 11) Multiple vulnerabilities in PHP can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. For more information: SA14792 12) A boundary error in vpnd can be exploited by malicious, local users to cause a buffer overflow via an overly long Server_id parameter and execute arbitrary code with escalated privileges on systems configured as a VPN server. SOLUTION: Apply Security Update 2005-006. Mac OS X 10.3.9: http://www.apple.com/support/downloads/securityupdate2005006macosx1039.html Mac OS X 10.4.1: http://www.apple.com/support/downloads/securityupdate2005006macosx1041.html PROVIDED AND/OR DISCOVERED BY: 3) Kevin Finisterre, digitalmunition.com. 4) Chris Evans 6) Michael Haller 7) Neil Archibald 12) Pieter de Boer ORIGINAL ADVISORY: Apple: http://docs.info.apple.com/article.html?artnum=301742 OTHER REFERENCES: SA14792: http://secunia.com/advisories/14792/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------