Apple has released security updates to address multiple vulnerabilities identified in Mac OS X. These flaws could be exploited by remote or local attackers to execute arbitrary commands, cause a denial of service, or disclose sensitive information.
The first issue is due to an error in the AFP server when displaying search results, which could be exploited by malicious users to disclose the names of files and folders for which they have no access.
The second vulnerability is due to a stack overflow error in ImageIO when handling malformed TIFF images, which could be exploited by attackers to crash an affected application or compromise a vulnerable system via a specially crafted TIFF image.
The third flaw is due to an error in the OpenLDAP server that fails to properly handle invalid LDAP requests, which could be exploited by remote attackers to cause a denial of service.
The fourth issue is due to a format string error in the setuid utility "launchd" when logging messages, which could be exploited by malicious users to execute arbitrary commands with elevated privileges.
The fifth vulnerability is due to an error in ClamAV, which could be exploited by attackers to execute arbitrary code by tricking a user into downloading virus signature updates from a malicious web server. For additional information, see : FrSIRT/ADV-2006-1586
Credits
Vulnerabilities reported by Kevin Finisterre, Mu Security research team, and the vendor.
ChangeLog
2006-06-27 : Initial release
Vulnerability Management
Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.
French
