Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES - March 2, 2006

TITLE:
Mac OS X Security Update Fixes Multiple Vulnerabilities

SECUNIA ADVISORY ID:
SA19064

VERIFY ADVISORY:
http://secunia.com/advisories/19064/

CRITICAL:
Extremely critical

IMPACT:
Security Bypass, Cross Site Scripting, Privilege escalation, DoS,
System access

WHERE:
From remote

OPERATING SYSTEM:
Apple Macintosh OS X
http://secunia.com/product/96/

DESCRIPTION:
Apple has issued a security update for Mac OS X, which fixes multiple
vulnerabilities.

1) Various security issues exist in the PHP Apache module and
scripting environment.

For more information:
SA17371

2) An error in automount makes it possible for malicious file servers
to cause a vulnerable system to mount file systems with reserved
names, which can cause a DoS (Denial of Service) or potentially allow
arbitrary code execution.

3) An input validation error in the BOM framework when unpacking
certain archives can be exploited to cause files to be unpacked to
arbitrary locations via directory traversal attacks.

4) The "passwd" program creates temporary files insecurely, which can
be exploited via symlink attacks to create or overwrite arbitrary
files with "root" privileges.

5) User directories are insecurely mounted when a FileVault image is
created, which may allow unauthorised access to files.

6) An error in IPSec when handling certain error conditions can be
exploited to cause a DoS against VPN connections.

7) An error in the LibSystem component can be exploited by malicious
people to cause a heap-based buffer overflow via applications when
requesting large amounts of memory. This can potentially be exploited
to execute arbitrary code in the context of a vulnerable application.

Cool The "Download Validation" in the Mail component fails to warn
users about unsafe file types when an e-mail attachment is
double-clicked.

9) In certain cases a Perl program may fail to drop privileges.

For more information:
SA17922

10) A boundary error in rsync can be exploited by authenticated users
to cause a heap-based buffer overflow when it's allowed to transfer
extended attributes. This can be exploited to crash the rsync service
or execute arbitrary code.

11) A boundary error in WebKit's handling of certain HTML can be
exploited to cause a heap-based buffer overflow. This can be
exploited via a malicious web site to execute arbitrary code on a
user's system.

12) A boundary error in Safari when parsing JavaScript can be
exploited to cause a stack-based buffer overflow and allows execution
of arbitrary code when a malicious web page including specially
crafted JavaScript is viewed.

13) An error in Safari's security model when handling HTTP
redirection can be exploited to execute JavaScript in the local
domain via a specially crafted web site.

14) An error in Safari / LaunchServices may cause a malicious
application to appear as a safe file type. This may cause a malicious
file to be executed automatically when the "Open safe files after
downloading" option is enabled.

This vulnerability is related to:
SA18963

15) An input validation error in the Syndication (Safari RSS)
component can be exploited to conduct cross-site scripting attacks
when subscribing to malicious RSS content.

SOLUTION:
Apply Security Update 2006-001.

Mac OS X 10.4.5 (PPC):
http://www.apple.com/support/downloads/securityupdate2006001macosx1045ppc.html

Mac OS X 10.4.5 Client (Intel):
http://www.apple.com/support/downloads/securityupdate2006001macosx1045clientintel.html

Mac OS X 10.3.9 Client:
http://www.apple.com/support/downloads/securityupdate20060011039client.html

Mac OS X 10.3.9 Server:
http://www.apple.com/support/downloads/securityupdate20060011039server.html

PROVIDED AND/OR DISCOVERED BY:
3) The vendor credits St

Discussion is locked
You are posting a reply to: VULNERABILITIES - March 2, 2006
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES - March 2, 2006
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

GIVEAWAY

Enter to win* a free holiday tech gift!

CNET's giving five lucky winners the gift of their choice valued up to $250!