Multiple vulnerabilities have been identified in Apple Mac OS X, which could be exploited by remote or local attackers to cause a denial of service, disclose sensitive information, bypass security restrictions or compromise an affected system.
The first issue is caused by a memory corruption error in Safari when handling malformed URLs, which could be exploited by attackers to crash a vulnerable browser or execute arbitrary code.
The second weakness is caused by a design error in Launch Services, which could allow an uninstalled application to be launched if it is present in a Time Machine backup.
The third vulnerability is caused by an implementation issue in Mail's handling of "file://" URLs, which could allow arbitrary applications to be launched without warning when a user clicks a URL in a message.
The fourth issue is caused by a memory corruption error in NFS's handling of mbuf chains, which could be exploited by attackers to crash or compromise an affected system.
The fifth weakness is caused by an error in Parental Controls that inadvertently contact www.apple.com when a website is unblocked, which could allow a remote user to detect the machines running Parental Controls.
The sixth issue is caused by an error in Samba. For additional information, see : FrSIRT/ADV-2007-4153
The seventh vulnerability is caused by an input validation error in the processing of URL schemes handled by Terminal.app, which could be exploited by a malicious web site to cause an application to be launched with controlled command line arguments, which may lead to arbitrary code execution.
The eighth issue is caused by errors in X11. For additional information, see : FrSIRT/ADV-2007-3337
The ninth vulnerability is caused by an error in the X11 server that does not correctly read its "Allow connections from network client" preference, which can cause the X11 server to allow connections from network clients, even when the preference is turned off.
Credits
Vulnerabilities reported by Kevin Finisterre (Netragard), Steven Fisher (Discovery Software), Ian Coutier, Oleg Drokin (Sun Microsystems), Jesse Pearson, Alin Rad Pop (Secunia Research), Olli Leppanen (Digital Film Finland) and Brian Mastenbrook.
ChangeLog
2008-02-12 : Initial release
Vulnerability Management
Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.
French
