Mac OS X Multiple Vulnerabilities

Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities.

1. Multiple boundary errors in AFP client when processing "afp://" URLs can be exploited to cause stack-based buffer overflows when a user connects to a malicious AFP server.

Successful exploitation may allow execution of arbitrary code.

2. An error exists in AFP Server when checking Kerberos principal realm names. This can be exploited to make unauthorized connections to the server when cross-realm authentication with AFP Server is used.

3. Multiple vulnerabilities in Apache can be exploited by malicious people to conduct cross-site scripting attacks, cause a DoS (Denial of Service), or potentially compromise a vulnerable system.

4. A boundary error within the handling of file names in the NSDocument API in AppKit can be exploited to cause a stack-based buffer overflow.

5. An error in NSApplication in AppKit can potentially be exploited to execute code with escalated privileges by sending a maliciously crafted messages to privileged applications in the same bootstrap namespace.

6. Multiple integer overflow errors exist in the parser for a legacy serialization format. This can be exploited to cause a heap-based buffer overflow when a specially crafted serialized property list is parsed.

Successful exploitation may allow execution of arbitrary code.

7. An error in CFNetwork can be exploited to spoof secure websites via 502 Bad Gateway errors from a malicious HTTPS proxy server.

8. Multiple vulnerabilities in ClamAV can be exploited by malicious people to cause a DoS (Denial of Service) or to compromise a vulnerable system.

9. An integer overflow error exists in CoreFoundation when handling time zone data. This can be exploited by a malicious, local user to execute arbitrary code with system privileges.

10. The problem is that files with names ending in ".ief" can be automatically opened in AppleWorks if "Open 'Safe' files" is enabled in Safari.

11. A vulnerability in CUPS can be exploited to execute arbitrary code with system privileges.

12. Multiple input validation errors exist in CUPS, which can be exploited to execute arbitrary code with system privileges.

13. A boundary error in curl can be exploited to compromise a user's system.

14. A vulnerability in emacs can be exploited by malicious people to compromise a user's system.

15. A vulnerability in "file" can be exploited by malicious people to compromise a vulnerable system.

16. An input validation error exists in the NSSelectorFromString API, which can potentially be exploited to execute arbitrary code via a malformed selector name.

17. A race condition error in NSFileManager can potentially be exploited to gain escalated privileges.

18. A boundary error in NSFileManager can potentially be exploited to cause a stack-based buffer overflow via an overly long pathname with a specially crafted structure.

19. A race condition error exists in the cache management of NSURLConnection. This can be exploited to cause a DoS or execute arbitrary code in applications using the library (e.g. Safari).

20. A race condition error exists in NSXML. This can be exploited to execute arbitrary code by enticing a user to process an XML file in an application which uses NSXML.

21. An error in Help Viewer can be exploited to insert arbitrary HTML or JavaScript into the generated topic list page via a specially crafted "help:topic_list" URL and may redirect to a Help Viewer "help:runscript" link that runs Applescript.

22. A boundary error exists in Image Raw within the handling of Adobe Digital Negative (DNG) image files. This can be exploited to cause a stack-based buffer overflow by enticing a user to open a maliciously crafted image file.

23. Multiple vulnerabilities in Kerberos can be exploited to cause a DoS or to compromise a vulnerable system.

24. An off-by-one error the "strnstr()" in libc can be exploited to cause a DoS.

25. A format string error exists in mDNSResponderHelper, which can be exploited by a malicious, local user to cause a DoS or execute arbitrary code with privileges of mDNSResponderHelper by setting the local hostname to a specially crafted string.

26. An error in notifyd can be exploited by a malicious, local user to deny access to notifications by sending fake Mach port death notifications to notifyd.

27. An array indexing error in the pax command line tool can be exploited to execute arbitrary code.

28. Multiple vulnerabilities in php can be exploited to bypass certain security restrictions.

29. A security issue is caused due to the Podcast Capture application providing passwords to a subtask through the arguments.

30. Printing and Preview handle PDF files with weak encryption.

31. An error in Printing in the handling of authenticated print queues can lead to credentials being saved to disk.

32. An error in NetCfgTool can be exploited by a malicious, local user to execute arbitrary code with escalated privileges via a specially crafted message.

33. A null-pointer dereference error exists in the handling of Universal Disc Format (UDF) file systems, which can be exploited to cause a system shutdown by enticing a user to open a maliciously crafted disk image.

34. An input validation error exists in the Mac OS X 10.5 Server Wiki Server. This can be exploited by malicious users to upload arbitrary files with privileges of the wiki server execute arbitrary code.

35. Some vulnerabilities in X11 can be exploited by malicious, local users to gain escalated privileges.

36. Some vulnerabilities in libpng can be exploited by malicious people to cause a DoS (Denial of Service).