Apple today released Security Update 2008-004 and Mac OS X 10.5.4.
The updates address the following issues:
Alias Manager
Type: Maliciously crafted volume mount; Unexpected application termination; Arbitrary code execution; Memory corruption
Platform: Mac OS X & Mac OS X Server 10.4.11 on Intel only
Resolution: Perform validation of alias data structures
Credit: None listed
CoreTypes
Type: Lack of warning when opening certain unsafe content
Platform: Mac OS X & Mac OS X Server 10.4.11 and 10.4 through 10.5.3
Resolution: Add flagging of .xht and .xhtm files to user notification
Credit: Brian Mastenbrook
c++filt
Type: Unexpected application termination; Arbitrary code execution
Platform: Mac OS X & Mac OS X Server 10.5 through 10.5.3
Resolution: Improved format string handling
Credit: None listed
Dock
Type: Screen lock bypass via physical access
Platform: Mac OS X & Mac OS X Server 10.5 through 10.5.3
Resolution: Disable hot corners when screen lock is active
Credit: Andrew Cassell of Marine Spill Response Corporation
Launch Services
Type: Arbitrary code execution; Race condition
Platform: Mac OS X & Mac OS X Server 10.4.11
Resolution: Additional validation of downloaded files
Credit: None listed
Net-SNMP
Type: Remote attack; spoof SNMPv3 packets; Authentication bypass
Platform: Mac OS X & Mac OS X Server 10.4.11, Mac OS X & Mac OS X Server 10.5 through 10.5.3
Resolution: Increased validation of SNMPv3 packets
Credit: http://www.kb.cert.org/vuls/id/878044
Ruby
Type: Memory corruption; Unexpected application termination; Arbitrary code execution
Platform: Mac OS X & Mac OS X Server 10.4.11, Mac OS X & Mac OS X Server 10.5 through 10.5.3
Resolution: Increased validation of strings and arrays
Credit: None listed
Type: Remote attack; Information disclosure
Platform: Mac OS X & Mac OS X Server 10.4.11, Mac OS X & Mac OS X Server 10.5 through 10.5.3
Resolution: Improved validation of file names.
Credit: http://www.ruby-lang.org/en/news/2008/03/03/webrick-file-access-vulnerab
ility/
SMB File Server
Type: Remote attack; Arbitrary code execution; Heap buffer overflow
Platform: Platform: Mac OS X & Mac OS X Server 10.4.11, Mac OS X & Mac OS X Server 10.5 through 10.5.3
Resolution: Improved bounds checking
Credit: Alin Rad Pop of Secunia Research
System Configuration
Type: Local attack; Arbitrary code execution; Privilege elevation
Platform: Mac OS X & Mac OS X Server 10.4.11
Resolution: More restrictive permissions
Credit: Andrew Mortensen of the University of Michigan
Tomcat
Type: Multiple vulnerabilities; cross-site scripting attack
Platform: Platform: Mac OS X & Mac OS X Server 10.4.11
Resolution: Tomcat updated to 4.1.37
Credit: http://tomcat.apache.org/
VPN
Type: Remote attack; Unexpected application termination; Divide by zero
Platform: Mac OS X & Mac OS X Server 10.5 through 10.5.3
Resolution: Additional validation of load balancing information
Credit: None listed
WebKit
Type: Memory corruption; Unexpected application termination; Arbitrary code execution; JavaScript
Platform: Mac OS X & Mac OS X Server 10.5 through 10.5.3
Resolution: Improved bounds checking
Credit: James Urquhart
More details can be found in the following Apple Knowledge Base document:
http://support.apple.com/kb/HT2163
###
Todd D. Woodward
Technical Support Engineer
NetBackup Support
Symantec Corporation
www.symantec.com
Springfield, Oregon
--------------------
Office: 541-335-7441
The updates address the following issues:
Alias Manager
Type: Maliciously crafted volume mount; Unexpected application termination; Arbitrary code execution; Memory corruption
Platform: Mac OS X & Mac OS X Server 10.4.11 on Intel only
Resolution: Perform validation of alias data structures
Credit: None listed
CoreTypes
Type: Lack of warning when opening certain unsafe content
Platform: Mac OS X & Mac OS X Server 10.4.11 and 10.4 through 10.5.3
Resolution: Add flagging of .xht and .xhtm files to user notification
Credit: Brian Mastenbrook
c++filt
Type: Unexpected application termination; Arbitrary code execution
Platform: Mac OS X & Mac OS X Server 10.5 through 10.5.3
Resolution: Improved format string handling
Credit: None listed
Dock
Type: Screen lock bypass via physical access
Platform: Mac OS X & Mac OS X Server 10.5 through 10.5.3
Resolution: Disable hot corners when screen lock is active
Credit: Andrew Cassell of Marine Spill Response Corporation
Launch Services
Type: Arbitrary code execution; Race condition
Platform: Mac OS X & Mac OS X Server 10.4.11
Resolution: Additional validation of downloaded files
Credit: None listed
Net-SNMP
Type: Remote attack; spoof SNMPv3 packets; Authentication bypass
Platform: Mac OS X & Mac OS X Server 10.4.11, Mac OS X & Mac OS X Server 10.5 through 10.5.3
Resolution: Increased validation of SNMPv3 packets
Credit: http://www.kb.cert.org/vuls/id/878044
Ruby
Type: Memory corruption; Unexpected application termination; Arbitrary code execution
Platform: Mac OS X & Mac OS X Server 10.4.11, Mac OS X & Mac OS X Server 10.5 through 10.5.3
Resolution: Increased validation of strings and arrays
Credit: None listed
Type: Remote attack; Information disclosure
Platform: Mac OS X & Mac OS X Server 10.4.11, Mac OS X & Mac OS X Server 10.5 through 10.5.3
Resolution: Improved validation of file names.
Credit: http://www.ruby-lang.org/en/news/2008/03/03/webrick-file-access-vulnerab
ility/
SMB File Server
Type: Remote attack; Arbitrary code execution; Heap buffer overflow
Platform: Platform: Mac OS X & Mac OS X Server 10.4.11, Mac OS X & Mac OS X Server 10.5 through 10.5.3
Resolution: Improved bounds checking
Credit: Alin Rad Pop of Secunia Research
System Configuration
Type: Local attack; Arbitrary code execution; Privilege elevation
Platform: Mac OS X & Mac OS X Server 10.4.11
Resolution: More restrictive permissions
Credit: Andrew Mortensen of the University of Michigan
Tomcat
Type: Multiple vulnerabilities; cross-site scripting attack
Platform: Platform: Mac OS X & Mac OS X Server 10.4.11
Resolution: Tomcat updated to 4.1.37
Credit: http://tomcat.apache.org/
VPN
Type: Remote attack; Unexpected application termination; Divide by zero
Platform: Mac OS X & Mac OS X Server 10.5 through 10.5.3
Resolution: Additional validation of load balancing information
Credit: None listed
WebKit
Type: Memory corruption; Unexpected application termination; Arbitrary code execution; JavaScript
Platform: Mac OS X & Mac OS X Server 10.5 through 10.5.3
Resolution: Improved bounds checking
Credit: James Urquhart
More details can be found in the following Apple Knowledge Base document:
http://support.apple.com/kb/HT2163
###
Todd D. Woodward
Technical Support Engineer
NetBackup Support
Symantec Corporation
www.symantec.com
Springfield, Oregon
--------------------
Office: 541-335-7441
[ reply ]