Apple has released security patches to correct multiple vulnerabilities affecting Mac OS X. These flaws could be exploited by remote or local attackers to execute arbitrary commands, cause a denial of service, obtain elevated privileges, or disclose sensitive information.
- A buffer overflow error in the apache htdigest program could be exploited by a remote attacker to execute arbitrary commands.
- Apache restricts access to files in a case sensitive manner, but the HFS+ filesystem accesses files in a case insensitive manner, which could be exploited by remote attackers to read ".ht*" and ".DS_Store" files.
- An error in apache makes it possible to bypass the normal file handlers, which could be exploited by attackers to retrieve file data and resource fork content via HTTP requests.
- A buffer overflow error in AppKit when processing specially crafted rich text files could be exploited by attackers to execute arbitrary commands.
- A buffer overflow error in AppKit when processing specially crafted Word (.doc) files could be exploited to execute arbitrary commands.
- An unspecified error in AppKit could be exploited by malicious users (with physical access) to create additional accounts.
- An error when selecting the "Require pairing for security" option in Bluetooth preferences could cause the System Profiler to be labeled with "Requires Authentication: No.".
- A buffer overflow error in the CoreFoundation framework when handling specially crafted command line arguments could be exploited to execute arbitrary commands.
- An error in CUPS when handling multiple simultaneous print jobs or when receiving a partial IPP request and a client terminates could be exploited by attackers to cause a denial of service.
- A buffer overflow error in Directory Services when handling authentication could be exploited by remote attackers to execute arbitrary commands.
- Multiple errors in the privileged tool "dsidentity" could be exploited by malicious users to add or remove identity user accounts in Directory Services.
- An error in "slpd" could lead to an insecure temporary file creation in the world-writable "/tmp" directory, which could be exploited by local attackers to obtain elevated privileges.
- An error in HItoolbox could cause, under certain circumstances, secure input fields to be disclosed to VoiceOver services.
- A heap overflow error in Kerberos when handling password history could be exploited by local attackers to execute arbitrary code on a Key Distribution Center (KDC).
- Multiple buffer overflow vulnerabilities in Kerberos could b exploited by remote attackers to compromise a KDC or cause a denial of service. For additional information, see : FrSIRT/ADV-2005-1066
- An error in Kerberos authentication when enabled in addition to LDAP could be exploited by attackers to gain "root" privileges.
- An error in the handling of Fast User Switching can allow a local user who knows the password for two accounts to log into a third account without knowing the password.
- An error in Mail.app when used to print or forward HTML messages, could cause the application to load remote images even if a user's preferences disallow it, which may be considered as a privacy leak.
- Multiple errors in MySQL could be exploited by remote authenticated users to execute arbitrary commands.
- Multiple errors in OpenSSL could be exploited by remote attackers to cause a denial of service.
- A buffer overflow error in the "ping" utility could be exploited by local users to obtain elevated privileges.
- An error in QuartzComposerScreenSaver could be exploited by local users to open webpages while the RSS Visualizer screen saver is locked.
- An error in Safari when clicking on a link in a specially crafted rich text file could be exploited by attackers to execute arbitrary commands.
- An error in Safari when handling submitted forms in an XSL formatted page could cause sensitive information to be inadvertently submitted to the wrong site.
- An error in the password assistant when adding multiple accounts could cause the previously suggested passwords to be disclosed.
- A buffer overflow error in the authentication procedure of "servermgrd" could be exploited by remote attackers to execute arbitrary commands.
- An error in the Server Admin tool could cause certain firewall policies to not be written to the Active Rules.
- Multiple input validation errors in SquirrelMail could be exploited by attackers to cause arbitrary scripting code to be executed by the user's browser. For additional information, see : FrSIRT/ADV-2005-0800
- A buffer overflow error in the "traceroute" utility could be exploited by local users to obtain elevated privileges.
- An error in Safari when clicking on a link in a specially crafted PDF file could be exploited by attackers to execute arbitrary commands.
- Multiple input validation errors in Weblog Server could be exploited to conduct cross site scripting attacks.
- An integer overflow error in libXPM when handling a specially crafted "bitmap_unit" value could be exploited by attackers to execute arbitrary commands or cause a denial of service. For additional information, see : FrSIRT/ADV-2005-0471
- A buffer overflow error in Zlib when processing malformed data streams could be exploited by attackers to execute arbitrary code. For additional information, see : FrSIRT/ADV-2005-0978
ChangeLog
2005-08-16 : Initial release
Vulnerability Management
Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.
French
