Contact | Site en Français               

 


 

Vulnerabilities & Threats
 
  VUPEN Security Advisories
  Linux Security Advisories

  Malware Advisories
  Zero-Day Monitor
  Search Engine
 
   

>> Apple Mac OS X Code Execution and Security Bypass Vulnerabilities

Title : Apple Mac OS X Code Execution and Security Bypass Vulnerabilities
Advisory ID : VUPEN/ADV-2008-2268
CVE ID : CVE-2007-4850 - CVE-2007-5135 - CVE-2007-6199 - CVE-2007-6200 - CVE-2008-0599 - CVE-2008-0674 - CVE-2008-1447 - CVE-2008-2050 - CVE-2008-2051 - CVE-2008-2320 - CVE-2008-2321 - CVE-2008-2322 - CVE-2008-2323 - CVE-2008-2324 - CVE-2008-2325 - CVE-2008-2830 - CVE-2008-2952
CWE ID : CWE-119 - CWE-189 - CWE-264 - CWE-399
Rated as : Critical 
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2008-08-01

Advisory Details
 
  Description
  Affected Products
  Solution
  References
Technical Description    Receive VUPEN Security alerts in a Text format  Receive VUPEN Security alerts in a PDF format  Receive VUPEN Security alerts in an XML format  Receive VUPEN Security notifications by SMS 

Multiple vulnerabilities have been identified in Apple Mac OS X, which could be exploited by remote or local attackers to disclose sensitive information, bypass security restrictions, cause a denial of service or compromise an affected system.

The first issue is caused by a stack buffer overflow error in CarbonCore when handling overly long filenames, which could be exploited to crash an affected application or execute arbitrary code.

The second vulnerability is caused by memory corruption errors in CoreGraphics when processing certain arguments, which could be exploited to crash an affected application (e.g .web browser) or execute arbitrary code.

The third issue is caused by an integer overflow error in CoreGraphics when processing malformed PDF files, which could be exploited to crash an affected application or execute arbitrary code.

The fourth weakness is caused by a resource consumption in the Data Detectors Engine when handling textual content, which could be exploited to cause a denial of service.

The fifth issue is caused due to insecure permissions being set on "/usr/bin/emacs" by the "Repair Permissions" tool in Disk Utility, which could allow a local user to use emacs to run commands with system privileges.

The sixth vulnerability is caused by memory corruption errors in QuickLook when handling specially crafted MS Office files, which could be exploited by attackers to execute arbitrary code by tricking a user into downloading a malicious Office file.

Other vulnerabilities affecting Scripting Architecture, BIND, OpenLDAP, OpenSSL, PHP and rsync have been fixed. For additional information, see : VUPEN/ADV-2007-3325 - VUPEN/ADV-2007-4057 - VUPEN/ADV-2008-0570 - VUPEN/ADV-2008-1412 - VUPEN/ADV-2008-1905 - VUPEN/ADV-2008-1978 - VUPEN/ADV-2008-2023

Credits

Vulnerabilities reported by Charles Srstka, Dan Kaminsky (IOActive), Thomas Raffetseder (International Secure Systems Lab), Sergio shadown Alvarez (n.runs AG), Michal Zalewski (Google), Pariente Kobi, iDefense Labs, Pariente Kobi, Anton Rang and Brian Timares.

ChangeLog

2008-08-01 : Initial release

Vulnerability Management

Subscribe to VUPEN Security VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@vupen.com.
 


Copyright 2003-2008 © VUPEN.COM - Privacy Policy