[SA12491] Mac OS X Security Update Fixes Multiple Vulnerabilities

2004-09-08T00:00:00
ID SECURITYVULNS:DOC:6773
Type securityvulns
Reporter Securityvulns
Modified 2004-09-08T00:00:00

Description

TITLE: Mac OS X Security Update Fixes Multiple Vulnerabilities

SECUNIA ADVISORY ID: SA12491

VERIFY ADVISORY: http://secunia.com/advisories/12491/

CRITICAL: Moderately critical

IMPACT: Security Bypass, Cross Site Scripting, Manipulation of data, Exposure of system information, Exposure of sensitive information, Privilege escalation, DoS, System access

WHERE: >From remote

OPERATING SYSTEM: Apple Macintosh OS X http://secunia.com/product/96/

SOFTWARE: Safari 1.x http://secunia.com/product/1543/

DESCRIPTION: Apple has issued a security update for Mac OS X, which fixes various vulnerabilities.

1) Two vulnerabilities in mod_ssl and apache can potentially can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.

For more information: SA11534 SA11956

These vulnerabilities affect Server versions only.

2) A vulnerability within the CoreFoundation may result in a privileged program loading a user supplied library. The problem is reportedly that bundles using the CFPlugIn facilities can include directions to automatically load plugin executables.

Successful exploitation allows a malicious, local users to gain escalated privileges.

3) A vulnerability within the CoreFoundation can be exploited by malicious, local users to gain escalated privileges.

The vulnerability is caused due to a boundary error within the handling of an environment variable. This may cause a buffer overflow and allow execution of arbitrary code with the privileges of a privileged program.

4) A vulnerability in the IPsec implementation can potentially be exploited by malicious people to bypass certain security restrictions.

For more information: SA11863

5) Vulnerabilities in Kerberos can be exploited by malicious users to compromise a vulnerable system.

For more information: SA11753

6) Vulnerabilities in lukemftpd can potentially be exploited by malicious users to gain escalated privileges or compromise a vulnerable system.

For more information: SA12226

7) A vulnerability in OpenLDAP may reportedly allow a crypt password to be used as if it was a plain text password. The vulnerability is caused due to an error within the backwards compatibility with older LDAP implementations, which allows a crypt password to be stored in the "userPassword" attribute.

This vulnerability does not affect version 10.2.8.

8) An older vulnerability in OpenSSH can potentially be exploited by malicious people to overwrite arbitrary files.

The vulnerability is caused due to missing validation in the scp utility when handling filenames. This can be exploited by a malicious SSH server to overwrite an arbitrary file with the privileges of the user via a directory traversal attack.

9) A vulnerability in the PPPDialer can be exploited by malicious, local users to overwrite certain system files.

The vulnerability is caused due to the PPP components accessing a file stored in a world-writable location insecurely.

10) A vulnerability in the QuickTime Streaming Server can be exploited by malicious people to cause a DoS (Denial of Service) via a particular sequence of client operations.

This vulnerability affects Server versions only.

11) A vulnerability in rsync can be exploited by malicious people to write files outside the intended directory.

For more information: SA11514

12) A vulnerability in Safari can be exploited by malicious people to spoof the content of websites.

For more information: SA11978

13) Vulnerabilities in SquirrelMail can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.

For more information: SA11685

14) Two vulnerabilities in tcpdump can be exploited by malicious people to cause a DoS (Denial of Service).

For more information: SA11258

SOLUTION: Apply Security Update 2004-09-07.

Mac OS X 10.3.5: http://www.apple.com/support/downloads/securityupdate_2004-09-07_(10_3_5_Client).html

Mac OS X Server 10.3.5: http://www.apple.com/support/downloads/securityupdate_2004-09-07_(10_3_5_Server).html

Mac OS X 10.3.4: http://www.apple.com/support/downloads/securityupdate_2004-09-07(10_3_4_Client).html

Mac OS X Server 10.3.4: http://www.apple.com/support/downloads/securityupdate_2004-09-07_(10_3_4_Server).html

Mac OS X 10.2.8: http://www.apple.com/support/downloads/securityupdate_2004-09-07_(10_2_8_Client).html

Mac OS X Server 10.2.8: http://www.apple.com/support/downloads/securityupdate_2004-09-07_(10_2_8_Server).html

PROVIDED AND/OR DISCOVERED BY: 2) Kikuchi Masashi 3) Aaron 7) Steve Revilak

OTHER REFERENCES: SA11258: http://secunia.com/advisories/11258/

SA11514: http://secunia.com/advisories/11514/

SA11534: http://secunia.com/advisories/11534/

SA11685: http://secunia.com/advisories/11685/

SA11753: http://secunia.com/advisories/11753/

SA11863: http://secunia.com/advisories/11863/

SA11956: http://secunia.com/advisories/11956/

SA11978: http://secunia.com/advisories/11978/

SA12226: http://secunia.com/advisories/12226/


About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.