About the security content of Mac OS X v10.6.8 and Security Update 2011-004

2011-07-04T00:00:00
ID SECURITYVULNS:DOC:26596
Type securityvulns
Reporter Securityvulns
Modified 2011-07-04T00:00:00

Description

About the security content of Mac OS X v10.6.8 and Security Update 2011-004

Last Modified: June 23, 2011
Article: HT4723

Email this article Print this page Summary

This document describes of Mac OS X v10.6.8 and Security Update 2011-004, which can be downloaded and installed via Software Update preferences, or from Apple Downloads.

For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.

For information about the Apple Product Security PGP Key, see "How to use the Apple Product Security PGP Key."

Where possible, CVE IDs are used to reference the vulnerabilities for further information.

To learn about other Security Updates, see "Apple Security Updates." Products Affected

Mac OS X 10.6, Product Security Mac OS X v10.6.8 and Security Update 2011-004

AirPort

Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8

Impact: When connected to Wi-Fi, an attacker on the same network may be able to cause a system reset

Description: An out of bounds memory read issue existed in the handling of Wi-Fi frames. When connected to Wi-Fi, an attacker on the same network may be able to cause a system reset. This issue does not affect Mac OS X v10.6

CVE-ID

CVE-2011-0196

App Store

Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.7, Mac OS X Server v10.6 through v10.6.7

Impact: The user's AppleID password may be logged to a local file

Description: In certain circumstances, App Store may log the user's AppleID password to a file that is not readable by other users on the system. This issue is addressed through improved handling of credentials.

CVE-ID

CVE-2011-0197 : Paul Nelson

ATS

Available for: Mac OS X v10.6 through v10.6.7, Mac OS X Server v10.6 through v10.6.7

Impact: Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution

Description: A heap buffer overflow issue existed in the handling of TrueType fonts. Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution.

CVE-ID

CVE-2011-0198 : Harry Sintonen, Marc Schoenefeld of the Red Hat Security Response Team

Certificate Trust Policy

Available for: Mac OS X v10.6 through v10.6.7, Mac OS X Server v10.6 through v10.6.7

Impact: An attacker with a privileged network position may intercept user credentials or other sensitive information

Description: An error handling issue existed in the Certificate Trust Policy. If an Extended Validation (EV) certificate has no OCSP URL, and CRL checking is enabled, the CRL will not be checked and a revoked certificate may be accepted as valid. This issue is mitigated as most EV certificates specify an OCSP URL.

CVE-ID

CVE-2011-0199 : Chris Hawk and Wan-Teh Chang of Google

ColorSync

Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8

Impact: Viewing a maliciously crafted image with an embedded ColorSync profile may lead to an unexpected application termination or arbitrary code execution

Description: An integer overflow existed in the handling of images with an embedded ColorSync profile, which may lead to a heap buffer overflow. Opening a maliciously crafted image with an embedded ColorSync profile may lead to an unexpected application termination or arbitrary code execution.

CVE-ID

CVE-2011-0200 : binaryproof working with TippingPoint's Zero Day Initiative

CoreFoundation

Available for: Mac OS X v10.6 through v10.6.7, Mac OS X Server v10.6 through v10.6.7

Impact: Applications that use the CoreFoundation framework may be vulnerable to an unexpected application termination or arbitrary code execution

Description: An off-by-one buffer overflow issue existed in the handling of CFStrings. Applications that use the CoreFoundation framework may be vulnerable to an unexpected application termination or arbitrary code execution.

CVE-ID

CVE-2011-0201 : Harry Sintonen

CoreGraphics

Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.7, Mac OS X Server v10.6 through v10.6.7

Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution

Description: An integer overflow issue existed in the handling of Type 1 fonts. Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution.

CVE-ID

CVE-2011-0202 : Cristian Draghici of Modulo Consulting, Felix Grobert of the Google Security Team

FTP Server

Available for: Mac OS X Server v10.6 through v10.6.7

Impact: A person with FTP access may list files on the system

Description: A path validation issue existed in xftpd. A person with FTP access may perform a recursive directory listing starting from the root, including directories that are not shared for FTP. The listing will eventually include any file that would be accessible to the FTP user. The contents of files are not disclosed. This issue is addressed through improved path validation. This issue only affects Mac OS X Server systems.

CVE-ID

CVE-2011-0203 : team karlkani

ImageIO

Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.7, Mac OS X Server v10.6 through v10.6.7

Impact: Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution

Description: A heap buffer overflow existed in ImageIO's handling of TIFF images. Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution.

CVE-ID

CVE-2011-0204 : Dominic Chell of NGS Secure

ImageIO

Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.7, Mac OS X Server v10.6 through v10.6.7

Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

Description: A heap buffer overflow issue existed in ImageIO's handling of JPEG2000 images. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.

CVE-ID

CVE-2011-0205 : Harry Sintonen

International Components for Unicode

Available for: Mac OS X v10.6 through v10.6.7, Mac OS X Server v10.6 through v10.6.7

Impact: Applications that use ICU may be vulnerable to an unexpected application termination or arbitrary code execution

Description: A buffer overflow issue existed in ICU's handling of uppercase strings. Applications that use ICU may be vulnerable to an unexpected application termination or arbitrary code execution.

CVE-ID

CVE-2011-0206 : David Bienvenu of Mozilla

Kernel

Available for: Mac OS X v10.6 through v10.6.7, Mac OS X Server v10.6 through v10.6.7

Impact: A local user may be able to cause a system reset

Description: A null dereference issue existed in the handling of IPV6 socket options. A local user may be able to cause a system reset.

CVE-ID

CVE-2011-1132 : Thomas Clement of Intego

Libsystem

Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.7, Mac OS X Server v10.6 through v10.6.7

Impact: Applications which use the glob(3) API may be vulnerable to a denial of service

Description: Applications which use the glob(3) API may be vulnerable to a denial of service. If the glob pattern comes from untrusted input, the application may hang or use excessive CPU resources. This issue is addressed through improved validation of glob patterns.

CVE-ID

CVE-2010-2632 : Maksymilian Arciemowicz

libxslt

Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.7, Mac OS X Server v10.6 through v10.6.7

Impact: Visiting a maliciously crafted website may lead to the disclosure of addresses on the heap

Description: libxslt's implementation of the generate-id() XPath function disclosed the address of a heap buffer. Visiting a maliciously crafted website may lead to the disclosure of addresses on the heap. This issue is addressed by generating an ID based on the difference between the addresses of two heap buffers.

CVE-ID

CVE-2011-0195 : Chris Evans of the Google Chrome Security Team

MobileMe

Available for: Mac OS X v10.6 through v10.6.7, Mac OS X Server v10.6 through v10.6.7

Impact: An attacker with a privileged network position may read a user's MobileMe email aliases

Description: When communicating with MobileMe to determine a user's email aliases, Mail will make requests over HTTP. As a result, an attacker with a privileged network position may read a user's MobileMe email aliases. This issue is addressed by using SSL to access the user's email aliases.

CVE-ID

CVE-2011-0207 : Aaron Sigel of vtty.com

MySQL

Available for: Mac OS X Server v10.5.8, Mac OS X Server v10.6 through v10.6.7

Impact: Multiple vulnerabilities in MySQL 5.0.91

Description: MySQL is updated to version 5.0.92 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. MySQL is only provided with Mac OS X Server systems. Further information is available via the MySQL web site at http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html

CVE-ID

CVE-2010-3677

CVE-2010-3682

CVE-2010-3833

CVE-2010-3834

CVE-2010-3835

CVE-2010-3836

CVE-2010-3837

CVE-2010-3838

OpenSSL

Available for: Mac OS X v10.6 through v10.6.7, Mac OS X Server v10.6 through v10.6.7

Impact: Multiple vulnerabilities in OpenSSL

Description: Multiple vulnerabilities existed in OpenSSL, the most serious of which may lead to arbitrary code execution. These issues are addressed by updating OpenSSL to version 0.9.8r.

CVE-ID

CVE-2009-3245

CVE-2010-0740

CVE-2010-3864

CVE-2010-4180

CVE-2011-0014

patch

Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.7, Mac OS X Server v10.6 through v10.6.7

Impact: Running patch on a maliciously crafted patch file may cause arbitrary files to be created or overwritten

Description: A directory traversal issue existed in GNU patch. Running patch on a maliciously crafted patch file may cause arbitrary files to be created or overwritten. This issue is addressed through improved validation of patch files.

CVE-ID

CVE-2010-4651

QuickLook

Available for: Mac OS X v10.6 through v10.6.7, Mac OS X Server v10.6 through v10.6.7

Impact: Downloading a maliciously crafted Microsoft Office file may lead to an unexpected application termination or arbitrary code execution

Description: A memory corruption issue existed in QuickLook's handling of Microsoft Office files. Downloading a maliciously crafted Microsoft Office file may lead to an unexpected application termination or arbitrary code execution. This issue does not affect systems prior to Mac OS X v10.6.

CVE-ID

CVE-2011-0208 : Tobias Klein working with iDefense VCP

QuickTime

Available for: Mac OS X v10.6 through v10.6.7, Mac OS X Server v10.6 through v10.6.7

Impact: Viewing a maliciously crafted WAV file may lead to an unexpected application termination or arbitrary code execution

Description: An integer overflow existed in QuickTime's handling of RIFF WAV files. Viewing a maliciously crafted WAV file may lead to an unexpected application termination or arbitrary code execution.

CVE-ID

CVE-2011-0209 : Luigi Auriemma working with TippingPoint's Zero Day Initiative

QuickTime

Available for: Mac OS X v10.6 through v10.6.7, Mac OS X Server v10.6 through v10.6.7

Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution

Description: A memory corruption issue existed in QuickTime's handling of sample tables in QuickTime movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution.

CVE-ID

CVE-2011-0210 : Honggang Ren of Fortinet's FortiGuard Labs

QuickTime

Available for: Mac OS X v10.6 through v10.6.7, Mac OS X Server v10.6 through v10.6.7

Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution

Description: An integer overflow existed in QuickTime's handling of movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution.

CVE-ID

CVE-2011-0211 : Luigi Auriemma working with TippingPoint's Zero Day Initiative

QuickTime

Available for: Mac OS X v10.6 through v10.6.7, Mac OS X Server v10.6 through v10.6.7

Impact: Viewing a maliciously crafted PICT image may lead to an unexpected application termination or arbitrary code execution

Description: A buffer overflow existed in QuickTime's handling of PICT images. Viewing a maliciously crafted PICT image may lead to an unexpected application termination or arbitrary code execution.

CVE-ID

CVE-2010-3790 : Subreption LLC working with TippingPoint's Zero Day Initiative

QuickTime

Available for: Mac OS X v10.6 through v10.6.7, Mac OS X Server v10.6 through v10.6.7

Impact: Viewing a maliciously crafted JPEG file may lead to an unexpected application termination or arbitrary code execution

Description: A buffer overflow existed in QuickTime's handling of JPEG files. Viewing a maliciously crafted JPEG file may lead to an unexpected application termination or arbitrary code execution.

CVE-ID

CVE-2011-0213 : Luigi Auriemma working with iDefense

Samba

Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8

Impact: If SMB file sharing is enabled, a remote attacker may cause a denial of service or arbitrary code execution

Description: A stack buffer overflow existed in Samba's handling of Windows Security IDs. If SMB file sharing is enabled, a remote attacker may cause a denial of service or arbitrary code execution. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X 10.6.7.

CVE-ID

CVE-2010-3069

Samba

Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.7, Mac OS X Server v10.6 through v10.6.7

Impact: If SMB file sharing is enabled, a remote attacker may cause a denial of service or arbitrary code execution

Description: A memory corruption issue existed in Samba's handling of file descriptors. If SMB file sharing is enabled, a remote attacker may cause a denial of service or arbitrary code execution.

CVE-ID

CVE-2011-0719 : Volker Lendecke of SerNet

servermgrd

Available for: Mac OS X Server v10.5.8, Mac OS X Server v10.6 through v10.6.7

Impact: A remote attacker may be able to read arbitrary files from the system

Description: An XML External Entity issue exists in servermgrd's handling of XML-RPC requests. This issue is addressed by removing servermgrd's XML-RPC interface. This issue only affects Mac OS X Server systems.

CVE-ID

CVE-2011-0212 : Apple

subversion

Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.7, Mac OS X Server v10.6 through v10.6.7

Impact: If an http based Subversion server is configured, a remote attacker may be able to cause a denial of service

Description: A null dereference issue existed in Subversion's handling of lock tokens sent over HTTP. If an http based Subversion server is configured, a remote attacker may be able to cause a denial of service. For Mac OS X v10.6 systems, Subversion is updated to version 1.6.6. For Mac OS X v10.5.8 systems, the issue is addressed through additional validation of lock tokens. Further information is available via the Subversion web site at http://subversion.tigris.org/

CVE-ID

CVE-2011-0715