Apple Mac OS X Multiple Vulnerabilities
RISK: Medium Risk
Multiple vulnerabilities have been identified in Apple Mac OS X, which could be exploited by remote or local attackers to disclose sensitive information, bypass security restrictions, cause a denial of service or compromise an affected system.
1. Due to a heap overflow error in QuickDraw when handling malformed PICT images, which could be exploited by attackers to execute arbitrary code.
2. Due to memory corruption errors in the AFP Client when handling reponses received from a server, which could be exploited to crash an affected client or execute arbitrary code by tricking a user into connecting to a malicious AFP server.
3. Due to an error in the Adaptive Firewall that fails to detect SSH login attempts using invalid user names, which could facilite brute-force attacks.
4. Due to an input validation error in Apache when handling the TRACE HTTP method, which could allow cross site scripting attacks.
5. Due to buffer overflow errors in Apple Type Services when handling embedded fonts, which could be exploited to execute arbitrary code via a specially crafted document.
6. Due to an error in the Certificate Assistant when processing SSL certificates which have NULL characters in the Common Name field, which could allow spoofing attacks.
7. Due to integer overflow errors in CoreGraphics when handling malformed PDF files, which could be exploited to execute arbitrary code by tricking a user into opening a malicious PDF.
8. Due to a memory corruption error in CoreMedia when processing a malformed H.264 movie, which could be exploited by attackers to execute arbitrary code via a malicious movie.
9. Due to a heap overflow error in CoreMedia when processing a malformed H.264 movie, which could be exploited by attackers to execute arbitrary code via a malicious movie.
10. Due to a design error in Dictionary, which could allow attackers on the local network to write arbitrary data to arbitary locations on a vulnerable filesystem via a specially crafted Javascript code.
11. Due to an unspecified memory corruption error in DirectoryService, which could allow attackers to compromise systems configured as DirectoryService servers.
12. Due to a heap buffer overflow error within the handling of disk images containing FAT filesystems, which could be exploited to execute arbitrary code by tricking a user into downloading a malicious disk image.
13. Due to an input validation error in the Event Monitor when logging authentication information, which could allow remote attackers to cause a denial of service via log injections.
14. Due to buffer overflow errors in the file command line tool when processing a malformed Common Document Format (CDF) file, which could be exploited to execute arbitrary code.
15. Due to a buffer overflow error in the FTP Server when issuing a CWD command on a deeply nested directory hierarchy, which could be exploited to execute arbitrary code.
16. Due to the Help Viewer not using HTTPS for viewing remote Apple Help content, which could allow an attacker on the local network to send spoofed HTTP responses containing malicious "help:runscript" links, potentially leading to arbitrary code execution.
17. Due to a buffer overflow error in the UCCompareTextDefault API, which could be exploited to execute arbitrary code.
18. Due to IOKit not requiring system privileges to send firmware to USB or Bluetooth Apple keyboards, which could allow an unprivileged user to alter the firmware in an attached device.
19. Due to input validation errors in Kernel's handling of task state segments, which could allow local attackers to disclose certain information, cause a denial of service or gain elevated privileges.
20. Due to Launch Services not triggering a user warning prior to opening unsafe downloaded content, which could lead to arbitrary code execution.
21. Due to a race condition in the Login Window, which may allow a user to log in to any account without supplying a password.
22. Due to an integer overflow error in QuickLook when handling malformed MS Office files, which could allow attackers to execute arbitrary code.
23. Due to memory corruption errors in the Screen Sharing client when accessing a malicious VNC server e.g. by opening a vnc:// URL, which could be exploited to execute arbitrary code.
24. Due to an error in Spotlight when handling temporary files, which could allow a local user to overwrite files with the privileges of another user.
Impact
- Denial of Service
- Remote Code Execution
- Security Restriction Bypass
- Information Disclosure
System / Technologies affected
- Apple Mac OS X version 10.6.1 and prior
- Apple Mac OS X version 10.5.8 and prior
- Apple Mac OS X Server version 10.6.1 and prior
- Apple Mac OS X Server version 10.5.8 and prior
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Apply Mac OS X v10.6.2 Update :
- http://support.apple.com/downloads/DL958/en_US/MacOSXUpd10.6.2.dmg - Apply Mac OS X Server v10.6.2 Update :
- http://support.apple.com/downloads/DL960/en_US/MacOSXServerUpd10.6.2.dmg - Apply Mac OS X v10.6.2 Update (Combo) :
- http://support.apple.com/downloads/DL959/en_US/MacOSXUpdCombo10.6.2.dmg - Apply Mac OS X Server v10.6.2 Update (Combo) :
- http://support.apple.com/downloads/DL961/en_US/MacOSXServerUpdCombo10.6.2.dmg - Apply Apple Security Update 2009-006 for Mac OS X Server v10.5.8 :
- http://support.apple.com/downloads/DL962/en_US/SecUpdSrvr2009-006.dmg - Apply Apple Security Update 2009-006 for Mac OS X v10.5.8 :
- http://support.apple.com/downloads/DL963/en_US/SecUpd2009-006.dmg
Vulnerability Identifier
- CVE-2007-5707
- CVE-2007-6698
- CVE-2008-0658
- CVE-2008-5161
- CVE-2009-0023
- CVE-2009-0023
- CVE-2009-1191
- CVE-2009-1195
- CVE-2009-1574
- CVE-2009-1632
- CVE-2009-1890
- CVE-2009-1891
- CVE-2009-1955
- CVE-2009-1956
- CVE-2009-2202
- CVE-2009-2203
- CVE-2009-2285
- CVE-2009-2408
- CVE-2009-2409
- CVE-2009-2411
- CVE-2009-2412
- CVE-2009-2414
- CVE-2009-2416
- CVE-2009-2666
- CVE-2009-2798
- CVE-2009-2799
- CVE-2009-2808
- CVE-2009-2810
- CVE-2009-2818
- CVE-2009-2819
- CVE-2009-2820
- CVE-2009-2823
- CVE-2009-2824
- CVE-2009-2825
- CVE-2009-2826
- CVE-2009-2827
- CVE-2009-2828
- CVE-2009-2829
- CVE-2009-2830
- CVE-2009-2831
- CVE-2009-2832
- CVE-2009-2833
- CVE-2009-2834
- CVE-2009-2835
- CVE-2009-2836
- CVE-2009-2837
- CVE-2009-2838
- CVE-2009-2839
- CVE-2009-2840
- CVE-2009-3111
- CVE-2009-3235
- CVE-2009-3291
- CVE-2009-3292
- CVE-2009-3293
Source
Related Link
Share with