Focus on Apple
Security update fixes ARDAgent and DNS issues Aug 01 2008 03:15AM
Dave Schroeder (das doit wisc edu) (1 replies)
Re: Security update fixes ARDAgent and DNS issues Aug 02 2008 10:19PM
Indy (ind cca smith gmail com) (1 replies)
*sigh*
http://isc.sans.org/diary.html?storyid=4810

Indy
On Jul 31, 2008, at 11:15 PM, Dave Schroeder wrote:

> Apple just released Security Update 2008-005, which addresses the
> ARDAgent and DNS security issues, among others:
>
> http://support.apple.com/kb/HT2647
>
> - Dave
>
> Begin forwarded message:
>
>> From: Apple Product Security <product-security-noreply (at) lists.apple (dot) com [email concealed]
>> >
>> Date: July 31, 2008 10:07:45 PM CDT
>> To: security-announce (at) lists.apple (dot) com [email concealed]
>> Subject: APPLE-SA-2008-07-31 Security Update 2008-005
>>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA256
>>
>> APPLE-SA-2008-07-31 Security Update 2008-005
>>
>> Security Update 2008-005 is now available and addresses the following
>> issues:
>>
>> Open Scripting Architecture
>> CVE-ID: CVE-2008-2830
>> Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
>> Mac OS X v10.5.4, Mac OS X Server v10.5.4
>> Impact: A local user may execute commands with elevated privileges
>> Description: A design issue exists in the Open Scripting
>> Architecture libraries when determining whether to load scripting
>> addition plugins into applications running with elevated privileges.
>> Sending scripting addition commands to a privileged application may
>> allow the execution of arbitrary code with those privileges. This
>> update addresses the issue by not loading scripting addition plugins
>> into applications running with system privileges. The recently
>> reported ARDAgent and SecurityAgent issues are addressed by this
>> update. Credit to Charles Srstka for reporting this issue.
>>
>> BIND
>> CVE-ID: CVE-2008-1447
>> Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
>> Mac OS X v10.5.4, Mac OS X Server v10.5.4
>> Impact: BIND is susceptible to DNS cache poisoning and may return
>> forged information
>> Description: The Berkeley Internet Name Domain (BIND) server is
>> distributed with Mac OS X, and is not enabled by default. When
>> enabled, the BIND server provides translation between host names and
>> IP addresses. A weakness in the DNS protocol may allow remote
>> attackers to perform DNS cache poisoning attacks. As a result,
>> systems that rely on the BIND server for DNS may receive forged
>> information. This update addresses the issue by implementing source
>> port randomization to improve resilience against cache poisoning
>> attacks. For Mac OS X v10.4.11 systems, BIND is updated to version
>> 9.3.5-P1. For Mac OS X v10.5.4 systems, BIND is updated to version
>> 9.4.2-P1. Credit to Dan Kaminsky of IOActive for reporting this
>> issue.
>>
>> CarbonCore
>> CVE-ID: CVE-2008-2320
>> Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
>> Mac OS X v10.5.4, Mac OS X Server v10.5.4
>> Impact: Processing long filenames may lead to an unexpected
>> application termination or arbitrary code execution
>> Description: A stack buffer overflow exists in the handling of long
>> filenames. Processing long filenames may lead to an unexpected
>> application termination or arbitrary code execution. This update
>> addresses the issue through improved bounds checking. Credit to
>> Thomas Raffetseder of the International Secure Systems Lab and Sergio
>> 'shadown' Alvarez of n.runs AG for reporting this issue.
>>
>> CoreGraphics
>> CVE-ID: CVE-2008-2321
>> Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
>> Mac OS X v10.5.4, Mac OS X Server v10.5.4
>> Impact: Visiting a maliciously crafted website may lead to an
>> unexpected application termination or arbitrary code execution
>> Description: CoreGraphics contains memory corruption issues in the
>> processing of arguments. Passing untrusted input to CoreGraphics via
>> an application, such as a web browser, may lead to an unexpected
>> application termination or arbitrary code execution. This update
>> addresses the issue through improved bounds checking. Credit to
>> Michal Zalewski of Google for reporting this issue.
>>
>> CoreGraphics
>> CVE-ID: CVE-2008-2322
>> Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
>> Mac OS X v10.5.4, Mac OS X Server v10.5.4
>> Impact: Viewing a maliciously crafted PDF file may lead to an
>> unexpected application termination or arbitrary code execution
>> Description: An integer overflow in the handling of PDF files may
>> result in a heap buffer overflow. Viewing a maliciously crafted PDF
>> file may lead to an unexpected application termination or arbitrary
>> code execution. This update addresses the issue through additional
>> validation of PDF files. Credit to Pariente Kobi working with the
>> iDefense VCP for reporting this issue.
>>
>> Data Detectors Engine
>> CVE-ID: CVE-2008-2323
>> Available for: Mac OS X v10.5.4, Mac OS X Server v10.5.4
>> Impact: Viewing maliciously crafted messages with Data Detectors may
>> lead to an unexpected application termination
>> Description: Data Detectors are used to extract reference
>> information from textual content or archives. A resource consumption
>> issue exists in Data Detectors' handling of textual content. Viewing
>> maliciously crafted content in an application that uses Data
>> Detectors may lead to a denial of service, but not arbitrary code
>> execution. This issue does not affect systems prior to Mac OS X
>> v10.5.
>>
>> Disk Utility
>> CVE-ID: CVE-2008-2324
>> Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11
>> Impact: A local user may obtain system privileges
>> Description: The "Repair Permissions" tool in Disk Utility makes
>> /usr/bin/emacs setuid. After the Repair Permissions tool has been
>> run, a local user may use emacs to run commands with system
>> privileges. This update addresses the issue by correcting the
>> permissions applied to emacs in the Repair Permissions tool. This
>> issue does not affect systems running Mac OS X v10.5 and later.
>> Credit to Anton Rang and Brian Timares for reporting this issue.
>>
>> OpenLDAP
>> CVE-ID: CVE-2008-2952
>> Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
>> Mac OS X v10.5.4, Mac OS X Server v10.5.4
>> Impact: A remote attacker may be able to cause an unexpected
>> application termination
>> Description: An issue exists in OpenLDAP's ASN.1 BER decoding.
>> Processing a maliciously crafted LDAP message may trigger an
>> assertion and lead to an unexpected application termination of the
>> OpenLDAP daemon, slapd. This update addresses the issue by performing
>> additional validation of LDAP messages.
>>
>> OpenSSL
>> CVE-ID: CVE-2007-5135
>> Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
>> Mac OS X v10.5.4, Mac OS X Server v10.5.4
>> Impact: A remote attacker may be able to cause an unexpected
>> application termination or arbitrary code execution
>> Description: A range checking issue exists in the
>> SSL_get_shared_ciphers() utility function within OpenSSL. In an
>> application using this function, processing maliciously crafted
>> packets may lead to an unexpected application termination or
>> arbitrary code execution. This update addresses the issue through
>> improved bounds checking.
>>
>> PHP
>> CVE-ID: CVE-2008-2051, CVE-2008-2050, CVE-2007-4850, CVE-2008-0599,
>> CVE-2008-0674
>> Available for: Mac OS X v10.5.4, Mac OS X Server v10.5.4
>> Impact: Multiple vulnerabilities in PHP 5.2.5
>> Description: PHP is updated to version 5.2.6 to address multiple
>> vulnerabilities, the most serious of which may lead to arbitrary code
>> execution. Further information is available via the PHP website at
>> http://www.php.net/ PHP version 5.2.x is only provided with Mac OS X
>> v10.5 systems.
>>
>> QuickLook
>> CVE-ID: CVE-2008-2325
>> Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
>> Mac OS X v10.5.4, Mac OS X Server v10.5.4
>> Impact: Downloading a maliciously crafted Microsoft Office file may
>> lead to an unexpected application termination or arbitrary code
>> execution
>> Description: Multiple memory corruption issues exist in QuickLook's
>> handling of Microsoft Office files. Downloading a maliciously crafted
>> Microsoft Office file may lead to an unexpected application
>> termination or arbitrary code execution. This update addresses the
>> issue through improved bounds checking. This issue does not affect
>> systems prior to Mac OS X v10.5.
>>
>> rsync
>> CVE-ID: CVE-2007-6199, CVE-2007-6200
>> Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
>> Mac OS X v10.5.4, Mac OS X Server v10.5.4
>> Impact: Files outside the module root may be accessed or overwritten
>> remotely
>> Description: Path validation issues exist in rsync's handling of
>> symbolic links when running in daemon mode. Placing symbolic links in
>> an rsync module may allow files outside of the module root to be
>> accessed or overwritten. This update addresses the issue through
>> improved handling of symbolic links. Further information on the
>> patches applied is available via the rsync web site at
>> http://rsync.samba.org/
>>
>> Security Update 2008-005 may be obtained from the Software Update
>> pane in System Preferences, or Apple's Software Downloads web site:
>> http://www.apple.com/support/downloads/
>>
>> For Mac OS X v10.5.4 and Mac OS X Server 10.5.4
>> The download file is named: "SecUpd2008-005.dmg"
>> Its SHA-1 digest is: 9c4fd4ee59965819427445f6de172c42b223e6e1
>>
>> For Mac OS X v10.4.11 (Intel)
>> The download file is named: "SecUpd2008-005Intel.dmg"
>> Its SHA-1 digest is: 1ff3242935c98325769b33148a2a8b1e72db567c
>>
>> For Mac OS X v10.4.11 (PPC)
>> The download file is named: "SecUpd2008-005PPC.dmg"
>> Its SHA-1 digest is: 2f56ea4311d5b85de3c494f6fee46360e5b7317e
>>
>> For Mac OS X Server v10.4.11 (Universal)
>> The download file is named: "SecUpdSrvr2008-005Univ.dmg"
>> Its SHA-1 digest is: 256401659308a634cee06b00d1a6ae9dc20b5467
>>
>> For Mac OS X Server v10.4.11 (PPC)
>> The download file is named: "SecUpdSrvr2008-005PPC.dmg"
>> Its SHA-1 digest is: d310d471bd39df92cb5580e18f356a222824d7d2
>>
>> Information will also be posted to the Apple Security Updates
>> web site: http://support.apple.com/kb/HT1222
>>
>> This message is signed with Apple's Product Security PGP key,
>> and details are available at:
>> http://www.apple.com/support/security/pgp/
>>
>> -----BEGIN PGP SIGNATURE-----
>> Version: PGP Desktop 9.0.3 (Build 2932)
>>
>> iQEVAwUBSJJ9c3kodeiKZIkBAQiWmggAmx3HBLe2vwoDmCr+ycU+orkLNDvRW0zJ
>> Kq8rJZNRC4HwoDvAdduzNcwL9vudnJqcY0ZEGaXp6USRPjvioFUZJNUoDG/1goj5
>> E6q9velCEgu67WBT66ampy9oyqaHFP5YdWKKDg4AvGeFiJqgplFsBEaCqr7xigoh
>> T+xbPAzWt5aXp8rlAnZPhEFbK7ZAQEGEtoc5UnSdTlm4mwDdMRszG8JhgpoiII72
>> 8LIjZpf7cMf0neUua2pvGDNITHoZfNWg2a11CyIDilIPUj7Vl4Rhfw6b+bcSK6Po
>> FMS1ZF0D9I58j6KLQ2LuSr0lB0Xd1tfsZGlCNdWQzK5RH/UrmbEMXg==
>> =k/dw
>> -----END PGP SIGNATURE-----

[ reply ]
Re: Security update fixes ARDAgent and DNS issues Aug 03 2008 09:05AM
Derek Chesterfield (dez mac com) (1 replies)
Re: Security update fixes ARDAgent and DNS issues Aug 03 2008 01:33PM
Indy (ind cca smith gmail com)


 

Privacy Statement
Copyright 2010, SecurityFocus