Apple has released security updates to address multiple vulnerabilities identified in Mac OS X. These flaws could be exploited by remote or local attackers to execute arbitrary commands, bypass security restrictions, disclose sensitive information, or conduct cross site scripting and denial of service attacks.
The first issue is due to various errors in "apache_mod_php", which could be exploited by malicious people to bypass security restrictions and conduct cross site scripting or denial of service attacks. For additional information, see : FrSIRT/ADV-2005-2254
The second flaw is due to an error in "automount" when mounting file systems with reserved names, which could be exploited by attackers on the local network to cause a vulnerable system to become unresponsive, or possibly execute arbitrary code.
The third vulnerability is due to a directory traversal error in the BOM framework, which could be exploited by attackers to place malicious files into arbitrary locations by convincing a user to unpack a specially crafted archive.
The fourth issue is due to an error in the "passwd" program that creates temporary files insecurely, which could be exploited by local attackers to create and manipulate files as "root".
The fifth flaw is due to an error in "FileVault" that mounts user directories in an unsafe fashion when creating an image, which could be exploited by malicious users to gain unauthorized access to arbitrary files.
The sixth vulnerability is due to an error in IPSec that fails to properly handle error conditions for virtual private networks, which could be exploited by remote attackers to cause a denial of service.
The seventh issue is due to a heap overflow error in the "LibSystem" library when processing specially crafted requests, which could be exploited by remote attackers to crash a vulnerable application or execute arbitrary commands.
The eighth flaw is due to an error in Mail that does not properly validate file types before being downloaded and executed, which could be exploited by attackers to execute arbitrary commands via a specially crafted email attachment. For additional information, see : FrSIRT/ADV-2006-0671
The ninth vulnerability is due to an error in the compilation options of the Perl binary, which could be exploited by local attackers to obtain elevated privileges. For additional information, see : FrSIRT/ADV-2005-2869
The tenth flaw is due to a heap overflow error in "rsync" when used with the flag that allows extended attributes to be transferred, which could be exploited by authenticated attackers to execute arbitrary commands or cause a denial of service.
The eleventh issue is due to a heap overflow error in WebKit when handling malformed HTML documents, which could be exploited by malicious web sites to compromise a vulnerable system. For additional information, see : FrSIRT/ADV-2005-3058
The twelfth vulnerability is due to a stack overflow error in Safari when processing malformed JavaScript code, which could be exploited by remote attackers to exeucte arbitrary commands via a specially crafted web page.
The thirteenth flaw is due to a cross domain scripting error in Safari when handling HTTP redirections, which could be exploited by malicious web sites to cause the browser to access local files, bypassing security restrictions.
The fourteenth issue is due to an error in Safari that does not properly validate file types before being downloaded and executed, which could be exploited by attackers to execute arbitrary commands via a specially crafted web page. For additional information, see : FrSIRT/ADV-2006-0671
The fifteenth vulnerability is due to an input validation error in Safari RSS syndication when handling specially crafted RSS content, which could allow JavaScript code embedded in feeds to run within the context of the RSS reader document, allowing malicious feeds to circumvent Safari's security model.
Credits
Vulnerabilities reported by Stéphane Kardas, Ilja van Sprundel, vade79, iDefense, OUSPG, Neil Archibald, Jason Self, and Jan-Derk Bakker.
ChangeLog
2006-03-01 : Initial release
Vulnerability Management
Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.
French
