Skip to main content

Apple Mac OS X Multiple Vulnerabilities

Last Update Date: 28 Jan 2011 Release Date: 2 Jul 2008 5350 Views

RISK: Medium Risk

Multiple vulnerabilities have been identified in Apple Mac OS X, which could be exploited by remote or local attackers to cause a denial of service, disclose sensitive information, bypass security restrictions or compromise an affected system. These issues are caused by implementation, data validation, and buffer overflow errors in Alias Manager, CoreTypes, c++filt, Dock, Launch Services, Net-SNMP, Ruby, SMB File Server, System Configuration, Tomcat, VPN, and WebKit, which could be exploited by attackers to bypass security checks, gain knowledge of sensitive information, cause a denial of service or execute arbitrary commands or scripting code.

1. An unspecified error in the Alias Manager when handling AFP volume mount information in an alias data structure can be exploited to cause a memory corruption and potentially execute arbitrary code.

2. A weakness is caused due to users not being warned before opening certain potentially unsafe content types, e.g. .xht and .xhtm files.

3. A format string error in c++filt can be exploited to exploited to execute arbitrary code when a specially crafted string is passed to the application.

4. An vulnerability in Dock can be exploited by malicious people with physical access to a system to bypass the screen lock when Expose hot corners are set.

5. A race condition error exists in Launch Services in the download validation of symbolic links. This can be exploited to execute arbitrary code when a user visits a malicious web site.

Successful exploitation requires that the "Open 'safe' files" option is enabled in Safari.

6. A vulnerability in Net-SNMP can be exploited by malicious people to spoof authenticated SNMPv3 packets.

7. Some vulnerabilities in Ruby can be exploited by malicious people to disclose sensitive information, cause a DoS (Denial of Service), or potentially compromise a vulnerable system.

NOTE: Reportedly, the directory traversal issue does not affect Mac OS X.

8. A vulnerability in SMB File Server can be exploited by malicious people to compromise a vulnerable system.

9. It is possible to store malicious files within the User Template directory. This can be exploited to execute arbitrary code with permissions of a new user when his home directory is created using the User Template directory.

10. Some vulnerabilities in Tomcat can be exploited by malicious users to disclose sensitive information and by malicious people to disclose sensitive information or to conduct cross-site scripting attacks.

11. A vulnerability in WebKit can be exploited by malicious people to compromise a user's system.


Impact

  • Cross-Site Scripting
  • Denial of Service
  • Elevation of Privilege
  • Remote Code Execution
  • Security Restriction Bypass
  • Spoofing

System / Technologies affected

  • Mac OS X version 10.4.11
  • Mac OS X Server version 10.4.11
  • Mac OS X versions 10.5 through 10.5.3
  • Mac OS X Server versions 10.5 through 10.5.3

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.


Vulnerability Identifier


Source


Related Link