Lucene search

K
seebugRootSSV:11998
HistoryAug 06, 2009 - 12:00 a.m.

Apple Mac OS X 2009-003修补多个安全漏洞

2009-08-0600:00:00
Root
www.seebug.org
284

0.533 Medium

EPSS

Percentile

97.6%

Bugraq ID: 35954
CVE ID:CVE-2009-1723
CVE-2009-1726
CVE-2009-1727
CVE-2009-0151
CVE-2009-1728
CVE-2009-2188
CVE-2009-2190
CVE-2009-2191
CVE-2009-2192
CVE-2009-2193
CVE-2009-2194
CNCVE ID:CNCVE-20091723
CNCVE-20091726
CNCVE-20091727
CNCVE-20090151
CNCVE-20091728
CNCVE-20092188
CNCVE-20092190
CNCVE-20092191
CNCVE-20092192
CNCVE-20092193
CNCVE-20092194

Apple Mac OS X是一款基于BSD的操作系统。
Apple Mac OS X安全升级2009-003修复多个安全漏洞:
CVE-ID: CVE-2008-1372:
CNCVE ID:CNCVE-20091723
CNCVE-20091726
CNCVE-20091727
CNCVE-20090151
CNCVE-20091728
CNCVE-20092188
CNCVE-20092190
CNCVE-20092191
CNCVE-20092192
CNCVE-20092193
CNCVE-20092194
CNCVE-20081372

bzip2存在越界内存发那个吻问题,构建恶意的压缩文件,诱使用户打开可导致应用程序崩溃。
CVE-ID: CVE-2009-1723:
CNCVE ID:CNCVE-20091723
CNCVE-20091726
CNCVE-20091727
CNCVE-20090151
CNCVE-20091728
CNCVE-20092188
CNCVE-20092190
CNCVE-20092191
CNCVE-20092192
CNCVE-20092193
CNCVE-20092194
CNCVE-20081372
CNCVE-20091723

当Safari访问到通过302重定向的WEB站点时,会提示证书警告,此警告会包含原始WEB站点URL来代替当前WEB站点URL,这允许恶意构建的WEB站点可控制显示在证书警告中的WEB站点URL,导致用户盲目信任。
CVE-ID: CVE-2009-1726:
CNCVE ID:CNCVE-20091723
CNCVE-20091726
CNCVE-20091727
CNCVE-20090151
CNCVE-20091728
CNCVE-20092188
CNCVE-20092190
CNCVE-20092191
CNCVE-20092192
CNCVE-20092193
CNCVE-20092194
CNCVE-20081372
CNCVE-20091723
CNCVE-20091726

打开一个特殊构建的使用嵌入式ColorSync配置文件的图像时可导致应用程序崩溃。
CVE-ID: CVE-2009-1727:
CNCVE ID:CNCVE-20091723
CNCVE-20091726
CNCVE-20091727
CNCVE-20090151
CNCVE-20091728
CNCVE-20092188
CNCVE-20092190
CNCVE-20092191
CNCVE-20092192
CNCVE-20092193
CNCVE-20092194
CNCVE-20081372
CNCVE-20091723
CNCVE-20091726
CNCVE-20091727

打开部分不安全内容类型时没有对用户提示警告,可导致恶意脚本代码负载执行。
CVE-ID: CVE-2009-0151:
CNCVE ID:CNCVE-20091723
CNCVE-20091726
CNCVE-20091727
CNCVE-20090151
CNCVE-20091728
CNCVE-20092188
CNCVE-20092190
CNCVE-20092191
CNCVE-20092192
CNCVE-20092193
CNCVE-20092194
CNCVE-20081372
CNCVE-20091723
CNCVE-20091726
CNCVE-20091727
CNCVE-20090151

屏幕保护没有正确阻断four-finger Multi-Touch gestures多点触控,允许物理访问的用户可管理应用程序。
CVE-ID: CVE-2009-1728:
CNCVE ID:CNCVE-20091723
CNCVE-20091726
CNCVE-20091727
CNCVE-20090151
CNCVE-20091728
CNCVE-20092188
CNCVE-20092190
CNCVE-20092191
CNCVE-20092192
CNCVE-20092193
CNCVE-20092194
CNCVE-20081372
CNCVE-20091723
CNCVE-20091726
CNCVE-20091727
CNCVE-20090151
CNCVE-20091728

处理Canon RAW图像存在多个栈缓冲区溢出。
CVE-ID: CVE-2009-1722:
CNCVE ID:CNCVE-20091723
CNCVE-20091726
CNCVE-20091727
CNCVE-20090151
CNCVE-20091728
CNCVE-20092188
CNCVE-20092190
CNCVE-20092191
CNCVE-20092192
CNCVE-20092193
CNCVE-20092194
CNCVE-20081372
CNCVE-20091723
CNCVE-20091726
CNCVE-20091727
CNCVE-20090151
CNCVE-20091728
CNCVE-20091722

ImageIO处理OpenEXR图像存在堆缓冲区溢出。
CVE-ID: CVE-2009-1721:
CNCVE ID:CNCVE-20091723
CNCVE-20091726
CNCVE-20091727
CNCVE-20090151
CNCVE-20091728
CNCVE-20092188
CNCVE-20092190
CNCVE-20092191
CNCVE-20092192
CNCVE-20092193
CNCVE-20092194
CNCVE-20081372
CNCVE-20091723
CNCVE-20091726
CNCVE-20091727
CNCVE-20090151
CNCVE-20091728
CNCVE-20091722
CNCVE-20091721

ImageIO处理OpenEXR图像存在未初始化内存访问问题,可导致应用程序崩溃或任意代码执行

CVE-ID: CVE-2009-1720:
CNCVE ID:CNCVE-20091723
CNCVE-20091726
CNCVE-20091727
CNCVE-20090151
CNCVE-20091728
CNCVE-20092188
CNCVE-20092190
CNCVE-20092191
CNCVE-20092192
CNCVE-20092193
CNCVE-20092194
CNCVE-20081372
CNCVE-20091723
CNCVE-20091726
CNCVE-20091727
CNCVE-20090151
CNCVE-20091728
CNCVE-20091722
CNCVE-20091721
CNCVE-20091720

ImageIO处理OpenEXR图像存在整数溢出问题,可导致应用程序崩溃或任意代码执行。
CVE-ID: CVE-2009-2188:
CNCVE ID:CNCVE-20091723
CNCVE-20091726
CNCVE-20091727
CNCVE-20090151
CNCVE-20091728
CNCVE-20092188
CNCVE-20092190
CNCVE-20092191
CNCVE-20092192
CNCVE-20092193
CNCVE-20092194
CNCVE-20081372
CNCVE-20091723
CNCVE-20091726
CNCVE-20091727
CNCVE-20090151
CNCVE-20091728
CNCVE-20091722
CNCVE-20091721
CNCVE-20091720
CNCVE-20092188

ImageIO处理EXIF元数据存在缓冲区溢出问题,可导致应用程序崩溃或任意代码执行。
CVE-ID: CVE-2009-0040:
CNCVE ID:CNCVE-20091723
CNCVE-20091726
CNCVE-20091727
CNCVE-20090151
CNCVE-20091728
CNCVE-20092188
CNCVE-20092190
CNCVE-20092191
CNCVE-20092192
CNCVE-20092193
CNCVE-20092194
CNCVE-20081372
CNCVE-20091723
CNCVE-20091726
CNCVE-20091727
CNCVE-20090151
CNCVE-20091728
CNCVE-20091722
CNCVE-20091721
CNCVE-20091720
CNCVE-20092188
CNCVE-20090040

处理PNG图像存在未初始化指针问题,构建特殊的PNG诱使用户处理可导致应用程序崩溃或任意代码执行。
CVE-ID: CVE-2009-1235:
CNCVE ID:CNCVE-20091723
CNCVE-20091726
CNCVE-20091727
CNCVE-20090151
CNCVE-20091728
CNCVE-20092188
CNCVE-20092190
CNCVE-20092191
CNCVE-20092192
CNCVE-20092193
CNCVE-20092194
CNCVE-20081372
CNCVE-20091723
CNCVE-20091726
CNCVE-20091727
CNCVE-20090151
CNCVE-20091728
CNCVE-20091722
CNCVE-20091721
CNCVE-20091720
CNCVE-20092188
CNCVE-20090040
CNCVE-20091235

内核fcntl系统调用处理存在实现错误,本地攻击者可以覆盖内核内存以系统特权执行任意代码。
CVE-ID: CVE-2009-2190:
CNCVE ID:CNCVE-20091723
CNCVE-20091726
CNCVE-20091727
CNCVE-20090151
CNCVE-20091728
CNCVE-20092188
CNCVE-20092190
CNCVE-20092191
CNCVE-20092192
CNCVE-20092193
CNCVE-20092194
CNCVE-20081372
CNCVE-20091723
CNCVE-20091726
CNCVE-20091727
CNCVE-20090151
CNCVE-20091728
CNCVE-20091722
CNCVE-20091721
CNCVE-20091720
CNCVE-20092188
CNCVE-20090040
CNCVE-20091235
CNCVE-20092190

对基于inetd的launchd服务打开多个连接,可导致launchd停止对外连接的响应。
CVE-ID: CVE-2009-2191:
CNCVE ID:CNCVE-20091723
CNCVE-20091726
CNCVE-20091727
CNCVE-20090151
CNCVE-20091728
CNCVE-20092188
CNCVE-20092190
CNCVE-20092191
CNCVE-20092192
CNCVE-20092193
CNCVE-20092194
CNCVE-20081372
CNCVE-20091723
CNCVE-20091726
CNCVE-20091727
CNCVE-20090151
CNCVE-20091728
CNCVE-20091722
CNCVE-20091721
CNCVE-20091720
CNCVE-20092188
CNCVE-20090040
CNCVE-20091235
CNCVE-20092190
CNCVE-20092191

登录窗口处理应用程序名存在格式串问题,可导致应用程序崩溃或任意代码执行。
CVE-ID: CVE-2009-2192:
CNCVE ID:CNCVE-20091723
CNCVE-20091726
CNCVE-20091727
CNCVE-20090151
CNCVE-20091728
CNCVE-20092188
CNCVE-20092190
CNCVE-20092191
CNCVE-20092192
CNCVE-20092193
CNCVE-20092194
CNCVE-20081372
CNCVE-20091723
CNCVE-20091726
CNCVE-20091727
CNCVE-20090151
CNCVE-20091728
CNCVE-20091722
CNCVE-20091721
CNCVE-20091720
CNCVE-20092188
CNCVE-20090040
CNCVE-20091235
CNCVE-20092190
CNCVE-20092191
CNCVE-20092192

MobileMe存在一个逻辑错误,在退出时没有删除所有凭据,本地用户可以访问其他MobileMe帐户相关资源。
CVE-ID: CVE-2009-2193:
CNCVE ID:CNCVE-20091723
CNCVE-20091726
CNCVE-20091727
CNCVE-20090151
CNCVE-20091728
CNCVE-20092188
CNCVE-20092190
CNCVE-20092191
CNCVE-20092192
CNCVE-20092193
CNCVE-20092194
CNCVE-20081372
CNCVE-20091723
CNCVE-20091726
CNCVE-20091727
CNCVE-20090151
CNCVE-20091728
CNCVE-20091722
CNCVE-20091721
CNCVE-20091720
CNCVE-20092188
CNCVE-20090040
CNCVE-20091235
CNCVE-20092190
CNCVE-20092191
CNCVE-20092192
CNCVE-20092193

内核处理 AppleTalk应答报文存在缓冲区溢出,可导致以系统权限执行任意指令。
CVE-ID: CVE-2009-2194:
CNCVE ID:CNCVE-20091723
CNCVE-20091726
CNCVE-20091727
CNCVE-20090151
CNCVE-20091728
CNCVE-20092188
CNCVE-20092190
CNCVE-20092191
CNCVE-20092192
CNCVE-20092193
CNCVE-20092194
CNCVE-20081372
CNCVE-20091723
CNCVE-20091726
CNCVE-20091727
CNCVE-20090151
CNCVE-20091728
CNCVE-20091722
CNCVE-20091721
CNCVE-20091720
CNCVE-20092188
CNCVE-20090040
CNCVE-20091235
CNCVE-20092190
CNCVE-20092191
CNCVE-20092192
CNCVE-20092193
CNCVE-20092194

处理通过本地套接字共享的文件描述符存在同步问题,通过发送包含文件描述符的消息给没有接收者的套接字,本地用户可导致系统崩溃。
CVE-ID: CVE-2008-0674:
CNCVE ID:CNCVE-20091723
CNCVE-20091726
CNCVE-20091727
CNCVE-20090151
CNCVE-20091728
CNCVE-20092188
CNCVE-20092190
CNCVE-20092191
CNCVE-20092192
CNCVE-20092193
CNCVE-20092194
CNCVE-20081372
CNCVE-20091723
CNCVE-20091726
CNCVE-20091727
CNCVE-20090151
CNCVE-20091728
CNCVE-20091722
CNCVE-20091721
CNCVE-20091720
CNCVE-20092188
CNCVE-20090040
CNCVE-20091235
CNCVE-20092190
CNCVE-20092191
CNCVE-20092192
CNCVE-20092193
CNCVE-20092194
CNCVE-20080674

XQuery使用的PCRE库处理规则表达式中的字符类存在缓冲区溢出,构建恶意的XML内容诱使用户访问可触发此漏洞。

Apple Mac OS X Server 10.5.7
Apple Mac OS X Server 10.5.6
Apple Mac OS X Server 10.5.5
Apple Mac OS X Server 10.5.4
Apple Mac OS X Server 10.5.3
Apple Mac OS X Server 10.5.2
Apple Mac OS X Server 10.5.1
Apple Mac OS X Server 10.4.11
Apple Mac OS X Server 10.4.11
Apple Mac OS X Server 10.4.10
Apple Mac OS X Server 10.4.9
Apple Mac OS X Server 10.4.8
Apple Mac OS X Server 10.4.7
Apple Mac OS X Server 10.4.6
Apple Mac OS X Server 10.4.5
Apple Mac OS X Server 10.4.4
Apple Mac OS X Server 10.4.3
Apple Mac OS X Server 10.4.2
Apple Mac OS X Server 10.4.1
Apple Mac OS X Server 10.4
Apple Mac OS X Server 10.5
Apple Mac OS X 10.5.7
Apple Mac OS X 10.5.6
Apple Mac OS X 10.5.5
Apple Mac OS X 10.5.4
Apple Mac OS X 10.5.3
Apple Mac OS X 10.5.2
Apple Mac OS X 10.5.1
Apple Mac OS X 10.4.11
Apple Mac OS X 10.4.11
Apple Mac OS X 10.4.10
Apple Mac OS X 10.4.9
Apple Mac OS X 10.4.8
Apple Mac OS X 10.4.7
Apple Mac OS X 10.4.6
Apple Mac OS X 10.4.5
Apple Mac OS X 10.4.4
Apple Mac OS X 10.4.3
Apple Mac OS X 10.4.2
Apple Mac OS X 10.4.1
Apple Mac OS X 10.4
Apple Mac OS X 10.5
厂商解决方案
用户可联系供应商获得升级补丁:
Apple Mac OS X Server 10.5
Apple MacOSXServerUpdCombo10.5.8.dmg
http://www.apple.com/support/downloads/
Apple Mac OS X 10.5
Apple MacOSXUpdCombo10.5.8.dmg
http://www.apple.com/support/downloads/
Apple Mac OS X Server 10.4.11
Apple SecUpdSrvr2009-003PPC.dmg
PowerPC
http://www.apple.com/support/downloads/
Apple SecUpdSrvr2009-003Univ.dmg
Universal
http://www.apple.com/support/downloads/
Apple Mac OS X 10.4.11
Apple SecUpd2009-003Intel.dmg
Intel
http://www.apple.com/support/downloads/
Apple SecUpd2009-003PPC.dmg
PPC
http://www.apple.com/support/downloads/
Apple Mac OS X 10.5.1
Apple MacOSXUpdCombo10.5.8.dmg
http://www.apple.com/support/downloads/
Apple Mac OS X Server 10.5.1
Apple MacOSXServerUpdCombo10.5.8.dmg
http://www.apple.com/support/downloads/
Apple Mac OS X 10.5.2
Apple MacOSXUpdCombo10.5.8.dmg
http://www.apple.com/support/downloads/
Apple Mac OS X Server 10.5.2
Apple MacOSXServerUpdCombo10.5.8.dmg
http://www.apple.com/support/downloads/
Apple Mac OS X 10.5.3
Apple MacOSXUpdCombo10.5.8.dmg
http://www.apple.com/support/downloads/
Apple Mac OS X Server 10.5.3
Apple MacOSXServerUpdCombo10.5.8.dmg
http://www.apple.com/support/downloads/
Apple Mac OS X 10.5.4
Apple MacOSXUpdCombo10.5.8.dmg
http://www.apple.com/support/downloads/
Apple Mac OS X Server 10.5.4
Apple MacOSXServerUpdCombo10.5.8.dmg
http://www.apple.com/support/downloads/
Apple Mac OS X Server 10.5.5
Apple MacOSXServerUpdCombo10.5.8.dmg
http://www.apple.com/support/downloads/
Apple Mac OS X 10.5.5
Apple MacOSXUpdCombo10.5.8.dmg
http://www.apple.com/support/downloads/
Apple Mac OS X 10.5.6
Apple MacOSXUpdCombo10.5.8.dmg
http://www.apple.com/support/downloads/
Apple Mac OS X Server 10.5.6
Apple MacOSXServerUpdCombo10.5.8.dmg
http://www.apple.com/support/downloads/
Apple Mac OS X Server 10.5.7
Apple MacOSXServerUpd10.5.8.dmg
http://www.apple.com/support/downloads/
Apple Mac OS X 10.5.7
Apple MacOSXUpd10.5.8.dmg
http://www.apple.com/support/downloads/