DoctorDoom
03-02-2006, 08:51 AM
Description:
Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities.
1) Various security issues exist in the PHP Apache module and scripting environment.
For more information:
SA17371
2) An error in automount makes it possible for malicious file servers to cause a vulnerable system to mount file systems with reserved names, which can cause a DoS (Denial of Service) or potentially allow arbitrary code execution.
3) An input validation error in the BOM framework when unpacking certain archives can be exploited to cause files to be unpacked to arbitrary locations via directory traversal attacks.
4) The "passwd" program creates temporary files insecurely, which can be exploited via symlink attacks to create or overwrite arbitrary files with "root" privileges.
5) User directories are insecurely mounted when a FileVault image is created, which may allow unauthorised access to files.
6) An error in IPSec when handling certain error conditions can be exploited to cause a DoS against VPN connections.
7) An error in the LibSystem component can be exploited by malicious people to cause a heap-based buffer overflow via applications when requesting large amounts of memory. This can potentially be exploited to execute arbitrary code in the context of a vulnerable application.
8) The "Download Validation" in the Mail component fails to warn users about unsafe file types when an e-mail attachment is double-clicked.
9) In certain cases a Perl program may fail to drop privileges.
For more information:
SA17922
10) A boundary error in rsync can be exploited by authenticated users to cause a heap-based buffer overflow when it's allowed to transfer extended attributes. This can be exploited to crash the rsync service or execute arbitrary code.
11) A boundary error in WebKit's handling of certain HTML can be exploited to cause a heap-based buffer overflow. This can be exploited via a malicious web site to execute arbitrary code on a user's system.
12) A boundary error in Safari when parsing JavaScript can be exploited to cause a stack-based buffer overflow and allows execution of arbitrary code when a malicious web page including specially crafted JavaScript is viewed.
13) An error in Safari's security model when handling HTTP redirection can be exploited to execute JavaScript in the local domain via a specially crafted web site.
14) An error in Safari / LaunchServices may cause a malicious application to appear as a safe file type. This may cause a malicious file to be executed automatically when the "Open safe files after downloading" option is enabled.
This vulnerability is related to:
SA18963
15) An input validation error in the Syndication (Safari RSS) component can be exploited to conduct cross-site scripting attacks when subscribing to malicious RSS content.
Solution:
Apply Security Update 2006-001.Mac OS X Security Update Fixes Multiple Vulnerabilities (http://secunia.com/advisories/19064/)
This update is rated Extremely critical.
Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities.
1) Various security issues exist in the PHP Apache module and scripting environment.
For more information:
SA17371
2) An error in automount makes it possible for malicious file servers to cause a vulnerable system to mount file systems with reserved names, which can cause a DoS (Denial of Service) or potentially allow arbitrary code execution.
3) An input validation error in the BOM framework when unpacking certain archives can be exploited to cause files to be unpacked to arbitrary locations via directory traversal attacks.
4) The "passwd" program creates temporary files insecurely, which can be exploited via symlink attacks to create or overwrite arbitrary files with "root" privileges.
5) User directories are insecurely mounted when a FileVault image is created, which may allow unauthorised access to files.
6) An error in IPSec when handling certain error conditions can be exploited to cause a DoS against VPN connections.
7) An error in the LibSystem component can be exploited by malicious people to cause a heap-based buffer overflow via applications when requesting large amounts of memory. This can potentially be exploited to execute arbitrary code in the context of a vulnerable application.
8) The "Download Validation" in the Mail component fails to warn users about unsafe file types when an e-mail attachment is double-clicked.
9) In certain cases a Perl program may fail to drop privileges.
For more information:
SA17922
10) A boundary error in rsync can be exploited by authenticated users to cause a heap-based buffer overflow when it's allowed to transfer extended attributes. This can be exploited to crash the rsync service or execute arbitrary code.
11) A boundary error in WebKit's handling of certain HTML can be exploited to cause a heap-based buffer overflow. This can be exploited via a malicious web site to execute arbitrary code on a user's system.
12) A boundary error in Safari when parsing JavaScript can be exploited to cause a stack-based buffer overflow and allows execution of arbitrary code when a malicious web page including specially crafted JavaScript is viewed.
13) An error in Safari's security model when handling HTTP redirection can be exploited to execute JavaScript in the local domain via a specially crafted web site.
14) An error in Safari / LaunchServices may cause a malicious application to appear as a safe file type. This may cause a malicious file to be executed automatically when the "Open safe files after downloading" option is enabled.
This vulnerability is related to:
SA18963
15) An input validation error in the Syndication (Safari RSS) component can be exploited to conduct cross-site scripting attacks when subscribing to malicious RSS content.
Solution:
Apply Security Update 2006-001.Mac OS X Security Update Fixes Multiple Vulnerabilities (http://secunia.com/advisories/19064/)
This update is rated Extremely critical.