Apple Mac OS X Multiple Vulnerabilities
RISK: Medium Risk
Multiple vulnerabilities have been identified in Apple Mac OS X, which could be exploited by remote or local attackers to disclose sensitive information, bypass security restrictions, cause a denial of service or compromise an affected system. These issues are caused by buffer overflow, insecure file, null pointer dereference, uninitialized memory access, memory corruption, race condition, integer overflow, input validation and design errors in ATS, BIND, ClamAV, Directory Services, Finder, ImageIO, Kernel, libresolv, Login Window, OpenSSH, QuickDraw Manager, Ruby, SearchKit, System Configuration, System Preferences, Time Machine, VideoConference and Wiki Server.
1. A boundary error in the handling of PostScript font names in Apple Type Services can be exploited to cause a heap-based buffer overflow when a document containing a specially crafted font is viewed.
Successful exploitation may allow execution of arbitrary code.
2. Some vulnerabilities in ClamAV can be exploited by malicious people to bypass certain security restrictions, cause a DoS (Denial of Service), or compromise a vulnerable system.
3. An error exists in Directory Services when it is configured to authenticate users with Active Directory. This can be exploited to disclose a list of user names from Active Directory in the Login Window by supplying wildcard characters in the user name field.
4. A vulnerability is caused due to an insecure file operation within the "slapconfig" tool, which can be exploited by a malicious, local user to disclose the password that are entered by administrative users using "slapconfig".
5. An weakness in Finder causes the "Get Info" window to incorrectly display the privileges for a file.
6. A null pointer dereference error exists in Finder when searching for a remote disc. This can be exploited by malicious people with access to the local network to cause Finder to exit immediately after it starts.
7. A vulnerability in ImageIO can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise a user's system.
8. An unspecified error exists in ImageIO when handling TIFF images. This can be exploited to cause a memory corruption and allows crashing an application or potentially arbitrary code execution.
9. An unspecified error in ImageIO when processing embedded ICC profiles in JPEG images can be exploited to crash an application or potentially execute arbitrary code.
10. A vulnerability in ImageIO can be exploited by malicious people to cause a DoS (Denial of Service), disclose potentially sensitive information, or potentially compromise an application using the library.
11. An error in the Kernel when a vnode is recycled can be exploited by malicious, local users to read or write certain files without proper permissions.
12. A security issue exists in libresolv and mDNSResponder due to DNS query port number not being sufficiently randomised, which can be exploited to poison the DNS cache.
13. A race condition exists in Login Window, which can be exploited to log in as an arbitrary user without providing any credentials if the system has an account without password enabled, e.g. the "Guest" account.
14. A weakness exists due to Login Window not properly clearing the password after a failed password change, which can be exploited by malicious people with access to the Login Screen to reset a user's password.
Successful exploitation requires that a user leaves a system with the error message displayed after a failed password change.
15. A vulnerability and a weakness in OpenSSH can be exploited by malicious, local users to disclose sensitive information or to bypass certain security restrictions.
16. A vulnerability in QuickDraw Manager can be exploited by malicious people to compromise a user's system.
17. A vulnerability in Ruby can be exploited by malicious people to cause a DoS (Denial of Service).
18. Integer overflow errors exist in unspecified functions within the SearchKit framework. These can be exploited to crash an application or execute arbitrary code when an application passes untrusted input to SearchKit.
19. An error in System Configuration exists due to PPP passwords being stored unencrypted in a world readable file.
20. An error exists in Time Machine due to log files being stored with insecure permissions on the backup drive , which can lead to disclosure of sensitive information.
21. A memory corruption error exists in the handling of H.264 encoded media within the VideoConference framework. This can be exploited to crash an application and potentially execute arbitrary code e.g. when a user starts a video conference with a malicious person.
22. Certain input in emails is not properly sanitised before being used in the mailing list archive in Wiki Server. This can be exploited to insert arbitrary HTML and script code, which will be executed in another user's browser session in context of an affected site e.g. when a malicious mail is viewed.
Impact
- Denial of Service
- Remote Code Execution
- Security Restriction Bypass
- Information Disclosure
System / Technologies affected
- Apple Mac OS X version 10.4.11 and prior
- Apple Mac OS X Server version 10.4.11 and prior
- Apple Mac OS X versions 10.5 through 10.5.4
- Apple Mac OS X Server versions 10.5 through 10.5.4
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
Download locations for this patch
- Apple Security Update 2008-006 Client (Intel) :
http://www.apple.com/support/downloads/securityupdate2008006clientintel.html - Apple Security Update 2008-006 Client (PPC) :
http://www.apple.com/support/downloads/securityupdate2008006clientppc.html - Apple Security Update 2008-006 Server (PPC) :
http://www.apple.com/support/downloads/securityupdate2008006serverppc.html - Apple Security Update 2008-006 Server (Universal) :
http://www.apple.com/support/downloads/securityupdate2008006serveruniversal.html - Apple Mac OS X 10.5.5 Combo Update :
http://www.apple.com/support/downloads/macosx1055comboupdate.html - Apple Mac OS X 10.5.5 Update :
http://www.apple.com/support/downloads/macosx1055update.html - Apple Mac OS X Server 10.5.5 :
http://www.apple.com/support/downloads/macosxserver1055.html - Apple Mac OS X Server Combo 10.5.5 :
http://www.apple.com/support/downloads/macosxservercombo1055.html
Vulnerability Identifier
- CVE-2008-0314
- CVE-2008-1100
- CVE-2008-1382
- CVE-2008-1387
- CVE-2008-1447
- CVE-2008-1483
- CVE-2008-1657
- CVE-2008-1833
- CVE-2008-1835
- CVE-2008-1836
- CVE-2008-1837
- CVE-2008-2305
- CVE-2008-2312
- CVE-2008-2327
- CVE-2008-2329
- CVE-2008-2330
- CVE-2008-2331
- CVE-2008-2332
- CVE-2008-2713
- CVE-2008-3215
- CVE-2008-3608
- CVE-2008-3609
- CVE-2008-3610
- CVE-2008-3611
- CVE-2008-3613
- CVE-2008-3614
- CVE-2008-3616
- CVE-2008-3619
- CVE-2008-3621
- CVE-2008-3622
Source
Related Link
Share with