Lucene search

K
threatpostRyan NaraineTHREATPOST:4F867C686B7E31697E158FBD04A5DD35
HistoryMar 29, 2010 - 5:15 p.m.

Apple Mega Patch Covers 88 Mac OS X Vulnerabilities

2010-03-2917:15:44
Ryan Naraine
threatpost.com
64

EPSS

0.972

Percentile

99.9%

Apple Mega Patch Covers 88 Mac OS X Vulnerabilities

Apple today released one of its biggest Mac OS X security updates in recent memory, covering a whopping with fixes for 88 documented vulnerabilities.

The Mac OS X v10.6.3 update, which is considered “critical,” covers flaws that could lead to remote code execution, information disclosure and denial-of-service attacks.

Security Update 2010-002 / Mac OS X v10.6.3 is now available and

addresses the following:

AppKit

CVE-ID: CVE-2010-0056

Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8

Impact: Spell checking a maliciously crafted document may lead to an

unexpected application termination or arbitrary code execution

Description: A buffer overflow exists in the spell checking feature

used by Cocoa applications. Spell checking a maliciously crafted

document may lead to an unexpected application termination or

arbitrary code execution. This issue is addressed through improved

bounds checking. This issue does not affect Mac OS X v10.6 systems.

Credit: Apple.

Application Firewall

CVE-ID: CVE-2009-2801

Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8

Impact: Certain rules in the Application Firewall may become

inactive after restart

Description: A timing issue in the Application Firewall may cause

certain rules to become inactive after reboot. The issue is addressed

through improved handling of Firewall rules. This issue does not

affect Mac OS X v10.6 systems. Credit to Michael Kisor of

OrganicOrb.com for reporting this issue.

AFP Server

CVE-ID: CVE-2010-0057

Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,

Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2

Impact: When guest access is disabled, a remote user may be able to

mount AFP shares as a guest

Description: An access control issue in AFP Server may allow a

remote user to mount AFP shares as a guest, even if guest access is

disabled. This issue is addressed through improved access control

checks. Credit: Apple.

AFP Server

CVE-ID: CVE-2010-0533

Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,

Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2

Impact: A remote user with guest access to an AFP share may access

the contents of world-readable files outside the Public share

Description: A directory traversal issue exists in the path

validation for AFP shares. A remote user may enumerate the parent

directory of the share root, and read or write files within that

directory that are accessible to the ‘nobody’ user. This issue is

addressed through improved handling of file paths. Credit to Patrik

Karlsson of cqure.net for reporting this issue.

Apache

CVE-ID: CVE-2009-3095

Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,

Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2

Impact: A remote attacker may be able to bypass access control

restrictions

Description: An input validation issue exists in Apache’s handling

of proxied FTP requests. A remote attacker with the ability to issue

requests through the proxy may be able to bypass access control

restrictions specified in the Apache configuration. This issue is

addressed by updating Apache to version 2.2.14.

ClamAV

CVE-ID: CVE-2010-0058

Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8

Impact: ClamAV virus definitions may not receive updates

Description: A configuration issue introduced in Security Update

2009-005 prevents freshclam from running. This may prevent virus

definitions from being updated. This issue is addressed by updating

freshclam’s launchd plist ProgramArguments key values. This issue

does not affect Mac OS X v10.6 systems. Credit to Bayard Bell, Wil

Shipley of Delicious Monster, and David Ferrero of Zion Software, LLC

for reporting this issue.

CoreAudio

CVE-ID: CVE-2010-0059

Available for: Mac OS X v10.6 through v10.6.2,

Mac OS X Server v10.6 through v10.6.2

Impact: Playing maliciously crafted audio content may lead to an

unexpected application termination or arbitrary code execution

Description: A memory corruption issue exists in the handling of

QDM2 encoded audio content. Playing maliciously crafted audio content

may lead to an unexpected application termination or arbitrary code

execution. This issue is addressed through improved bounds checking.

Credit to an anonymous researcher working with TippingPoint’s Zero

Day Initiative for reporting this issue.

CoreAudio

CVE-ID: CVE-2010-0060

Available for: Mac OS X v10.6 through v10.6.2,

Mac OS X Server v10.6 through v10.6.2

Impact: Playing maliciously crafted audio content may lead to an

unexpected application termination or arbitrary code execution

Description: A memory corruption issue exists in the handling of

QDMC encoded audio content. Playing maliciously crafted audio content

may lead to an unexpected application termination or arbitrary code

execution. This issue is addressed through improved bounds checking.

Credit to an anonymous researcher working with TippingPoint’s Zero

Day Initiative for reporting this issue.

CoreMedia

CVE-ID: CVE-2010-0062

Available for: Mac OS X v10.6 through v10.6.2,

Mac OS X Server v10.6 through v10.6.2

Impact: Viewing a maliciously crafted movie file may lead to an

unexpected application termination or arbitrary code execution

Description: A heap buffer overflow exists in CoreMedia’s handling

of H.263 encoded movie files. Viewing a maliciously crafted movie

file may lead to an unexpected application termination or arbitrary

code execution. This issue is addressed by performing additional

validation of H.263 encoded movie files. Credit to Damian Put working

with TippingPoint’s Zero Day Initiative for reporting this issue.

CoreTypes

CVE-ID: CVE-2010-0063

Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,

Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2

Impact: Users are not warned before opening certain potentially

unsafe content types

Description: This update adds .ibplugin and .url to the system’s

list of content types that will be flagged as potentially unsafe

under certain circumstances, such as when they are downloaded from a

web page. While these content types are not automatically launched,

if manually opened they could lead to the execution of a malicious

JavaScript payload or arbitrary code execution. This update improves

the system’s ability to notify users before handling content types

used by Safari. Credit to Clint Ruoho of Laconic Security for

reporting this issue.

CUPS

CVE-ID: CVE-2010-0393

Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,

Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2

Impact: A local user may be able to obtain system privileges

Description: A format string issue exists in the lppasswd CUPS

utility. This may allow a local user to obtain system privileges. Mac

OS X v10.6 systems are only affected if the setuid bit has been set

on the binary. This issue is addressed by using default directories

when running as a setuid process. Credit to Ronald Volgers for

reporting this issue.

curl

CVE-ID: CVE-2009-2417

Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,

Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2

Impact: A man-in-the-middle attacker may be able to impersonate a

trusted server

Description: A canonicalization issue exists in curl’s handling of

NULL characters in the subject’s Common Name (CN) field of X.509

certificates. This may lead to man-in-the-middle attacks against

users of the curl command line tool, or applications using libcurl.

This issue is addressed through improved handling of NULL characters.

curl

CVE-ID: CVE-2009-0037

Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8

Impact: Using curl with -L may allow a remote attacker to read or

write local files

Description: curl will follow HTTP and HTTPS redirects when used

with the -L option. When curl follows a redirect, it allows file://

URLs. This may allow a remote attacker to access local files. This

issue is addressed through improved validation of redirects. This

issue does not affect Mac OS X v10.6 systems. Credit to Daniel

Stenberg of Haxx AB for reporting this issue.

Cyrus IMAP

CVE-ID: CVE-2009-2632

Available for: Mac OS X Server v10.5.8

Impact: A local user may be able to obtain the privileges of the

Cyrus user

Description: A buffer overflow exists in the handling of sieve

scripts. By running a maliciously crafted sieve script, a local user

may be able to obtain the privileges of the Cyrus user. This issue is

addressed through improved bounds checking. This issue does not

affect Mac OS X v10.6 systems.

Cyrus SASL

CVE-ID: CVE-2009-0688

Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8

Impact: An unauthenticated remote attacker may cause unexpected

application termination or arbitrary code execution

Description: A buffer overflow exists in the Cyrus SASL

authentication module. Using Cyrus SASL authentication may lead to an

unexpected application termination or arbitrary code execution. This

issue is addressed through improved bounds checking. This issue does

not affect Mac OS X v10.6 systems.

DesktopServices

CVE-ID: CVE-2010-0064

Available for: Mac OS X v10.6 through v10.6.2,

Mac OS X Server v10.6 through v10.6.2

Impact: Items copied in the Finder may be assigned an unexpected

file owner

Description: When performing an authenticated copy in the Finder,

original file ownership may be unexpectedly copied. This update

addresses the issue by ensuring that copied files are owned by the

user performing the copy. This issue does not affect systems prior to

Mac OS X v10.6. Credit to Gerrit DeWitt of Auburn University (Auburn,

AL) for reporting this issue.

DesktopServices

CVE-ID: CVE-2010-0537

Available for: Mac OS X v10.6 through v10.6.2,

Mac OS X Server v10.6 through v10.6.2

Impact: A remote attacker may gain access to user data via a multi-

stage attack

Description: A path resolution issue in DesktopServices is

vulnerable to a multi-stage attack. A remote attacker must first

entice the user to mount an arbitrarily named share, which may be

done via a URL scheme. When saving a file using the default save

panel in any application, and using “Go to folder” or dragging

folders to the save panel, the data may be unexpectedly saved to the

malicious share. This issue is addressed through improved path

resolution. This issue does not affect systems prior to Mac OS X

v10.6. Credit to Sidney San Martin working with DeepTech, Inc. for

reporting this issue.

Disk Images

CVE-ID: CVE-2010-0065

Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,

Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2

Impact: Mounting a maliciously crafted disk image may lead to an

unexpected application termination or arbitrary code execution

Description: A memory corruption issue exists in the handling of

bzip2 compressed disk images. Mounting a maliciously crafted disk

image may lead to an unexpected application termination or arbitrary

code execution. This issue is addressed through improved bounds

checking. Credit: Apple.

Disk Images

CVE-ID: CVE-2010-0497

Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,

Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2

Impact: Mounting a maliciously crafted disk image may lead to

arbitrary code execution

Description: A design issue exists in the handling of internet

enabled disk images. Mounting an internet enabled disk image

containing a package file type will open it rather than revealing it

in the Finder. This file quarantine feature helps to mitigate this

issue by providing a warning dialog for unsafe file types. This issue

is addressed through improved handling of package file types on

internet enabled disk images. Credit to Brian Mastenbrook working

with TippingPoint’s Zero Day Initiative for reporting this issue.

Directory Services

CVE-ID: CVE-2010-0498

Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,

Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2

Impact: A local user may obtain system privileges

Description: An authorization issue in Directory Services’ handling

of record names may allow a local user to obtain system privileges.

This issue is addressed through improved authorization checks.

Credit: Apple.

Dovecot

CVE-ID: CVE-2010-0535

Available for: Mac OS X v10.6 through v10.6.2,

Mac OS X Server v10.6 through v10.6.2

Impact: An authenticated user may be able to send and receive mail

even if the user is not on the SACL of users who are permitted to do

so

Description: An access control issue exists in Dovecot when Kerberos

authentication is enabled. This may allow an authenticated user to

send and receive mail even if the user is not on the service access

control list (SACL) of users who are permitted to do so. This issue

is addressed through improved access control checks. This issue does

not affect systems prior to Mac OS X v10.6.

Event Monitor

CVE-ID: CVE-2010-0500

Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,

Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2

Impact: A remote attacker may cause arbitrary systems to be added to

the firewall blacklist

Description: A reverse DNS lookup is performed on remote ssh clients

that fail to authenticate. A plist injection issue exists in the

handling of resolved DNS names. This may allow a remote attacker to

cause arbitrary systems to be added to the firewall blacklist. This

issue is addressed by properly escaping resolved DNS names. Credit:

Apple.

FreeRADIUS

CVE-ID: CVE-2010-0524

Available for: Mac OS X Server v10.5.8,

Mac OS X Server v10.6 through v10.6.2

Impact: A remote attacker may obtain access to a network via RADIUS

authentication

Description: A certificate authentication issue exists in the

default Mac OS X configuration of the FreeRADIUS server. A remote

attacker may use EAP-TLS with an arbitrary valid certificate to

authenticate and connect to a network configured to use FreeRADIUS

for authentication. This issue is addressed by disabling support for

EAP-TLS in the configuration. RADIUS clients should use EAP-TTLS

instead. This issue only affects Mac OS X Server systems. Credit to

Chris Linstruth of Qnet for reporting this issue.

FTP Server

CVE-ID: CVE-2010-0501

Available for: Mac OS X Server v10.5.8,

Mac OS X Server v10.6 through v10.6.2

Impact: Users may be able to retrieve files outside the FTP root

directory

Description: A directory traversal issue exists in FTP Server. This

may allow a user to retrieve files outside the FTP root directory.

This issue is addressed through improved handling of file names. This

issue only affects Mac OS X Server systems. Credit: Apple.

iChat Server

CVE-ID: CVE-2006-1329

Available for: Mac OS X Server v10.5.8,

Mac OS X Server v10.6 through v10.6.2

Impact: A remote attacker may be able to cause a denial of service

Description: An implementation issue exists in jabberd’s handling of

SASL negotiation. A remote attacker may be able to terminate the

operation of jabberd. This issue is addressed through improved

handling of SASL negotiation. This issue only affects Mac OS X Server

systems.

iChat Server

CVE-ID: CVE-2010-0502

Available for: Mac OS X Server v10.5.8,

Mac OS X Server v10.6 through v10.6.2

Impact: Chat messages may not be logged

Description: A design issue exists in iChat Server’s support for

configurable group chat logging. iChat Server only logs messages with

certain message types. This may allow a remote user to send a message

through the server without it being logged. The issue is addressed by

removing the capability to disable group chat logs, and logging all

messages that are sent through the server. This issue only affects

Mac OS X Server systems. Credit: Apple.

iChat Server

CVE-ID: CVE-2010-0503

Available for: Mac OS X Server v10.5.8

Impact: An authenticated user may be able to cause an unexpected

application termination or arbitrary code execution

Description: A use-after-free issue exists in iChat Server. An

authenticated user may be able to cause an unexpected application

termination or arbitrary code execution. This issue is addressed

through improved memory reference tracking. This issue only affects

Mac OS X Server systems, and does not affect versions 10.6 or later.

iChat Server

CVE-ID: CVE-2010-0504

Available for: Mac OS X Server v10.5.8,

Mac OS X Server v10.6 through v10.6.2

Impact: An authenticated user may be able to cause an unexpected

application termination or arbitrary code execution

Description: Multiple stack buffer overflow issues exist in iChat

Server. An authenticated user may be able to cause an unexpected

application termination or arbitrary code execution. These issues are

addressed through improved memory management. These issues only

affect Mac OS X Server systems. Credit: Apple.

ImageIO

CVE-ID: CVE-2010-0505

Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,

Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2

Impact: Viewing a maliciously crafted JP2 image may lead to an

unexpected application termination or arbitrary code execution

Description: A heap buffer overflow exists in the handling of JP2

images. Viewing a maliciously crafted JP2 image may lead to an

unexpected application termination or arbitrary code execution. This

issue is addressed through improved bounds checking. Credit to Chris

Ries of Carnegie Mellon University Computing Service, and researcher

“85319bb6e6ab398b334509c50afce5259d42756e” working with

TippingPoint’s Zero Day Initiative for reporting this issue.

ImageIO

CVE-ID: CVE-2010-0041

Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,

Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2

Impact: Visiting a maliciously crafted website may result in sending

data from Safari’s memory to the website

Description: An uninitialized memory access issue exists in

ImageIO’s handling of BMP images. Visiting a maliciously crafted

website may result in sending data from Safari’s memory to the

website. This issue is addressed through improved memory

initialization and additional validation of BMP images. Credit to

Matthew ‘j00ru’ Jurczyk of Hispasec for reporting this issue.

ImageIO

CVE-ID: CVE-2010-0042

Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,

Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2

Impact: Visiting a maliciously crafted website may result in sending

data from Safari’s memory to the website

Description: An uninitialized memory access issue exists in

ImageIO’s handling of TIFF images. Visiting a maliciously crafted

website may result in sending data from Safari’s memory to the

website. This issue is addressed through improved memory

initialization and additional validation of TIFF images. Credit to

Matthew ‘j00ru’ Jurczyk of Hispasec for reporting this issue.

ImageIO

CVE-ID: CVE-2010-0043

Available for: Mac OS X v10.6 through v10.6.2,

Mac OS X Server v10.6 through v10.6.2

Impact: Processing a maliciously crafted TIFF image may lead to an

unexpected application termination or arbitrary code execution

Description: A memory corruption issue exists in the handling of

TIFF images. Processing a maliciously crafted TIFF image may lead to

an unexpected application termination or arbitrary code execution.

This issue is addressed through improved memory handling. This issue

does not affect systems prior to Mac OS X v10.6. Credit to Gus

Mueller of Flying Meat for reporting this issue.

Image RAW

CVE-ID: CVE-2010-0506

Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8

Impact: Viewing a maliciously crafted NEF image may lead to an

unexpected application termination or arbitrary code execution

Description: A buffer overflow exists in Image RAW’s handling of NEF

images. Viewing a maliciously crafted NEF image may lead to an

unexpected application termination or arbitrary code execution. This

issue is addressed through improved bounds checking. This issue does

not affect Mac OS X v10.6 systems. Credit: Apple.

Image RAW

CVE-ID: CVE-2010-0507

Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,

Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2

Impact: Viewing a maliciously crafted PEF image may lead to an

unexpected application termination or arbitrary code execution

Description: A buffer overflow exists in Image RAW’s handling of PEF

images. Viewing a maliciously crafted PEF image may lead to an

unexpected application termination or arbitrary code execution. This

issue is addressed through improved bounds checking. Credit to Chris

Ries of Carnegie Mellon University Computing Services for reporting

this issue.

Libsystem

CVE-ID: CVE-2009-0689

Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,

Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2

Impact: Applications that convert untrusted data between binary

floating point and text may be vulnerable to an unexpected

application termination or arbitrary code execution

Description: A buffer overflow exists in the floating point binary

to text conversion code within Libsystem. An attacker who can cause

an application to convert a floating point value into a long string,

or to parse a maliciously crafted string as a floating point value,

may be able to cause an unexpected application termination or

arbitrary code execution. This issue is addressed through improved

bounds checking. Credit to Maksymilian Arciemowicz of

SecurityReason.com for reporting this issue.

Mail

CVE-ID: CVE-2010-0508

Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,

Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2

Impact: Rules associated with a deleted mail account remain in

effect

Description: When a mail account is deleted, user-defined filter

rules associated with that account remain active. This may result in

unexpected actions. This issue is addressed by disabling associated

rules when a mail account is deleted.

Mail

CVE-ID: CVE-2010-0525

Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,

Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2

Impact: Mail may use a weaker encryption key for outgoing email

Description: A logic issue exists in Mail’s handling of encryption

certificates. When multiple certificates for the recipient exist in

the keychain, Mail may select an encryption key that is not intended

for encipherment. This may lead to a security issue if the chosen key

is weaker than expected. This issue is addressed by ensuring that the

key usage extension within certificates is evaluated when selecting a

mail encryption key. Credit to Paul Suh of ps Enable, Inc. for

reporting this issue.

Mailman

CVE-ID: CVE-2008-0564

Available for: Mac OS X Server v10.5.8

Impact: Multiple vulnerabilities in Mailman 2.1.9

Description: Multiple cross-site scripting issues exist in Mailman

2.1.9. These issues are addressed by updating Mailman to version

2.1.13. Further information is available via the Mailman site at

http://mail.python.org/pipermail/mailman-

announce/2009-January/000128.html These issues only affect Mac OS X

Server systems, and do not affect versions 10.6 or later.

MySQL

CVE-ID: CVE-2008-4456, CVE-2008-7247, CVE-2009-2446, CVE-2009-4019,

CVE-2009-4030

Available for: Mac OS X Server v10.6 through v10.6.2

Impact: Multiple vulnerabilities in MySQL 5.0.82

Description: MySQL is updated to version 5.0.88 to address multiple

vulnerabilities, the most serious of which may lead to arbitrary code

execution. These issues only affect Mac OS X Server systems. Further

information is available via the MySQL web site at

http://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html

OS Services

CVE-ID: CVE-2010-0509

Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,

Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2

Impact: A local user may be able to obtain elevated privileges

Description: A privilege escalation issue exists in SFLServer, as it

runs as group ‘wheel’ and accesses files in users’ home directories.

This issue is addressed through improved privilege management. Credit

to Kevin Finisterre of DigitalMunition for reporting this issue.

Password Server

CVE-ID: CVE-2010-0510

Available for: Mac OS X Server v10.5.8,

Mac OS X Server v10.6 through v10.6.2

Impact: A remote attacker may be able to log in with an outdated

password

Description: An implementation issue in Password Server’s handling

of replication may cause passwords to not be replicated. A remote

attacker may be able to log in to a system using an outdated

password. This issue is addressed through improved handling of

password replication. This issue only affects Mac OS X Server

systems. Credit to Jack Johnson of Anchorage School District for

reporting this issue.

perl

CVE-ID: CVE-2008-5302, CVE-2008-5303

Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8

Impact: A local user may cause arbitrary files to be deleted

Description: Multiple race condition issues exist in the rmtree

function of the perl module File::Path. A local user with write

access to a directory that is being deleted may cause arbitrary files

to be removed with the privileges of the perl process. This issue is

addressed through improved handling of symbolic links. This issue

does not affect Mac OS X v10.6 systems.

PHP

CVE-ID: CVE-2009-3557, CVE-2009-3558, CVE-2009-3559, CVE-2009-4017

Available for: Mac OS X v10.6 through v10.6.2,

Mac OS X Server v10.6 through v10.6.2

Impact: Multiple vulnerabilities in PHP 5.3.0

Description: PHP is updated to version 5.3.1 to address multiple

vulnerabilities, the most serious of which may lead to arbitary code

execution. Further information is available via the PHP website at

http://www.php.net/

PHP

CVE-ID: CVE-2009-3557, CVE-2009-3558, CVE-2009-3559, CVE-2009-4142,

CVE-2009-4143

Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8

Impact: Multiple vulnerabilities in PHP 5.2.11

Description: PHP is updated to version 5.2.12 to address multiple

vulnerabilities, the most serious of which may lead to cross-site

scripting. Further information is available via the PHP website at

http://www.php.net/

Podcast Producer

CVE-ID: CVE-2010-0511

Available for: Mac OS X Server v10.6 through v10.6.2

Impact: An unauthorized user may be able to access a Podcast

Composer workflow

Description: When a Podcast Composer workflow is overwritten, the

access restrictions are removed. This may allow an unauthorized user

to access a Podcast Composer workflow. This issue is addressed

through improved handling of workflow access restrictions. Podcast

Composer was introduced in Mac OS X Server v10.6.

Preferences

CVE-ID: CVE-2010-0512

Available for: Mac OS X v10.6 through v10.6.2,

Mac OS X Server v10.6 through v10.6.2

Impact: A network user may be able to bypass system login

restrictions

Description: An implementation issue exists in the handling of

system login restrictions for network accounts. If the network

accounts allowed to log in to the system at the Login Window are

identified by group membership only, the restriction will not be

enforced, and all network users will be allowed to log in to the

system. The issue is addressed through improved group restriction

management in the Accounts preference pane. This issue only affects

systems configured to use a network account server, and does not

affect systems prior to Mac OS X v10.6. Credit to Christopher D.

Grieb of University of Michigan MSIS for reporting this issue.

PS Normalizer

CVE-ID: CVE-2010-0513

Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,

Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2

Impact: Viewing a maliciously crafted PostScript file may lead to an

unexpected application termination or arbitrary code execution

Description: A stack buffer overflow exists in the handling of

PostScript files. Viewing a maliciously crafted PostScript file may

lead to an unexpected application termination or arbitrary code

execution. This issue is addressed by performing additional

validation of PostScript files. On Mac OS X v10.6 systems this issue

is mitigated by the -fstack-protector compiler flag. Credit: Apple.

QuickTime

CVE-ID: CVE-2010-0062

Available for: Mac OS X v10.6 through v10.6.2,

Mac OS X Server v10.6 through v10.6.2

Impact: Viewing a maliciously crafted movie file may lead to an

unexpected application termination or arbitrary code execution

Description: A heap buffer overflow exists in QuickTime’s handling

of H.263 encoded movie files. Viewing a maliciously crafted movie

file may lead to an unexpected application termination or arbitrary

code execution. This issue is addressed by performing additional

validation of H.263 encoded movie files. Credit to Damian Put working

with TippingPoint’s Zero Day Initiative for reporting this issue.

QuickTime

CVE-ID: CVE-2010-0514

Available for: Mac OS X v10.6 through v10.6.2,

Mac OS X Server v10.6 through v10.6.2

Impact: Viewing a maliciously crafted movie file may lead to an

unexpected application termination or arbitrary code execution

Description: A heap buffer overflow exists in the handling of H.261

encoded movie files. Viewing a maliciously crafted movie file may

lead to an unexpected application termination or arbitrary code

execution. This issue is addressed by performing additional

validation of H.261 encoded movie files. Credit to Will Dormann of

the CERT/CC for reporting this issue.

QuickTime

CVE-ID: CVE-2010-0515

Available for: Mac OS X v10.6 through v10.6.2,

Mac OS X Server v10.6 through v10.6.2

Impact: Viewing a maliciously crafted movie file may lead to an

unexpected application termination or arbitrary code execution

Description: A memory corruption in the handling of H.264 encoded

movie files. Viewing a maliciously crafted movie file may lead to an

unexpected application termination or arbitrary code execution. This

issue is addressed by performing additional validation of H.264

encoded movie files.

QuickTime

CVE-ID: CVE-2010-0516

Available for: Mac OS X v10.6 through v10.6.2,

Mac OS X Server v10.6 through v10.6.2

Impact: Viewing a maliciously crafted movie file may lead to an

unexpected application termination or arbitrary code execution

Description: A heap buffer overflow in the handling of RLE encoded

movie files. Viewing a maliciously crafted movie file may lead to an

unexpected application termination or arbitrary code execution. This

issue is addressed by performing additional validation of RLE encoded

movie files. Credit to an anonymous researcher working with

TippingPoint’s Zero Day Initiative for reporting this issue.

QuickTime

CVE-ID: CVE-2010-0517

Available for: Mac OS X v10.6 through v10.6.2,

Mac OS X Server v10.6 through v10.6.2

Impact: Viewing a maliciously crafted movie file may lead to an

unexpected application termination or arbitrary code execution

Description: A heap buffer overflow in the handling of M-JPEG

encoded movie files. Viewing a maliciously crafted movie file may

lead to an unexpected application termination or arbitrary code

execution. This issue is addressed by performing additional

validation of M-JPEG encoded movie files. Credit to Damian Put

working with TippingPoint’s Zero Day Initiative for reporting this

issue.

QuickTime

CVE-ID: CVE-2010-0518

Available for: Mac OS X v10.6 through v10.6.2,

Mac OS X Server v10.6 through v10.6.2

Impact: Viewing a maliciously crafted movie file may lead to an

unexpected application termination or arbitrary code execution

Description: A memory corruption issue exists in the handling of

Sorenson encoded movie files. Viewing a maliciously crafted movie

file may lead to an unexpected application termination or arbitrary

code execution. This issue is addressed by performing additional

validation of Sorenson encoded movie files. Credit to Will Dormann of

the CERT/CC for reporting this issue.

QuickTime

CVE-ID: CVE-2010-0519

Available for: Mac OS X v10.6 through v10.6.2,

Mac OS X Server v10.6 through v10.6.2

Impact: Viewing a maliciously crafted movie file may lead to an

unexpected application termination or arbitrary code execution

Description: An integer overflow exists in the handling of FlashPix

encoded movie files. Viewing a maliciously crafted movie file may

lead to an unexpected application termination or arbitrary code

execution. This issue is addressed through improved bounds checking.

Credit to an anonymous researcher working with TippingPoint’s Zero

Day Initiative for reporting this issue.

QuickTime

CVE-ID: CVE-2010-0520

Available for: Mac OS X v10.6 through v10.6.2,

Mac OS X Server v10.6 through v10.6.2

Impact: Viewing a maliciously crafted movie file may lead to an

unexpected application termination or arbitrary code execution

Description: A heap buffer overflow exists in the handling of FLC

encoded movie files. Viewing a maliciously crafted movie file may

lead to an unexpected application termination or arbitrary code

execution. This issue is addressed by performing additional

validation of FLC encoded movie files. Credit to Moritz Jodeit of

n.runs AG, working with TippingPoint’s Zero Day Initiative, and

Nicols Joly of VUPEN Security for reporting this issue.

QuickTime

CVE-ID: CVE-2010-0526

Available for: Mac OS X v10.6 through v10.6.2,

Mac OS X Server v10.6 through v10.6.2

Impact: Viewing a maliciously crafted MPEG file may lead to an

unexpected application termination or arbitrary code execution

Description: A heap buffer overflow exists in the handling of MPEG

encoded movie files. Viewing a maliciously crafted movie file may

lead to an unexpected application termination or arbitrary code

execution. This issue is addressed by performing additional

validation of MPEG encoded movie files. Credit to an anonymous

researcher working with TippingPoint’s Zero Day Initiative for

reporting this issue.

Ruby

CVE-ID: CVE-2009-2422, CVE-2009-3009, CVE-2009-4214

Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,

Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2

Impact: Multiple issues in Ruby on Rails

Description: Multiple vulnerabilities exist in Ruby on Rails, the

most serious of which may lead to cross-site scripting. On Mac OS X

v10.6 systems, these issues are addressed by updating Ruby on Rails

to version 2.3.5. Mac OS X v10.5 systems are affected only by

CVE-2009-4214, and this issue is addressed through improved

validation of arguments to strip_tags.

Ruby

CVE-ID: CVE-2009-1904

Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,

Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2

Impact: Running a Ruby script that uses untrusted input to

initialize a BigDecimal object may lead to an unexpected application

termination

Description: A stack exhaustion issue exists in Ruby’s handling of

BigDecimal objects with very large values. Running a Ruby script that

uses untrusted input to initialize a BigDecimal object may lead to an

unexpected application termination. For Mac OS X v10.6 systems, this

issue is addressed by updating Ruby to version 1.8.7-p173. For Mac OS

v10.5 systems, this issue is addressed by updating Ruby to version

1.8.6-p369.

Server Admin

CVE-ID: CVE-2010-0521

Available for: Mac OS X Server v10.5.8,

Mac OS X Server v10.6 through v10.6.2

Impact: A remote attacker may extract information from Open

Directory

Description: A design issue exists in the handling of authenticated

directory binding. A remote attacker may be able to anonymously

extract information from Open Directory, even if the “Require

authenticated binding between directory and clients” option is

enabled. The issue is addressed by removing this configuration

option. This issue only affects Mac OS X Server systems. Credit to

Scott Gruby of Gruby Solutions, and Mathias Haack of GRAVIS

Computervertriebsgesellschaft mbH for reporting this issue.

Server Admin

CVE-ID: CVE-2010-0522

Available for: Mac OS X Server v10.5.8

Impact: A former administrator may have unauthorized access to

screen sharing

Description: A user who is removed from the ‘admin’ group may still

connect to the server using screen sharing. This issue is addressed

through improved handling of administrator privileges. This issue

only affects Mac OS X Server systems, and does not affect version

10.6 or later. Credit: Apple.

SMB

CVE-ID: CVE-2009-2906

Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,

Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2

Impact: A remote attacker may be able to cause a denial of service

Description: An infinite loop issue exists in Samba’s handling of

SMB ‘oplock’ break notifications. A remote attacker may be able to

trigger an infinite loop in smbd, causing it to consume excessive CPU

resources. The issue is addressed through improved handling of

‘oplock’ break notifications.

Tomcat

CVE-ID: CVE-2009-0580, CVE-2009-0033, CVE-2009-0783, CVE-2008-5515,

CVE-2009-0781, CVE-2009-2901, CVE-2009-2902, CVE-2009-2693

Available for: Mac OS X Server v10.5.8,

Mac OS X Server v10.6 through v10.6.2

Impact: Multiple vulnerabilities in Tomcat 6.0.18

Description: Tomcat is updated to version 6.0.24 to address multiple

vulnerabilities, the most serious of which may lead to a cross site

scripting attack. Tomcat is only provided on Mac OS X Server systems.

Further information is available via the Tomcat site at

http://tomcat.apache.org/

unzip

CVE-ID: CVE-2008-0888

Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8

Impact: Extracting maliciously crafted zip files using the unzip

command tool may lead to an unexpected application termination or

code execution

Description: An uninitialized pointer issue exists is the handling

of zip files. Extracting maliciously crafted zip files using the

unzip command tool may lead to an unexpected application termination

or arbitrary code execution. This issue is addressed by performing

additional validation of zip files. This issue does not affect Mac OS

X v10.6 systems.

vim

CVE-ID: CVE-2008-2712, CVE-2008-4101, CVE-2009-0316

Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8

Impact: Multiple vulnerabilities in vim 7.0

Description: Multiple vulnerabilities exist in vim 7.0, the most

serious of which may lead to arbitrary code execution when working

with maliciously crafted files. These issues are addressed by

updating to vim 7.2.102. These issues do not affect Mac OS X v10.6

systems. Further information is available via the vim website at

http://www.vim.org/

Wiki Server

CVE-ID: CVE-2010-0523

Available for: Mac OS X Server v10.5.8

Impact: Uploading a maliciously crafted applet may lead to the

disclosure of sensitive information

Description: Wiki Server allows users to upload active content such

as Java applets. A remote attacker may obtain sensitive information

by uploading a maliciously crafted applet and directing a Wiki Server

user to view it. The issue is addressed by restricting the file types

that may be uploaded to the Wiki Server. This issue only affects Mac

OS X Server systems, and does not affect versions 10.6 or later.

Wiki Server

CVE-ID: CVE-2010-0534

Available for: Mac OS X v10.6 through v10.6.2,

Mac OS X Server v10.6 through v10.6.2

Impact: An authenticated user may bypass weblog creation

restrictions

Description: Wiki Server supports service access control lists

(SACLs), allowing an administrator to control the publication of

content. Wiki Server fails to consult the weblog SACL during the

creation of a user’s weblog. This may allow an authenticated user to

publish content to the Wiki Server, even though publication should be

disallowed by the service ACL. This issue does not affect systems

prior to Mac OS X v10.6.

X11

CVE-ID: CVE-2009-2042

Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,

Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2

Impact: Viewing a maliciously crafted image may lead to the

disclosure of sensitive information

Description: libpng is updated to version 1.2.37 to address an issue

that may result in the disclosure of sensitive information. Further

information is available via the libpng site at

http://www.libpng.org/pub/png/libpng.html

X11

CVE-ID: CVE-2003-0063

Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,

Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2

Impact: Displaying maliciously crafted data within an xterm terminal

may lead to arbitrary code execution

Description: The xterm program supports a command sequence to change

the window title, and to print the window title to the terminal. The

information returned is provided to the terminal as though it were

keyboard input from the user. Within an xterm terminal, displaying

maliciously crafted data containing such sequences may result in

command injection. The issue is addressed by disabling the affected

command sequence.

xar

CVE-ID: CVE-2010-0055

Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8

Impact: A modified package may appear as validly signed

Description: A design issue exists in xar when validating a package

signature. This may allow a modified package to appear as validly

signed. This issue is fixed through improved package signature

validation. This issue does not affect Mac OS X v10.6 systems.

Credit: Apple.

Security Update 2010-002 / Mac OS X v10.6.3 may be obtained from

the Software Update pane in System Preferences, or Apple’s Software

Downloads web site:

http://www.apple.com/support/downloads/

Apple today released one of its biggest Mac OS X security updates in recent memory, covering a whopping 88 documented vulnerabilities.

The Mac OS X v10.6.3 update, which is considered “critical,” covers flaws that could lead to remote code execution, information disclosure and denial-of-service attacks.

In some scenarios, a malicious hacker could take complete control of a Mac-powered machine if a user simply views a malicious image or movie file.

The update covers critical vulnerabilities in AppKit, QuickTime,CoreMedia, CoreTypes, DiskImages, ImageIO and Image RAW.

It also covers holes in several open-source components, including Apache, ClamAV, MySQL, PHP.

Here’s the full list of the patched vulnerabilities.

The Security Update 2010-002 / Mac OS X v10.6.3 may be obtained from the Software Update pane in System Preferences, or Apple’s Software Downloads web page.