VUPEN Security - Apple Mac OS X Multiple Command Execution and Denial of Service Vulnerabilities / Exploit (Security Advisories)

	Contact \| Site en Français

Vulnerabilities & Threats

VUPEN Security Advisories

Linux Security Advisories

Malware Advisories

Security Research

Threat Watch Blog

Zero-Day Monitor

Search Engine

Mailing List & RSS

>> Apple Mac OS X Multiple Command Execution and Denial of Service Vulnerabilities

Title : Apple Mac OS X Multiple Command Execution and Denial of Service Vulnerabilities
VUPEN ID : VUPEN/ADV-2006-3852
CVE ID : CVE-2006-1721 - CVE-2006-3311 - CVE-2006-3587 - CVE-2006-3588 - CVE-2006-3946 - CVE-2006-4387 - CVE-2006-4390 - CVE-2006-4391 - CVE-2006-4392 - CVE-2006-4393 - CVE-2006-4394 - CVE-2006-4395 - CVE-2006-4397 - CVE-2006-4399 - CVE-2006-4640
Rated as : Critical

Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2006-09-30

Technical Description

Receive VUPEN Security alerts in a Text format

Receive VUPEN Security alerts in a PDF format

Receive VUPEN Security alerts in an XML format

Receive VUPEN Security notifications by SMS

Multiple vulnerabilities have been identified in Apple Mac OS X, which could be exploited by remote or local attackers to execute arbitrary commands, cause a denial of service, disclose sensitive information, or bypass security restrictions.

The first weakness is due to an error in CFNetwork clients (e.g. Safari) that allow anonymous SSL connections by default, which could be exploited by unauthenticated SSL sites to appear as authenticated.

The second issue is due to errors in flash player, which could be exploited by remote attackers to execute arbitrary commands. For additional information, see : VUPEN/ADV-2006-3573

The third flaw is due to a buffer overflow error in ImageIO when processing malformed JPEG2000 images, which could be exploited by attackers to compromise a vulnerable system.

The fourth vulnerability is due to an error in the Kernel Mach exception ports mechanism, which could be exploited by malicious users to execute arbitrary commands with elevated privileges.

The fifth issue is due to an unchecked error condition in Kerberos where certain tickets are not properly destroyed after an unsuccessful attempt to log in to a network account via loginwindow, which could be exploited by malicious users to gain unauthorized access to a previous user's Kerberos tickets.

The sixth issue is due to an error in Fast User Switching, which could be exploited by malicious users to gain unauthorized access to the Kerberos tickets of other users.

The seventh flaw is due to a logic error in LoginWindow when used with service access controls, which could be exploited by attackers to bypass security restrictions.

The eighth issue is due to an error in the "Allow user to administer this computer" checkbox (System Preferences) that, when cleared, fails to remove accounts from the appserveradm or appserverusr groups.

The ninth vulnerability is due to a memory corruption error in certain applications that invoke an unsupported QuickDraw operation to display PICT images, which could be exploited by attackers to compromise a vulnerable system.

The tenth flaw is due to an error in Cyrus SASL, which could be exploited by remote attackers to crash the IMAP server. For additional information, see : VUPEN/ADV-2006-1306

The eleventh vulnerability is due to a memory management error in WebKit's handling of certain HTML documents, which could be exploited by attackers to compromise a vulnerable system. For additional information, see : VUPEN/ADV-2006-3069

The twelfth issue is due to an error in the Workgroup Manager, which could cause accounts in a NetInfo parent that appear to use ShadowHash passwords to still use crypt.

Affected Products

Apple Mac OS X 10.4.7 and prior
Apple Mac OS X Server 10.4.7 and prior
Apple Mac OS X 10.3.9 and prior
Apple Mac OS X Server 10.3.9 and prior

Solution

Mac OS X 10.4.8 Upgrade (Intel) :
http://www.apple.com/support/downloads/macosx1048updateintel.html

Security Upgrade 2006-006 (10.3.9 Client) :
http://www.apple.com/support/downloads/securityupdate20060061039client.html

Security Upgrade 2006-006 (10.3.9 Server) :
http://www.apple.com/support/downloads/securityupdate20060061039server.html

Mac OS X 10.4.8 Upgrade (PPC) :
http://www.apple.com/support/downloads/macosx1048updateppc.html

Mac OS X 10.4.8 Combo Upgrade (PPC) :
http://www.apple.com/support/downloads/macosx1048comboupdateppc.html

Mac OS X 10.4.8 Combo Upgrade (Intel) :
http://www.apple.com/support/downloads/macosx1048comboupdateintel.html

Mac OS X Server 10.4.8 Upgrade (PPC) :
http://www.apple.com/support/downloads/macosxserver1048updateppc.html

Mac OS X Server 10.4.8 Combo Upgrade (PPC) :
http://www.apple.com/support/downloads/macosxserver1048comboupdateppc.html

Mac OS X Server 10.4.8 Upgrade (Universal) :
http://www.apple.com/support/downloads/macosxserver1048updateuniversal.html

References

http://www.vupen.com/english/advisories/2006/3852
http://docs.info.apple.com/article.html?artnum=304460

Credits

Vulnerabilities reported by Adam Bryzak, Tom Saxton, Dino Dai Zovi, Patrick Gallagher, Ragnar Sundblad, Phillip Tejada, and Chris Pepper.

ChangeLog

2006-09-30 : Initial release

Vulnerability Management

Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.

Vulnerability Alerting

Free 14-Day Trial

Latest News

>> 2009-06-10

VUPEN Security Research
Discovered Critical Flaws
in Adobe Acrobat and MS
Office Word

>> 2009-06-02

VUPEN Security Research
Discovered Critical Flaws
in ACDSee Products

>> 2009-05-22

VUPEN Discovered Two
Critical Vulnerabilities in
Novell GroupWise 8 / 7

>> 2009-05-12

Microsoft Patched 14
Office PowerPoint Flaws

>> 2009-04-28

Adobe Reader / Acrobat
Vulnerabilities Disclosed

More Informations