Multiple vulnerabilities have been identified in Apple Mac OS X, which could be exploited by remote or local attackers to execute arbitrary commands, cause a denial of service, disclose sensitive information, or bypass security restrictions.
The first issue is caused by an implementation error in the Alias Manager that does not show identically-named files contained in identically-named mounted disk images, which could be exploited by an attacker to mislead a user into opening a malicious program by enticing that user to mount two identically-named disk images.
The second vulnerability is caused by errors in bind, which could be exploited by attackers to cause a denial of service. For additional information, see : FrSIRT/ADV-2007-0349 - FrSIRT/ADV-2006-3473
The third issue is caused by an integer overflow error in CoreGraphics when handling malformed PDF files, which could be exploited by attackers to execute arbitrary code by tricking a user into opening a malicious PDF file.
The fourth vulnerability is caused by an error in crontabs when executing the daily cleanup script, which could be exploited to cause filesystems mounted in the "/tmp" directory to be deleted.
The fifth issue is caused by an error in Fetchmail, which could be exploited by remote attackers to gain knowledge of sensitive information. For additional information, see : FrSIRT/ADV-2007-1467
The sixth vulnerability is caused by an error in File, which could be exploited by attackers to execute arbitrary code. For additional information, see : FrSIRT/ADV-2007-1040
The seventh issue is caused by a buffer overflow error in the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) code used to create Port Mappings on home NAT gateways in iChat, which could be exploited by an attacker on the local network to execute arbitrary code by sending a specially crafted packet.
The eighth vulnerability is caused by a buffer overflow error in the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) code used to create Port Mappings on home NAT gateways in the OS X mDNSResponder implementation, which could be exploited by an attacker on the local network to execute arbitrary code by sending a specially crafted packet.
The ninth issue is caused by an implementation error in the PPP daemon when loading plugins via the command line, which could be exploited by a local attacker to obtain system privileges.
The tenth vulnerability is caused by errors in Ruby, which could be exploited to cause a denial of service. For additional information, see : FrSIRT/ADV-2006-4244 - FrSIRT/ADV-2006-4855
The eleventh issue is caused by an error in Screen, which could be exploited to conduct denial of service attacks. For additional information, see : FrSIRT/ADV-2006-4189
The twelfth vulnerability is caused by an error in Texinfo. For additional information, see : FrSIRT/ADV-2005-1748
The thirteenth issue is caused by a format string error in vpnd when processing malformed arguments, which could be exploited by local attackers to execute arbitrary code with elevated privileges.
Credits
Vulnerabilities reported by Greg Bolsinga (Blurb), Michael Lynn (Juniper Networks), iDefense Labs and Chris Anley (NGSSoftware).
ChangeLog
2007-05-25 : Initial release
Vulnerability Management
Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.
French
