Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES - January 10, 2007

Adobe Reader Subroutine Pointer Overwrite Remote Memory Corruption Vulnerability

Advisory ID : FrSIRT/ADV-2007-0115
CVE ID : CVE-2006-5857
Rated as : Critical
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-01-10

A vulnerability has been identified in Adobe Reader and Acrobat, which could be exploited by attackers to take complete control of an affected system. This issue is due to a memory corruption error when handling malformed data, which could be exploited by attackers to execute arbitrary commands by tricking a user into opening a specially crafted document.

Affected Products

Adobe Reader version 7.0.8 and prior
Adobe Acrobat Standard version 7.0.8 and prior
Adobe Acrobat Professional version 7.0.8 and prior
Adobe Acrobat Elements version 7.0.8 and prior
Adobe Acrobat 3D

Solution

Upgrade to Adobe Reader 7.0.9 or 8.0.0 :
http://www.adobe.com/downloads/

References

http://www.frsirt.com/english/advisories/2007/0115
http://www.adobe.com/support/security/bulletins/apsb07-01.html
http://www.piotrbania.com/all/adv/adobe-acrobat-adv.txt

Discussion is locked
You are posting a reply to: VULNERABILITIES - January 10, 2007
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES - January 10, 2007
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Adobe ColdFusion MX Encoded Filenames Handling Information

In reply to: VULNERABILITIES - January 10, 2007

Disclosure Vulnerability

Advisory ID : FrSIRT/ADV-2007-0116
CVE ID : CVE-2006-5858
Rated as : Moderate Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-01-10

A vulnerability has been identified in Adobe ColdFusion MX, which could be exploited by attackers to gain knowledge of sensitive information. This issue is due to an input validation when processing URLs containing a double encoded NULL byte and a valid extension (e.g. ".cfm"), which could be exploited by remote attackers to disclose the contents of arbitrary files on a vulnerable server.

Affected Products

Adobe ColdFusion MX version 7
Adobe ColdFusion MX version 7.0.1
Adobe ColdFusion MX version 7.0.2

Solution

Apply patch :
http://www.adobe.com/support/security/bulletins/apsb07-02.html

References

http://www.frsirt.com/english/advisories/2007/0116
http://www.adobe.com/support/security/bulletins/apsb07-02.html
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=466

Collapse -
Ubuntu Security Update Fixes MadWifi Driver Remote Buffer Ov

In reply to: VULNERABILITIES - January 10, 2007

Ubuntu Security Update Fixes MadWifi Driver Remote Buffer Overflow Vulnerability

Advisory ID : FrSIRT/ADV-2007-0124
CVE ID : CVE-2006-6332
Rated as : Critical
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-01-10

Technical Description

Ubuntu has released security updates to address a vulnerability identified in MadWifi and linux-restricted-modules-2.6.17. This issue could be exploited by attackers to cause a denial of service or execute arbitrary commands. For additional information, see : FrSIRT/ADV-2006-4901

Affected Products

Ubuntu 6.10

Solution

Upgrade the affected packages :
http://www.ubuntu.com/usn/usn-404-1

References

http://www.frsirt.com/english/advisories/2007/0124
http://www.ubuntu.com/usn/usn-404-1

Collapse -
Ubuntu Security Update Fixes X.Org X11 Multiple Privilege Es

In reply to: VULNERABILITIES - January 10, 2007

Ubuntu Security Update Fixes X.Org X11 Multiple Privilege Escalation Vulnerabilities

Advisory ID : FrSIRT/ADV-2007-0123
CVE ID : CVE-2006-6101 - CVE-2006-6102 - CVE-2006-6103
Rated as : Moderate Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-01-10

Ubuntu has released security updates to address multiple vulnerabilities identified in X.Org X11. These issues could be exploited by local attackers to obtain elevated privileges. For additional information, see : FrSIRT/ADV-2007-0108

Affected Products

Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10

Solution

Ubuntu 5.10 - Upgrade to xserver-xorg-core 6.8.2-77.2
Ubuntu 6.06 LTS - Upgrade to xserver-xorg-core 1:1.0.2-0ubuntu10.5
Ubuntu 6.10 - Upgrade to xserver-xorg-core 1:1.1.1-0ubuntu12.1

References

http://www.frsirt.com/english/advisories/2007/0123
http://www.ubuntu.com/usn/usn-403-1

Collapse -
SuSE Security Update Fixes Kerberos Multiple Remote Code Exe

In reply to: VULNERABILITIES - January 10, 2007

SuSE Security Update Fixes Kerberos Multiple Remote Code Execution Vulnerabilities

Advisory ID : FrSIRT/ADV-2007-0122
CVE ID : CVE-2006-6143 - CVE-2006-6144
Rated as : Critical
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-01-10

SuSE has released security updates to address multiple vulnerabilities identified in krb5. These issues could be exploited by attackers to execute arbitrary commands. For additional information, see : FrSIRT/ADV-2007-0111

Affected Products

openSUSE 10.2
SUSE LINUX 10.1
SUSE LINUX 10.0
SUSE LINUX 9.3
SUSE SLED 10
SUSE SLES 10

Solution

Upgrade the affected packages :
ftp://ftp.suse.com/pub/suse/update/

References

http://www.frsirt.com/english/advisories/2007/0122
http://lists.suse.com/archive/suse-security-announce/2007-Jan/0004.html

Collapse -
OpenPKG Security Update Fixes Kerberos Multiple Remote Code

In reply to: VULNERABILITIES - January 10, 2007

OpenPKG Security Update Fixes Kerberos Multiple Remote Code Execution Vulnerabilities

Advisory ID : FrSIRT/ADV-2007-0121
CVE ID : CVE-2006-6143 - CVE-2006-6144
Rated as : Critical
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-01-10

OpenPKG has released security updates to address multiple vulnerabilities identified in kerberos. These issues could be exploited by attackers to execute arbitrary commands. For additional information, see : FrSIRT/ADV-2007-0111

Affected Products

OpenPKG E1.0-SOLID
OpenPKG 2-STABLE-20061018
OpenPKG 2-STABLE
OpenPKG CURRENT

Solution

Upgrade the affected package :
http://www.openpkg.org/product/packages/?package=kerberos

References

http://www.frsirt.com/english/advisories/2007/0121
http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.006.html

Collapse -
Mandriva Security Update Fixes X.Org X11 Multiple Privilege

In reply to: VULNERABILITIES - January 10, 2007

Mandriva Security Update Fixes X.Org X11 Multiple Privilege Escalation Vulnerabilities

Advisory ID : FrSIRT/ADV-2007-0120
CVE ID : CVE-2006-6101 - CVE-2006-6102 - CVE-2006-6103
Rated as : Moderate Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-01-10

Mandriva has released security updates to address multiple vulnerabilities identified in X.Org X11. These issues could be exploited by local attackers to obtain elevated privileges. For additional information, see : FrSIRT/ADV-2007-0108

Affected Products

Mandriva Linux 2007.0
Mandriva Corporate 3.0
Mandriva Corporate 4.0

Solution

Upgrade the affected packages

References

http://www.frsirt.com/english/advisories/2007/0120
http://archives.mandrivalinux.com/security-announce/2007-01/msg00008.php

Collapse -
Mandriva Security Update Fixes Avahi "consume_labels()" Deni

In reply to: VULNERABILITIES - January 10, 2007

Mandriva Security Update Fixes Avahi "consume_labels()" Denial of Service Vulnerability

Advisory ID : FrSIRT/ADV-2007-0119
CVE ID : CVE-2006-6870
Rated as : Moderate Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-01-10

Mandriva has released security updates to address a vulnerability identified in Avahi. This issue could be exploited by attackers to cause a denial of service. For additional information, see : FrSIRT/ADV-2007-0071

Affected Products

Mandriva Linux 2007.0

Solution

Upgrade the affected packages

References

http://www.frsirt.com/english/advisories/2007/0119
http://archives.mandrivalinux.com/security-announce/2007-01/msg00005.php

Collapse -
Mandriva Security Update Fixes GeoIP Remote Directory Traver

In reply to: VULNERABILITIES - January 10, 2007

Mandriva Security Update Fixes GeoIP Remote Directory Traversal Vulnerability

Advisory ID : FrSIRT/ADV-2007-0118
CVE ID : CVE-2007-0159
Rated as : Low Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-01-10

Mandriva has released security updates to address a vulnerability identified in GeoIP. This issue could be exploited by attackers to overwrite arbitrary files. For additional information, see : FrSIRT/ADV-2007-0117

Affected Products

Mandriva Corporate 4.0

Solution

Upgrade the affected packages

References

http://www.frsirt.com/english/advisories/2007/0118
http://archives.mandrivalinux.com/security-announce/2007-01/msg00006.php

Collapse -
Kerberos kadmind "mechglue" Code Execution Vulnerability

In reply to: VULNERABILITIES - January 10, 2007

TITLE:
Kerberos kadmind "mechglue" Code Execution Vulnerability

SECUNIA ADVISORY ID:
SA23690

VERIFY ADVISORY:
http://secunia.com/advisories/23690/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
From remote

SOFTWARE:
Kerberos 5.x
http://secunia.com/product/556/

DESCRIPTION:
A vulnerability has been reported in Kerberos, which can potentially
be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to an error in the handling of
uninitialized pointers when the "mechglue" abstraction interface of
the GSS-API implementation performs certain error-handling functions.
This can be exploited to potentially execute arbitrary code via a
specially crafted packet.

The vulnerability is reported in versions krb5-1.5 through
krb5-1.5.1. Other versions may also be affected.

SOLUTION:
Apply patch:
http://web.mit.edu/kerberos/advisories/2006-003-patch.txt

PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.

ORIGINAL ADVISORY:
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2006-003-mechglue.txt

OTHER REFERENCES:
US CERT: VU#831452
http://www.kb.cert.org/vuls/id/831452

Collapse -
Fedora Core 5 update for krb5

In reply to: VULNERABILITIES - January 10, 2007

TITLE:
Fedora Core 5 update for krb5

SECUNIA ADVISORY ID:
SA23707

VERIFY ADVISORY:
http://secunia.com/advisories/23707/

CRITICAL:
Highly critical

IMPACT:
Privilege escalation, DoS, System access

WHERE:
From remote

OPERATING SYSTEM:
Fedora Core 5
http://secunia.com/product/8808/

DESCRIPTION:
Fedora has issued an update for krb5. This fixes two vulnerabilities,
which can be exploited by malicious, local users to perform certain
actions with escalated privileges, or by malicious people to cause a
DoS (Denial of Service) or potentially compromise a vulnerable
system.

For more information:
SA21402
SA23696

SOLUTION:
Apply updated packages.

ORIGINAL ADVISORY:
http://fedoranews.org/cms/node/2376

OTHER REFERENCES:
SA21402:
http://secunia.com/advisories/21402/

SA23696:
http://secunia.com/advisories/23696/

Collapse -
Kerberos kadmind xprt->xp_auth Code Execution Vulnerability

In reply to: VULNERABILITIES - January 10, 2007

TITLE:
Kerberos kadmind xprt->xp_auth Code Execution Vulnerability

SECUNIA ADVISORY ID:
SA23696

VERIFY ADVISORY:
http://secunia.com/advisories/23696/

CRITICAL:
Highly critical

IMPACT:
DoS, System access

WHERE:
From remote

SOFTWARE:
Kerberos 5.x
http://secunia.com/product/556/

DESCRIPTION:
A vulnerability has been reported in Kerberos, which can potentially
be exploited by malicious people to cause a DoS (Denial of Service)
or to compromise a vulnerable system.

The vulnerability is caused due to an error in the handling of
xprt->xp_auth pointers when freeing structures in memory. This can be
exploited to crash the daemon or execute arbitrary code via a
specially crafted kerberos packet.

The vulnerability is reported in the following versions:
* krb5-1.4 through krb5-1.4.4
* krb5-1.5 through krb5-1.5.1

Other versions may also be affected.

SOLUTION:
Apply patch.
http://web.mit.edu/kerberos/advisories/2006-002-patch.txt

PROVIDED AND/OR DISCOVERED BY:
The vendor credits Andrew Korty from Indiana University.

ORIGINAL ADVISORY:
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2006-002-rpc.txt

OTHER REFERENCES:
US-CERT VU#481564:
http://www.kb.cert.org/vuls/id/481564

Collapse -
Ubuntu update for xserver-xorg-core

In reply to: VULNERABILITIES - January 10, 2007

TITLE:
Ubuntu update for xserver-xorg-core

SECUNIA ADVISORY ID:
SA23698

VERIFY ADVISORY:
http://secunia.com/advisories/23698/

CRITICAL:
Less critical

IMPACT:
Privilege escalation

WHERE:
Local system

OPERATING SYSTEM:
Ubuntu Linux 5.10
http://secunia.com/product/6606/
Ubuntu Linux 6.06
http://secunia.com/product/10611/
Ubuntu Linux 6.10
http://secunia.com/product/12470/

DESCRIPTION:
Ubuntu has issued an update for xserver-xorg-core. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
gain escalated privileges.

For more information:
SA23698

SOLUTION:
Apply updated packages.

ORIGINAL ADVISORY:
http://www.ubuntu.com/usn/usn-403-1

OTHER REFERENCES:
SA23670:
http://secunia.com/advisories/23670/

Collapse -
Red Hat update for xorg-x11

In reply to: VULNERABILITIES - January 10, 2007

TITLE:
Red Hat update for xorg-x11

SECUNIA ADVISORY ID:
SA23633

VERIFY ADVISORY:
http://secunia.com/advisories/23633/

CRITICAL:
Less critical

IMPACT:
Privilege escalation

WHERE:
Local system

OPERATING SYSTEM:
RedHat Enterprise Linux WS 4
http://secunia.com/product/4670/
RedHat Enterprise Linux AS 3
http://secunia.com/product/2534/
RedHat Enterprise Linux AS 4
http://secunia.com/product/4669/

DESCRIPTION:
Red Hat has issued an update for xorg-x11. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
gain escalated privileges.

For more information:
SA23670

SOLUTION:
Updated packages are available from Red Hat Network:
http://rhn.redhat.com

ORIGINAL ADVISORY:
http://rhn.redhat.com/errata/RHSA-2007-0003.html

OTHER REFERENCES:
SA23670:
http://secunia.com/advisories/23670/

Collapse -
phpMyAdmin Cross-Site Scripting and Unspecified Vulnerabilit

In reply to: VULNERABILITIES - January 10, 2007

TITLE:
phpMyAdmin Cross-Site Scripting and Unspecified Vulnerabilities

SECUNIA ADVISORY ID:
SA23702

VERIFY ADVISORY:
http://secunia.com/advisories/23702/

CRITICAL:
Less critical

IMPACT:
Unknown, Cross Site Scripting

WHERE:
From remote

SOFTWARE:
phpMyAdmin 2.x
http://secunia.com/product/1720/

DESCRIPTION:
Some vulnerabilities have been reported in phpMyAdmin, some of which
have unknown impacts, while some can be exploited by malicious people
to conduct cross-site scripting attacks.

1) Input passed to unspecified parameters is not properly sanitised
before being returned to the user. This can be exploited to execute
arbitrary HTML and script code in a user's browser session in context
of an affected site.

2) Some vulnerabilities exist, which are caused due to unspecified
errors in phpMyAdmin. No further information is currently available.

The vulnerabilities are reported in version 2.9.1.1. Other versions
may also be affected.

SOLUTION:
Fixed in version 2.9.2-rc1.

PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.

ORIGINAL ADVISORY:
http://www.phpmyadmin.net/home_page/downloads.php?relnotes=0

Collapse -
rPath update for xorg-x11

In reply to: VULNERABILITIES - January 10, 2007

TITLE:
rPath update for xorg-x11

SECUNIA ADVISORY ID:
SA23689

VERIFY ADVISORY:
http://secunia.com/advisories/23689/

CRITICAL:
Less critical

IMPACT:
Privilege escalation

WHERE:
Local system

OPERATING SYSTEM:
rPath Linux 1.x
http://secunia.com/product/10614/

DESCRIPTION:
rPath has issued an update for xorg-x11. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
gain escalated privileges.

For more information:
SA23670

SOLUTION:
Update to:
xorg-x11=/conary.rpath.com@rpl:devel//1/6.8.2-30.3-1
xorg-x11-fonts=/conary.rpath.com@rpl:devel//1/6.8.2-30.3-1
xorg-x11-tools=/conary.rpath.com@rpl:devel//1/6.8.2-30.3-1
xorg-x11-xfs=/conary.rpath.com@rpl:devel//1/6.8.2-30.3-1

ORIGINAL ADVISORY:
https://issues.rpath.com/browse/RPL-920

OTHER REFERENCES:
SA23670:
http://secunia.com/advisories/23670/

Collapse -
Sun Solaris rpcbind Denial of Service

In reply to: VULNERABILITIES - January 10, 2007

TITLE:
Sun Solaris rpcbind Denial of Service

SECUNIA ADVISORY ID:
SA23700

VERIFY ADVISORY:
http://secunia.com/advisories/23700/

CRITICAL:
Less critical

IMPACT:
DoS

WHERE:
From local network

OPERATING SYSTEM:
Sun Solaris 9
http://secunia.com/product/95/
Sun Solaris 8
http://secunia.com/product/94/

DESCRIPTION:
A vulnerability has been reported in Sun Solaris, which can be
exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an unspecified error in libnsl
when handling malformed RPC requests, and can be exploited to kill
the rpcbind server.

The vulnerability is reported in Sun Solaris 8 and 9 for the SPARC
and x86 platforms.

SOLUTION:
-- SPARC Platform --

Solaris 8:
Apply patch 108993-65 or later.

Solaris 9:
Apply patch 113319-27 or later.

-- x86 Platform --

Solaris 8:
Apply patch 108994-65 or later.

Solaris 9:
Apply patch 113719-21 or later.

PROVIDED AND/OR DISCOVERED BY:
The vendor credits Anil Kumar, BlueLane Research Team.

ORIGINAL ADVISORY:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102713-1

Collapse -
X.Org X11 "DBE" and "Renderer" Extensions Vulnerabilities

In reply to: VULNERABILITIES - January 10, 2007

TITLE:
X.Org X11 "DBE" and "Renderer" Extensions Vulnerabilities

SECUNIA ADVISORY ID:
SA23670

VERIFY ADVISORY:
http://secunia.com/advisories/23670/

CRITICAL:
Less critical

IMPACT:
Privilege escalation

WHERE:
Local system

SOFTWARE:
X Window System 11 (X11) 7.x
http://secunia.com/product/8806/
X Window System 11 (X11) 6.x
http://secunia.com/product/3913/

DESCRIPTION:
Sean Larsson has reported some vulnerabilities in X.Org X11, which
can be exploited by malicious, local users to gain escalated
privileges.

The vulnerabilities are caused due to input validation errors within
the ""ProcRenderAddGlyphs()" function of the "Renderer" extension and
the "ProcDbeGetVisualInfo()" and "ProcDbeSwapBuffers()" functions of
the "DBE" extension. This can be exploited to cause a memory
corruption by sending specially crafted X requests to the X server.

Successful exploitation may allow the execution of arbitrary code
with the privileges of the X server, but requires that the "Renderer"
or "DBE" extensions are loaded.

The vulnerabilities are reported in version 7.1-1.1.0. Other versions
may also be affected.

SOLUTION:
Update to version 7.2 RC3.

PROVIDED AND/OR DISCOVERED BY:
Sean Larsson, iDefense Labs

ORIGINAL ADVISORY:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=463
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=464
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=465

Collapse -
rPath update for fetchmail

In reply to: VULNERABILITIES - January 10, 2007

TITLE:
rPath update for fetchmail

SECUNIA ADVISORY ID:
SA23695

VERIFY ADVISORY:
http://secunia.com/advisories/23695/

CRITICAL:
Less critical

IMPACT:
Exposure of sensitive information

WHERE:
From local network

OPERATING SYSTEM:
rPath Linux 1.x
http://secunia.com/product/10614/

DESCRIPTION:
rPath has issued an update for fetchmail. This fixes a vulnerability,
which can be exploited by malicious people to gain knowledge of
sensitive information.

For more information:
SA23631

SOLUTION:
Update to "fetchmail=/conary.rpath.com@rpl:devel//1/6.3.6-0.1-1".

ORIGINAL ADVISORY:
https://issues.rpath.com/browse/RPL-919

OTHER REFERENCES:
SA23631:
http://secunia.com/advisories/23631/

Collapse -
Adobe Reader Unspecified Heap Corruption Vulnerability

In reply to: VULNERABILITIES - January 10, 2007

TITLE:
Adobe Reader Unspecified Heap Corruption Vulnerability

SECUNIA ADVISORY ID:
SA23666

VERIFY ADVISORY:
http://secunia.com/advisories/23666/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
From remote

SOFTWARE:
Adobe Reader 7.x
http://secunia.com/product/4546/
Adobe Reader 6.x
http://secunia.com/product/1810/

DESCRIPTION:
Piotr Bania has reported a vulnerability in Adobe Reader, which can
potentially be exploited by malicious people to compromise a user's
system.

The vulnerability is caused due to an unspecified error when
processing PDF files. This can be exploited to cause a heap
corruption and may allow execution of arbitrary code when a
specially-crafted PDF file is opened.

The vulnerability is reported in version 7.0.8 and prior. Other
versions may also be affected.

SOLUTION:
Update to version 7.0.9 or upgrade to version 8.0.

PROVIDED AND/OR DISCOVERED BY:
Piotr Bania

ORIGINAL ADVISORY:
http://www.piotrbania.com/all/adv/adobe-acrobat-adv.txt

Adobe:
http://www.adobe.com/support/security/bulletins/apsb07-01.html

Collapse -
More from Apple Fun (Bugs/Vulnerabilities)

In reply to: VULNERABILITIES - January 10, 2007

MOAB-09-01-2007: Apple Finder DMG Volume Name Memory Corruption
Finder is affected by a memory corruption vulnerability, which leads to an exploitable denial of service condition and potential arbitrary code execution, that can be triggered by DMG images.

MOAB-10-01-2007: Apple DMG UFS ffs_mountfs() Integer Overflow Vulnerability
The ffs_mountfs() function, part of the UFS filesystem handling code (shared between FreeBSD and Mac OS X XNU) is affected by an integer overflow vulnerability, leading to an exploitable denial of service condition and potential arbitrary code execution.

http://applefun.blogspot.com/

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

REVIEW

Sublime suburban chariot

High on style and technology, the 2019 Volvo XC90 is an incredibly satisfying everyday crossover.