|
|
>> Apple Mac OS X Code Execution and Security Bypass Vulnerabilities
|
Multiple vulnerabilities have been identified in Apple Mac OS X, which could be exploited by remote or local attackers to disclose sensitive information, bypass security restrictions, cause a denial of service or compromise an affected system.
The first issue is caused by a stack buffer overflow error in CarbonCore when handling overly long filenames, which could be exploited to crash an affected application or execute arbitrary code.
The second vulnerability is caused by memory corruption errors in CoreGraphics when processing certain arguments, which could be exploited to crash an affected application (e.g .web browser) or execute arbitrary code.
The third issue is caused by an integer overflow error in CoreGraphics when processing malformed PDF files, which could be exploited to crash an affected application or execute arbitrary code.
The fourth weakness is caused by a resource consumption in the Data Detectors Engine when handling textual content, which could be exploited to cause a denial of service.
The fifth issue is caused due to insecure permissions being set on "/usr/bin/emacs" by the "Repair Permissions" tool in Disk Utility, which could allow a local user to use emacs to run commands with system privileges.
The sixth vulnerability is caused by memory corruption errors in QuickLook when handling specially crafted MS Office files, which could be exploited by attackers to execute arbitrary code by tricking a user into downloading a malicious Office file.
Other vulnerabilities affecting Scripting Architecture, BIND, OpenLDAP, OpenSSL, PHP and rsync have been fixed. For additional information, see : VUPEN/ADV-2007-3325 - VUPEN/ADV-2007-4057 - VUPEN/ADV-2008-0570 - VUPEN/ADV-2008-1412 - VUPEN/ADV-2008-1905 - VUPEN/ADV-2008-1978 - VUPEN/ADV-2008-2023
Affected Products
Apple Mac OS X version 10.4.11 and prior
Apple Mac OS X version 10.5.4 and prior
Apple Mac OS X Server version 10.4.11 and prior
Apple Mac OS X Server version 10.5.4 and prior
Solution
Apple Security Update 2008-005 Server (PPC) :
http://www.apple.com/support/downloads/securityupdate2008005serverppc.html
Apple Security Update 2008-005 Server (Intel) :
http://www.apple.com/support/downloads/securityupdate2008005serverintel.html
Apple Security Update 2008-005 (PPC) :
http://www.apple.com/support/downloads/securityupdate2008005ppc.html
Apple Security Update 2008-005 (Intel) :
http://www.apple.com/support/downloads/securityupdate2008005intel.html
Apple Security Update 2008-005 (Leopard) :
http://www.apple.com/support/downloads/securityupdate2008005leopard.html
References
http://www.vupen.com/english/advisories/2008/2268
http://support.apple.com/kb/HT2647
Credits
Vulnerabilities reported by Charles Srstka, Dan Kaminsky (IOActive), Thomas Raffetseder (International Secure Systems Lab), Sergio shadown Alvarez (n.runs AG), Michal Zalewski (Google), Pariente Kobi, iDefense Labs, Pariente Kobi, Anton Rang and Brian Timares.
ChangeLog
2008-08-01 : Initial release
Vulnerability Management
Subscribe to VUPEN VNS and receive real-time alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form. | |
|
