Multiple vulnerabilities have been identified in Apple Mac OS X, which could be exploited by remote or local attackers to execute arbitrary commands, cause a denial of service, disclose sensitive information, or bypass security restrictions.
The first weakness is due to an error in CFNetwork clients (e.g. Safari) that allow anonymous SSL connections by default, which could be exploited by unauthenticated SSL sites to appear as authenticated.
The second issue is due to errors in flash player, which could be exploited by remote attackers to execute arbitrary commands. For additional information, see : FrSIRT/ADV-2006-3573
The third flaw is due to a buffer overflow error in ImageIO when processing malformed JPEG2000 images, which could be exploited by attackers to compromise a vulnerable system.
The fourth vulnerability is due to an error in the Kernel Mach exception ports mechanism, which could be exploited by malicious users to execute arbitrary commands with elevated privileges.
The fifth issue is due to an unchecked error condition in Kerberos where certain tickets are not properly destroyed after an unsuccessful attempt to log in to a network account via loginwindow, which could be exploited by malicious users to gain unauthorized access to a previous user's Kerberos tickets.
The sixth issue is due to an error in Fast User Switching, which could be exploited by malicious users to gain unauthorized access to the Kerberos tickets of other users.
The seventh flaw is due to a logic error in LoginWindow when used with service access controls, which could be exploited by attackers to bypass security restrictions.
The eighth issue is due to an error in the "Allow user to administer this computer" checkbox (System Preferences) that, when cleared, fails to remove accounts from the appserveradm or appserverusr groups.
The ninth vulnerability is due to a memory corruption error in certain applications that invoke an unsupported QuickDraw operation to display PICT images, which could be exploited by attackers to compromise a vulnerable system.
The tenth flaw is due to an error in Cyrus SASL, which could be exploited by remote attackers to crash the IMAP server. For additional information, see : FrSIRT/ADV-2006-1306
The eleventh vulnerability is due to a memory management error in WebKit's handling of certain HTML documents, which could be exploited by attackers to compromise a vulnerable system. For additional information, see : FrSIRT/ADV-2006-3069
The twelfth issue is due to an error in the Workgroup Manager, which could cause accounts in a NetInfo parent that appear to use ShadowHash passwords to still use crypt.
Credits
Vulnerabilities reported by Adam Bryzak, Tom Saxton, Dino Dai Zovi, Patrick Gallagher, Ragnar Sundblad, Phillip Tejada, and Chris Pepper.
ChangeLog
2006-09-30 : Initial release
Vulnerability Management
Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.
French
