Date: 17 November 2010
References: ASB-2010.0072.2 ASB-2010.0087 ASB-2010.0124 ASB-2010.0139 ASB-2010.0157.2 ASB-2010.0173.2 ASB-2010.0175 ASB-2010.0189.2 ASB-2010.0220 ESB-2010.0997
ESB-2010.1004 ESB-2010.1034 ESB-2010.1035 ESB-2010.1066 ESB-2010.1107 ESB-2011.0275 ESB-2011.0667 ESB-2011.0772 ESB-2011.1037 ESB-2013.0045
Related Files:
ESB-2010.1039
Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2010.1039.2
Mac OS X v10.6.5 and Security Update 2010-007
17 November 2010
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Mac OS X v10.5.8
Mac OS X Server v10.5.8
Mac OS X v10.6.4 and prior
Mac OS X Server v10.6.4 and prior
Publisher: Apple
Operating System: Mac OS X
Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Denial of Service -- Remote/Unauthenticated
Access Privileged Data -- Remote/Unauthenticated
Modify Arbitrary Files -- Remote with User Interaction
Cross-site Scripting -- Remote with User Interaction
Provide Misleading Information -- Remote with User Interaction
Unauthorised Access -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2010-4010 CVE-2010-3976 CVE-2010-3798
CVE-2010-3797 CVE-2010-3796 CVE-2010-3795
CVE-2010-3794 CVE-2010-3793 CVE-2010-3792
CVE-2010-3791 CVE-2010-3790 CVE-2010-3789
CVE-2010-3788 CVE-2010-3787 CVE-2010-3786
CVE-2010-3785 CVE-2010-3784 CVE-2010-3783
CVE-2010-3654 CVE-2010-3652 CVE-2010-3650
CVE-2010-3649 CVE-2010-3648 CVE-2010-3647
CVE-2010-3646 CVE-2010-3645 CVE-2010-3644
CVE-2010-3643 CVE-2010-3642 CVE-2010-3641
CVE-2010-3640 CVE-2010-3639 CVE-2010-3638
CVE-2010-3636 CVE-2010-3054 CVE-2010-3053
CVE-2010-2941 CVE-2010-2884 CVE-2010-2808
CVE-2010-2807 CVE-2010-2806 CVE-2010-2805
CVE-2010-2531 CVE-2010-2520 CVE-2010-2519
CVE-2010-2500 CVE-2010-2499 CVE-2010-2498
CVE-2010-2497 CVE-2010-2484 CVE-2010-2249
CVE-2010-2216 CVE-2010-2215 CVE-2010-2214
CVE-2010-2213 CVE-2010-2189 CVE-2010-2188
CVE-2010-2187 CVE-2010-2186 CVE-2010-2185
CVE-2010-2184 CVE-2010-2183 CVE-2010-2182
CVE-2010-2181 CVE-2010-2180 CVE-2010-2179
CVE-2010-2178 CVE-2010-2177 CVE-2010-2176
CVE-2010-2175 CVE-2010-2174 CVE-2010-2173
CVE-2010-2172 CVE-2010-2171 CVE-2010-2170
CVE-2010-2169 CVE-2010-2167 CVE-2010-2166
CVE-2010-2165 CVE-2010-2164 CVE-2010-2163
CVE-2010-2162 CVE-2010-2161 CVE-2010-2160
CVE-2010-1850 CVE-2010-1849 CVE-2010-1848
CVE-2010-1847 CVE-2010-1846 CVE-2010-1845
CVE-2010-1844 CVE-2010-1843 CVE-2010-1842
CVE-2010-1841 CVE-2010-1840 CVE-2010-1838
CVE-2010-1837 CVE-2010-1836 CVE-2010-1834
CVE-2010-1833 CVE-2010-1832 CVE-2010-1831
CVE-2010-1830 CVE-2010-1829 CVE-2010-1828
CVE-2010-1811 CVE-2010-1803 CVE-2010-1752
CVE-2010-1450 CVE-2010-1449 CVE-2010-1378
CVE-2010-1297 CVE-2010-1205 CVE-2010-0434
CVE-2010-0408 CVE-2010-0397 CVE-2010-0212
CVE-2010-0211 CVE-2010-0209 CVE-2010-0205
CVE-2010-0105 CVE-2010-0001 CVE-2009-4134
CVE-2009-3793 CVE-2009-2624 CVE-2009-2474
CVE-2009-2473 CVE-2009-0946 CVE-2009-0796
CVE-2008-4546
Reference: ASB-2010.0220
ASB-2010.0175
ASB-2010.0139
ASB-2010.0124
ASB-2010.0087
ESB-2010.1035
ESB-2010.1034
ESB-2010.1004
ESB-2010.0997
ASB-2010.0189.2
ASB-2010.0173.2
ASB-2010.0157.2
ASB-2010.0072.2
Revision History: November 17 2010: CVE-2010-1797 changed by Apple to
CVE-2010-4010 (ATS vulnerability)
November 11 2010: Initial Release
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2010-11-10-1 Mac OS X v10.6.5 and Security Update 2010-007
Mac OS X v10.6.5 and Security Update 2010-007 are now available and
address the following:
AFP Server
CVE-ID: CVE-2010-1828
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
Impact: A remote attacker may cause AFP Server to unexpectedly
shutdown
Description: A null pointer dereference exists in AFP Server's
handling of reconnect authentication packets. A remote attacker may
cause AFP Server to unexpectedly shutdown. Mac OS X automatically
restarts AFP Server after a shutdown. This issue is addressed through
improved validation of reconnect packets. Credit: Apple.
AFP Server
CVE-ID: CVE-2010-1829
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
Impact: An authenticated user may cause arbitrary code execution
Description: A directory traversal issue exists in AFP Server, which
may allow an authenticated user to create files outside of a share
with the permissions of the user. With a system configuration where
users are permitted file sharing access only, this may lead to
arbitrary code execution. This issue is addressed through improved
path validation. Credit: Apple.
AFP Server
CVE-ID: CVE-2010-1830
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
Impact: A remote attacker may determine the existence of an AFP
share
Description: An error handling issue exists in AFP Server. This may
allow a remote attacker to determine the existence of an AFP share
with a given name. This issue is addressed through improved signaling
of error conditions. Credit: Apple.
Apache mod_perl
CVE-ID: CVE-2009-0796
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
Impact: A remote attacker may cause cross-site scripting against the
web server
Description: A cross-site scripting issue exists in Apache
mod_perl's encoding of HTML output for the /perl-status page. An
attacker may leverage this issue to inject arbitrary script code in
the context of a web site served by Apache. This issue does not
affect the default configuration as mod_perl and its status page are
not enabled by default. This issue is addressed by properly escaping
HTML output.
Apache
CVE-ID: CVE-2010-0408, CVE-2010-0434
Available for: Mac OS X v10.6 through v10.6.4,
Mac OS X Server v10.6 through v10.6.4
Impact: Multiple vulnerabilities in Apache 2.2.14
Description: Apache is updated to version 2.2.15 to address several
vulnerabilities, the most serious of which may lead to a denial of
service. Further information is available via the Apache web site at
http://httpd.apache.org/
AppKit
CVE-ID: CVE-2010-1842
Available for: Mac OS X v10.6 through v10.6.4,
Mac OS X Server v10.6 through v10.6.4
Impact: Rendering a bidirectional string that requires truncation
may lead to an unexpected application termination or arbitrary code
execution
Description: A buffer overflow exists in AppKit. If a string
containing bidirectional text is rendered, and it is truncated with
an ellipsis, AppKit may apply an inappropriate layout calculation.
This could lead to an unexpected application termination or arbitrary
code execution. This issue is addressed by avoiding the inappropriate
layout calculation. Credit to Jesse Ruderman of Mozilla Corporation
for reporting this issue.
ATS
CVE-ID: CVE-2010-1831
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
Impact: Viewing or downloading a document containing a maliciously
crafted embedded font may lead to arbitrary code execution
Description: A buffer overflow exists in Apple Type Services'
handling of embedded fonts with long names. Viewing or downloading a
document containing a maliciously crafted embedded font may lead to
arbitrary code execution. This issue is addressed through improved
bounds checking.
ATS
CVE-ID: CVE-2010-1832
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
Impact: Viewing or downloading a document containing a maliciously
crafted embedded font may lead to arbitrary code execution
Description: A stack buffer overflow exists in Apple Type Services'
handling of embedded fonts. Viewing or downloading a document
containing a maliciously crafted embedded font may lead to arbitrary
code execution. On Mac OS X v10.6 systems this issue is mitigated by
the -fstack-protector compiler flag. This issue is addressed through
improved bounds checking. Credit: Apple.
ATS
CVE-ID: CVE-2010-1833
Available for: Mac OS X v10.6 through v10.6.4,
Mac OS X Server v10.6 through v10.6.4
Impact: Viewing or downloading a document containing a maliciously
crafted embedded font may lead to arbitrary code execution
Description: A memory corruption issue exists in Apple Type
Services' handling of embedded fonts. Viewing or downloading a
document containing a maliciously crafted embedded font may lead to
arbitrary code execution. This issue is addressed through improved
bounds checking. This issue does not affect systems prior to Mac OS X
v10.6. Credit to Marc Schoenefeld of Red Hat, and Christoph Diehl of
Mozilla for reporting this issue.
ATS
CVE-ID: CVE-2010-4010
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8
Impact: Viewing or downloading a document containing a maliciously
crafted embedded CFF font may lead to arbitrary code execution
Description: A signedness issue exists in Apple Type Services'
handling of Compact Font Format (CFF) fonts. Viewing or downloading a
document containing a maliciously crafted embedded CFF font may lead
to arbitrary code execution. This issue is addressed through improved
handling of CFF fonts. This issue does not affect Mac OS X v10.6
systems. Credit to Matias Eissler and Anibal Sacco of Core Security
Technologies for reporting this issue.
CFNetwork
CVE-ID: CVE-2010-1752
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: A stack overflow exists in CFNetwork's URL handling
code. Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution. This
issue is addressed through improved bounds checking. Credit to
Laurent OUDOT of TEHTRI-Security, and Neil Fryer of IT Security Geeks
for reporting this issue.
CFNetwork
CVE-ID: CVE-2010-1834
Available for: Mac OS X v10.6 through v10.6.4,
Mac OS X Server v10.6 through v10.6.4
Impact: Visiting a maliciously crafted website may cause cookies to
be set for other sites
Description: An implementation issue exists in CFNetwork's handling
of domain specifications in cookies. CFNetwork allows cookies to be
set for a partial IP address. A maliciously crafted website may set a
cookie that will be sent to a third-party site, if the third-party
site is accessed by IP address. This update addresses the issue by
through improved validation of domains specified in cookies.
CoreGraphics
CVE-ID: CVE-2010-1836
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: A stack buffer overflow exists in CoreGraphics'
handling of PDF files. Opening a maliciously crafted PDF file may
lead to an unexpected application termination. On 32-bit systems, it
may also lead to arbitrary code execution. This update addresses the
issues through improved bounds and error checking. Credit to Andrew
Kiss for reporting this issue.
CoreText
CVE-ID: CVE-2010-1837
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
Impact: Viewing a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in CoreText's handling
of font files. Viewing a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution. This
issue is addressed through improved validation of font files. Credit:
Apple.
CUPS
CVE-ID: CVE-2010-2941
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
Impact: A remote attacker may cause an unexpected application
termination or arbitrary code execution
Description: A memory corruption issue exists in the handling of
Internet Printing Protocol (IPP) requests in CUPS. By sending a
maliciously crafted IPP request, a remote attacker may cause an
unexpected application termination or arbitrary code execution. This
issue is addressed through improved memory management. This issue may
only be triggered remotely on systems with Printer Sharing enabled.
Printer Sharing is not enabled by default. Credit to Emmanuel
Bouillon of NATO C3 Agency for reporting this issue.
Directory Services
CVE-ID: CVE-2010-1838
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
Impact: A local attacker may bypass the password validation and log
in to a mobile account
Description: An error handling issue exists in Directory Service. A
local attacker with knowledge of the name of a disabled mobile
account, or a mobile account that allows a limited number of login
failures, may bypass the password validation and log in to the
account. This issue is addressed through improved handling of
disabled accounts.
Directory Services
CVE-ID: CVE-2010-1840
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
Impact: An attacker may be able to cause an unexpected application
termination or arbitrary code execution
Description: A stack buffer overflow exists in Directory Services'
password validation. An attacker may be able to cause an unexpected
application termination or arbitrary code execution. This issue is
addressed through improved bounds checking. Credit to Rodrigo Rubira
Branco from Check Point Vulnerability Discovery Team (VDT), and
Rainer Mueller for reporting this issue.
diskdev_cmds
CVE-ID: CVE-2010-0105
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
Impact: A local user may be able to prevent the system from starting
properly
Description: An implementation issue exists fsck_hfs' handling of
directory trees. A local user may be able to prevent the system from
starting properly. This issue is addressed through improved
validation of directory trees. Credit to Maksymilian Arciemowicz of
SecurityReason for reporting this issue.
Disk Images
CVE-ID: CVE-2010-1841
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
Impact: Opening a maliciously crafted disk image may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in processing UDIF
disk images. Opening a maliciously crafted disk image may lead to an
unexpected application termination or arbitrary code execution. This
issue is addressed through improved validation of UDIF disk images.
Credit to Marc Schoenefeld of Red Hat for reporting this issue.
Flash Player plug-in
CVE-ID: CVE-2008-4546, CVE-2009-3793, CVE-2010-0209, CVE-2010-1297,
CVE-2010-2160, CVE-2010-2161, CVE-2010-2162, CVE-2010-2163,
CVE-2010-2164, CVE-2010-2165, CVE-2010-2166, CVE-2010-2167,
CVE-2010-2169, CVE-2010-2170, CVE-2010-2171, CVE-2010-2172,
CVE-2010-2173, CVE-2010-2174, CVE-2010-2175, CVE-2010-2176,
CVE-2010-2177, CVE-2010-2178, CVE-2010-2179, CVE-2010-2180,
CVE-2010-2181, CVE-2010-2182, CVE-2010-2183, CVE-2010-2184,
CVE-2010-2185, CVE-2010-2186, CVE-2010-2187, CVE-2010-2189,
CVE-2010-2188, CVE-2010-2213, CVE-2010-2214, CVE-2010-2215,
CVE-2010-2216, CVE-2010-2884, CVE-2010-3636, CVE-2010-3638,
CVE-2010-3639, CVE-2010-3640, CVE-2010-3641, CVE-2010-3642,
CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646,
CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650,
CVE-2010-3652, CVE-2010-3654, CVE-2010-3976
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
Impact: Multiple vulnerabilities in Adobe Flash Player plug-in
Description: Multiple issues exist in the Adobe Flash Player plug-
in, the most serious of which may lead to arbitrary code execution.
The issues are addressed by updating the Flash Player plug-in to
version 10.1.102.64. Further information is available via the Adobe
web site at http://www.adobe.com/support/security/
gzip
CVE-ID: CVE-2010-0001
Available for: Mac OS X v10.6 through v10.6.4,
Mac OS X Server v10.6 through v10.6.4
Impact: Extracting a maliciously crafted archive may lead to an
unexpected application termination or arbitrary code execution
Description: An integer overflow exists in gzip's handling of
archives that use LZW compression. Extracting a maliciously crafted
archive may lead to an unexpected application termination or
arbitrary code execution. This issue is addressed through improved
bounds checking. This issue does not affect systems prior to Mac OS X
v10.6. Credit to Aki Helin of the Oulu University Secure Programming
Group for reporting this issue.
gzip
CVE-ID: CVE-2009-2624
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
Impact: Extracting a maliciously crafted archive may lead to an
unexpected application termination or arbitrary code execution
Description: An buffer overflow exists in gzip. Extracting a
maliciously crafted archive may lead to an unexpected application
termination or arbitrary code execution. This issue is addressed
through improved memory management.
Image Capture
CVE-ID: CVE-2010-1844
Available for: Mac OS X v10.6 through v10.6.4,
Mac OS X Server v10.6 through v10.6.4
Impact: Downloading a maliciously crafted image may lead to an
unexpected system shutdown
Description: A unbounded memory consumption issue exists in Image
Capture. Downloading a maliciously crafted image may lead to an
unexpected system shutdown. This issue is addressed through improved
input validation. This issue does not affect systems prior to Mac OS
X v10.6. Credit to Steven Fisher of Discovery Software Ltd. for
reporting this issue.
ImageIO
CVE-ID: CVE-2010-1845
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
Impact: Viewing a maliciously crafted PSD image may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues exist in ImageIO's
handling of PSD images. Viewing a maliciously crafted PSD image may
lead to an unexpected application termination or arbitrary code
execution. These issues are addressed through improved validation of
PSD images. Credit to Dominic Chell of NGSSoftware for reporting one
of these issues.
ImageIO
CVE-ID: CVE-2010-1811
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
Impact: Viewing a maliciously crafted TIFF image may lead to an
unexpected application termination or arbitrary code execution
Description: A heap buffer overflow exists in the handling of TIFF
Images. Viewing a maliciously crafted TIFF image may lead to an
unexpected application termination or arbitrary code execution. This
issue is addressed through improved bounds checking. Credit: Apple.
ImageIO
CVE-ID: CVE-2010-2249, CVE-2010-1205
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
Impact: Multiple vulnerabilities in libpng
Description: libpng is updated to version 1.4.3 to address multiple
vulnerabilities, the most serious of which may lead to arbitrary code
execution. Further information is available via the libpng website at
http://www.libpng.org/pub/png/libpng.html
Image RAW
CVE-ID: CVE-2010-1846
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
Impact: Viewing a maliciously crafted RAW image may lead to an
unexpected application termination or arbitrary code execution
Description: A heap buffer overflow exists in Image RAW's handling
of images. Viewing a maliciously crafted RAW image may lead to an
unexpected application termination or arbitrary code execution. This
issue is addressed through improved bounds checking. Credit: Apple.
Kernel
CVE-ID: CVE-2010-1847
Available for: Mac OS X v10.6 through v10.6.4,
Mac OS X Server v10.6 through v10.6.4
Impact: A local user may cause an unexpected system shutdown
Description: A memory management issue in the handling of terminal
devices may allow a local user to cause an unexpected system
shutdown. This issue is addressed through improved memory management.
MySQL
CVE-ID: CVE-2010-1848, CVE-2010-1849, CVE-2010-1850
Available for: Mac OS X Server v10.5.8,
Mac OS X Server v10.6 through v10.6.4
Impact: Multiple vulnerabilities in MySQL 5.0.88
Description: MySQL is updated to version 5.0.91 to address multiple
vulnerabilities, the most serious of which may lead to arbitrary code
execution. MySQL is only provided with Mac OS X Server systems.
Further information is available via the MySQL web site at
http://dev.mysql.com/doc/refman/5.0/en/news-5-0-91.html
neon
CVE-ID: CVE-2009-2473, CVE-2009-2474
Available for: Mac OS X v10.6 through v10.6.4,
Mac OS X Server v10.6 through v10.6.4
Impact: Multiple vulnerabilities in neon 0.28.3
Description: neon is updated to version 0.28.6 to address several
vulnerabilities, the most serious of which may allow a man-in-the-
middle attacker to redirect connections and intercept user
credentials or other sensitive information. Further information is
available via the neon web site at http://www.webdav.org/neon/
Networking
CVE-ID: CVE-2010-1843
Available for: Mac OS X v10.6.2 through v10.6.4,
Mac OS X Server v10.6.2 through v10.6.4
Impact: A remote attacker may cause an unexpected system shutdown
Description: A null pointer dereference issue exists in the handling
of Protocol Independent Multicast (PIM) packets. By sending a
maliciously crafted PIM packet, a remote attacker may cause an
unexpected system shutdown. This issue is addressed through improved
validation of PIM packets. This issue does not affect systems prior
to Mac OS X v10.6.2. Credit to an anonymous researcher working with
TippingPoint's Zero Day Initiative for reporting this issue.
OpenLDAP
CVE-ID: CVE-2010-0211
Available for: Mac OS X v10.6 through v10.6.4,
Mac OS X Server v10.6 through v10.6.4
Impact: A remote attacker may cause a denial of service or arbitrary
code execution
Description: A memory management issue exists in OpenLDAP. By
sending a maliciously crafted query an attacker may cause a denial of
service or arbitrary code execution. This issue is addressed through
improved memory management.
OpenLDAP
CVE-ID: CVE-2010-0212
Available for: Mac OS X v10.6 through v10.6.4,
Mac OS X Server v10.6 through v10.6.4
Impact: A remote attacker may cause a denial of service
Description: A null pointer dereference exists in OpenLDAP. By
sending a maliciously crafted query an attacker may cause a denial of
service. This issue is addressed through improved memory management.
Credit to Ilkka Mattila and Tuomas Salomaki for reporting this issue.
OpenSSL
CVE-ID: CVE-2010-1378
Available for: Mac OS X v10.6 through v10.6.4,
Mac OS X Server v10.6 through v10.6.4
Impact: A remote user may bypass TLS authentication or spoof a
trusted server
Description: An arithmetic issue exists in OpenSSL's certificate
validation. A remote user may bypass certificate validation steps,
and cause OpenSSL to accept any certificate signed by a trusted root
as valid. This issue is addressed through improved certificate
validation. This issue does not affect systems prior to Mac OS X
v10.6. This issue only affects the Mac OS X distribution of OpenSSL.
Credit to Ryan Govostes of RPISEC for reporting this issue.
Password Server
CVE-ID: CVE-2010-3783
Available for: Mac OS X Server v10.5.8,
Mac OS X Server v10.6 through v10.6.4
Impact: A remote attacker may be able to log in with an outdated
password
Description: An implementation issue in Password Server's handling
of replication may cause passwords to not be replicated. A remote
attacker may be able to log in to a system using an outdated
password. This issue is addressed through improved handling of
password replication. This issue only affects Mac OS X Server
systems. Credit: Apple.
PHP
CVE-ID: CVE-2010-0397, CVE-2010-2531
Available for: Mac OS X v10.6 through v10.6.4,
Mac OS X Server v10.6 through v10.6.4
Impact: Multiple vulnerabilities in PHP 5.3.2
Description: PHP is updated to version 5.3.3 to address multiple
vulnerabilities, the most serious of which may lead to arbitrary code
execution. Further information is available via the PHP website at
http://www.php.net/
PHP
CVE-ID: CVE-2010-0397, CVE-2010-2531, CVE-2010-2484
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8
Impact: Multiple vulnerabilities in PHP 5.2.12
Description: PHP is updated to version 5.2.14 to address multiple
vulnerabilities, the most serious of which may lead to arbitary code
execution. Further information is available via the PHP website at
http://www.php.net/
Printing
CVE-ID: CVE-2010-3784
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
Impact: Applications that use the
PMPageFormatCreateWithDataRepresentation API may be vulnerable to an
unexpected application termination
Description: A null dereference issue exists in the
PMPageFormatCreateWithDataRepresentation API's handling of XML data.
Applications that use this API may be vulnerable to an unexpected
application termination. This issue is addressed through improved
handling of XML data. Credit to Wujun Li of Microsoft for reporting
this issue.
python
CVE-ID: CVE-2009-4134, CVE-2010-1449, CVE-2010-1450
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
Impact: Python applications using the rgbimg and audioop modules may
be vulnerable to an unexpected application termination or arbitrary
code execution.
Description: Multiple integer overflows exists in python's rgbimg
and audioop modules. Python applications using the rgbimg and audioop
modules may be vulnerable to an unexpected application termination or
arbitrary code execution. These issues are addressed through improved
bounds checking.
QuickLook
CVE-ID: CVE-2010-3785
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
Impact: Downloading a maliciously crafted Microsoft Office file may
lead to an unexpected application termination or arbitrary code
execution
Description: A buffer overflow exists in QuickLook's handling of
Microsoft Office files. Downloading a maliciously crafted Microsoft
Office file may lead to an unexpected application termination or
arbitrary code execution. This update addresses the issue through
improved bounds checking. Credit: Apple.
QuickLook
CVE-ID: CVE-2010-3786
Available for: Mac OS X v10.6 through v10.6.4,
Mac OS X Server v10.6 through v10.6.4
Impact: Downloading a maliciously crafted Excel file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in QuickLook's
handling of Excel files. Downloading a maliciously crafted Excel file
may lead to an unexpected application termination or arbitrary code
execution. This issue is addressed through improved bounds checking.
This issue does not affect systems prior to Mac OS X v10.6. Credit to
Tobias Klein working with the iDefense VCP for reporting this issue.
QuickTime
CVE-ID: CVE-2010-3787
Available for: Mac OS X v10.6 through v10.6.4,
Mac OS X Server v10.6 through v10.6.4
Impact: Viewing a maliciously crafted JP2 image may lead to an
unexpected application termination or arbitrary code execution
Description: A heap buffer overflow exists in QuickTime's handling
of JP2 images. Viewing a maliciously crafted JP2 image may lead to an
unexpected application termination or arbitrary code execution. This
issue is addressed through improved bounds checking. Credit to Nils
of MWR InfoSecurity for reporting this issue.
QuickTime
CVE-ID: CVE-2010-3788
Available for: Mac OS X v10.6 through v10.6.4,
Mac OS X Server v10.6 through v10.6.4
Impact: Viewing a maliciously crafted JP2 image may lead to an
unexpected application termination or arbitrary code execution
Description: An uninitialized memory access issue exists in
QuickTime's handling of JP2 images. Viewing a maliciously crafted JP2
image may lead to an unexpected application termination or arbitrary
code execution. This issue is addressed through improved validation
of JP2 images. Credit to Damian Put and Procyun, working with
TippingPoint's Zero Day Initiative for reporting this issue.
QuickTime
CVE-ID: CVE-2010-3789
Available for: Mac OS X v10.6 through v10.6.4,
Mac OS X Server v10.6 through v10.6.4
Impact: Viewing a maliciously crafted avi file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue is in QuickTime's handling of
avi files. Viewing a maliciously crafted avi file may lead to an
unexpected application termination or arbitrary code execution. This
issue is addressed through improved handling of avi files. Credit to
Damian Put working with TippingPoint's Zero Day Initiative for
reporting this issue.
QuickTime
CVE-ID: CVE-2010-3790
Available for: Mac OS X v10.6 through v10.6.4,
Mac OS X Server v10.6 through v10.6.4
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in QuickTime's
handling of movie files. Viewing a maliciously crafted movie file may
lead to an unexpected application termination or arbitrary code
execution. This issue is addressed through improved handling of movie
files. Credit to Honggang Ren of Fortinet's FortiGuard Labs for
reporting this issue.
QuickTime
CVE-ID: CVE-2010-3791
Available for: Mac OS X v10.6 through v10.6.4,
Mac OS X Server v10.6 through v10.6.4
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow exists in QuickTime's handling of
MPEG encoded movie files. Viewing a maliciously crafted movie file
may lead to an unexpected application termination or arbitrary code
execution. This issue is addressed through improved bounds checking.
Credit to an anonymous researcher working with TippingPoint's Zero
Day Initiative for reporting this issue.
QuickTime
CVE-ID: CVE-2010-3792
Available for: Mac OS X v10.6 through v10.6.4,
Mac OS X Server v10.6 through v10.6.4
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A signedness issue exists in QuickTime's handling of
MPEG encoded movie files. Viewing a maliciously crafted movie file
may lead to an unexpected application termination or arbitrary code
execution. This issue is addressed through improved handling of MPEG
encoded movie files. Credit to an anonymous researcher working with
TippingPoint's Zero Day Initiative for reporting this issue.
QuickTime
CVE-ID: CVE-2010-3793
Available for: Mac OS X v10.6 through v10.6.4,
Mac OS X Server v10.6 through v10.6.4
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in the handling of
Sorenson encoded movie files. Viewing a maliciously crafted movie
file may lead to an unexpected application termination or arbitrary
code execution. This issue is addressed through improved validation
of Sorenson encoded movie files. Credit to an anonymous researcher
working with TippingPoint's Zero Day Initiative and Carsten Eiram of
Secunia Research for reporting this issue.
QuickTime
CVE-ID: CVE-2010-3794
Available for: Mac OS X v10.6 through v10.6.4,
Mac OS X Server v10.6 through v10.6.4
Impact: Viewing a maliciously crafted FlashPix image may lead to an
unexpected application termination or arbitrary code execution
Description: An uninitialized memory access issue exists in
QuickTime's handling of FlashPix images. Viewing a maliciously
crafted FlashPix image may lead to an unexpected application
termination or arbitrary code execution. This issue is addressed
through improved memory management. Credit to an anonymous researcher
working with TippingPoint's Zero Day Initiative for reporting this
issue.
QuickTime
CVE-ID: CVE-2010-3795
Available for: Mac OS X v10.6 through v10.6.4,
Mac OS X Server v10.6 through v10.6.4
Impact: Viewing a maliciously crafted GIF image may lead to an
unexpected application termination or arbitrary code execution
Description: An unitialized memory access issue exists in
QuickTime's handling of GIF images. Viewing a maliciously crafted GIF
image may lead to an unexpected application termination or arbitrary
code execution. This issue is addressed through improved memory
management. Credit to an anonymous researcher working with
TippingPoint's Zero Day Initiative for reporting this issue.
Safari RSS
CVE-ID: CVE-2010-3796
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
Impact: Accessing a maliciously crafted "feed:" URL may lead to the
disclosure of sensitive information
Description: Java applets are allowed in RSS feeds. Since Java
applets can modify the loading DOM, accessing a maliciously crafted
"feed:" URL may lead to the disclosure of sensitive information. This
issue is addressed by disallowing Java applets in RSS feeds. Credit
to Jason Hullinger of IOActive for reporting this issue.
Time Machine
CVE-ID: CVE-2010-1803
Available for: Mac OS X v10.6 through v10.6.4,
Mac OS X Server v10.6 through v10.6.4
Impact: A remote attacker may access a user's Time Machine
information
Description: The user may designate a remote AFP volume to be used
for Time Machine backups. Time Machine does not verify that the same
physical device is being used for subsequent backup operations. An
attacker who is able to spoof the remote AFP volume can gain access
to the user's backup information. This issue is addressed by
verifying the unique identifier associated with a disk for backup
operations. This issue does not affect Mac OS X v10.5 systems.
Wiki Server
CVE-ID: CVE-2010-3797
Available for: Mac OS X Server v10.5.8,
Mac OS X Server v10.6 through v10.6.4
Impact: A user who can edit wiki pages may obtain the credentials of
other users
Description: A JavaScript injection issue exists in Wiki Server. A
user who can edit wiki pages may obtain the credentials of any user
who visits the edited pages. This issue is addressed through improved
input validation. This issue only affects Mac OS X Server systems.
Credit: Apple.
X11
CVE-ID: CVE-2010-1205, CVE-2010-2249, CVE-2010-0205
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
Impact: Multiple vulnerabilities in libpng version 1.2.41
Description: Multiple vulnerabilities exist in libpng version
1.2.42, the most serious of which may lead to arbitrary code
execution. These issues are addressed by updating to version 1.2.44.
Further information is available via the libpng website at
http://www.libpng.org/pub/png/libpng.html
X11
CVE-ID: CVE-2009-0946, CVE-2010-2497, CVE-2010-2498, CVE-2010-2499,
CVE-2010-2500, CVE-2010-2519, CVE-2010-2520, CVE-2010-2805,
CVE-2010-2806, CVE-2010-2807, CVE-2010-2808, CVE-2010-3053,
CVE-2010-3054
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4
Impact: Multiple vulnerabilities in FreeType 2.3.9
Description: Multiple vulnerabilities exist in FreeType 2.3.9, the
most serious of which may lead to arbitrary code execution when
processing a maliciously crafted font. These issues are addressed by
updating FreeType to version 2.4.2. Further information is available
via the FreeType site at http://www.freetype.org/
xar
CVE-ID: CVE-2010-3798
Available for: Mac OS X v10.6 through v10.6.4,
Mac OS X Server v10.6 through v10.6.4
Impact: Extracting a maliciously crafted xar archive may lead to an
unexpected application termination or arbitrary code execution
Description: A heap buffer overflow exists in xar. Extracting a
maliciously crafted xar archive may lead to an unexpected application
termination or arbitrary code execution. This issue is addressed
through improved bounds checking. This issue does not affect systems
prior to Mac OS X v10.6. Credit: Apple.
Mac OS X v10.6.5 and Security Update 2010-007 may be obtained from
the Software Update pane in System Preferences, or Apple's Software
Downloads web site:
http://www.apple.com/support/downloads/
The Software Update utility will present the update that applies
to your system configuration. Only one is needed, either
Security Update 2010-007 or Mac OS X v10.6.5.
For Mac OS X v10.6.4
The download file is named: MacOSXUpd10.6.5.dmg
Its SHA-1 digest is: ccd856d0672394fd80c6873a8f43c6739708b44f
For Mac OS X v10.6 - v10.6.3
The download file is named: MacOSXUpdCombo10.6.5.dmg
Its SHA-1 digest is: add336a1af1c3914887d2217fbbc98b18e6fb57c
For Mac OS X Server v10.6.4
The download file is named: MacOSXServerUpd10.6.5.dmg
Its SHA-1 digest is: fc1158e9e526e387cd37d6ecea76ae1ecc284eeb
For Mac OS X Server v10.6 - v10.6.3
The download file is named: MacOSXServUpdCombo10.6.5.dmg
Its SHA-1 digest is: 1317084400ea9b11f44d30cf3723ce991346b360
For Mac OS X v10.5.8
The download file is named: SecUpd2010-007.dmg
Its SHA-1 digest is: 50ff8cb66104cd2a01b66677864619e0fbed4d98
For Mac OS X Server v10.5.8
The download file is named: SecUpdSrvr2010-007.dmg
Its SHA-1 digest is: e6e9ea9cf97ae02d78560dbce4c7c2620321b21b
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (Darwin)
iQEcBAEBAgAGBQJM2v2HAAoJEGnF2JsdZQeeEQgH/3DEEOGyXpfmAiRzXjz/bL2C
EIk86eMNda8L2XZCjW3jq6S/+G4mfiYTEr4GcWYb1/RIF03L/TmzwCOFyQjH79vw
Zzc13s8KHBC/hSVhUXTlY9oLu5Hv/eP9Cb4Jsp4ai2nmHvqTLIcM/eii11GEI93e
6N/+g1rsZ64F9MWA0vDAEZfFer8U6kxZlk+CPdjOAD3zu93nILtnQ+AtvAKhrj0I
bca2pv26wVpqwz4uCIS49N5h1MCn66yHIy4ctszPbB/Pv7Y6xwutwKWSAN32kFOf
uIeaN61YixXRLHHfaTf6+l5ff3LaaHU4cxi10uHWH7/HqE1Eq6ne3a8yJReAEPQ=
=aNZB
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iD8DBQFM4zyH/iFOrG6YcBERAslhAJ0apZAAvkfZvDvxuw63SLav82wkPACfRk3Y
7zgxaUp/8sMcpiGImibVclY=
=kV2h
-----END PGP SIGNATURE-----
|