Apple Mac OS X Multiple Vulnerabilities
RISK: Medium Risk
Multiple vulnerabilities have been identified in Apple Mac OS X, which could be exploited by remote or local attackers to disclose sensitive information, bypass security restrictions, cause a denial of service or compromise an affected system.
1. Due to a stack buffer overflow error in CarbonCore when handling overly long filenames, which could be exploited to crash an affected application or execute arbitrary code.
2. Due to memory corruption errors in CoreGraphics when processing certain arguments, which could be exploited to crash an affected application (e.g .web browser) or execute arbitrary code.
3. Due to an integer overflow error in CoreGraphics when processing malformed PDF files, which could be exploited to crash an affected application or execute arbitrary code.
4. Due to a resource consumption in the Data Detectors Engine when handling textual content, which could be exploited to cause a denial of service.
5. Due to insecure permissions being set on "/usr/bin/emacs" by the "Repair Permissions" tool in Disk Utility, which could allow a local user to use emacs to run commands with system privileges.
6. Due to memory corruption errors in QuickLook when handling specially crafted MS Office files, which could be exploited by attackers to execute arbitrary code by tricking a user into downloading a malicious Office file.
Impact
- Denial of Service
- Remote Code Execution
- Security Restriction Bypass
- Information Disclosure
System / Technologies affected
- Apple Mac OS X version 10.4.11 and prior
- Apple Mac OS X version 10.5.4 and prior
- Apple Mac OS X Server version 10.4.11 and prior
- Apple Mac OS X Server version 10.5.4 and prior
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
Apple Security Update 2008-005 Server (PPC) :
http://www.apple.com/support/downloads/securityupdate2008005serverppc.htmlApple Security Update 2008-005 Server (Intel) :
http://www.apple.com/support/downloads/securityupdate2008005serverintel.htmlApple Security Update 2008-005 (PPC) :
http://www.apple.com/support/downloads/securityupdate2008005ppc.htmlApple Security Update 2008-005 (Intel) :
http://www.apple.com/support/downloads/securityupdate2008005intel.htmlApple Security Update 2008-005 (Leopard) :
http://www.apple.com/support/downloads/securityupdate2008005leopard.html
Vulnerability Identifier
- CVE-2007-4850
- CVE-2007-5135
- CVE-2007-6199
- CVE-2007-6200
- CVE-2008-0599
- CVE-2008-0674
- CVE-2008-1447
- CVE-2008-2050
- CVE-2008-2051
- CVE-2008-2320
- CVE-2008-2321
- CVE-2008-2322
- CVE-2008-2323
- CVE-2008-2324
- CVE-2008-2325
- CVE-2008-2952
Source
Related Link
Share with