Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > February 2008 > 3567 - APPLE-SA-2008-02-11 Mac OS X v10.5.2 and Security Update 2008-001

February 2008

3567 - APPLE-SA-2008-02-11 Mac OS X v10.5.2 and Security Update 2008-001

ID: 3567
Date: 13/02/2008
Title: 3567 - APPLE-SA-2008-02-11 Mac OS X v10.5.2 and Security Update 2008-001
Platform level affected:Operating System
Hardware components affected:Apple MAC
Specific operating systems components affected: Apple Mac OS
Net-enabled software: Other
Security software:Other
Other software: Other
Remediation Summary:Update your copy of the software with the download available from the supplier.
Vendors affected:Apple
Applications affected:Mac OS
Adversity source: Unknown
Attack Vector: Vulnerability exploitation
Virulence: Unknown
Warning Status: Active
Potential Damage: Remote execution/modification
Possible Duration: Open Ended
Availability of fix: Available
Type of fix: Patch
Source: Apple
Reliability of source: Trusted
Source URL: http://www.apple.com/
CVE: CVE-2007-0355, CVE-2008-0035, CVE-2008-0038, CVE-2008-0039, CVE-2008-0040, CVE-2008-0041, CVE-2007-6015, CVE-2008-0042, CVE-2007-4568, CVE-2008-0037
Abstract: Mac OS X v10.5.2 and Security Update 2008-001 are now available and address a number of issues

APPLE-SA-2008-02-11 Mac OS X v10.5.2 and Security Update 2008-001

Mac OS X v10.5.2 and Security Update 2008-001 are now available and address the following issues:

Directory Services

CVE-ID: CVE-2007-0355

Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11

Impact: A local user may be able to execute arbitrary code with system privileges

Description: A stack buffer overflow exists in the Service Location Protocol (SLP) daemon, which may allow a local user to execute arbitrary code with system privileges. This update addresses the issue through improved bounds checking. This has been described on the Month of Apple Bugs web site (MOAB-17-01-2007). This issue does not affect systems running Mac OS X v10.5 or later. Credit to Kevin Finisterre of Netragard for reporting this issue.

Foundation

CVE-ID: CVE-2008-0035

Available for: Mac OS X v10.5 - v10.5.1, Mac OS X Server v10.5 - v10.5.1

Impact: Accessing a maliciously crafted URL may lead to an application termination or arbitrary code execution

Description: A memory corruption issue exists in Safari's handling of URLs. By enticing a user to access a maliciously crafted URL, an attacker may cause an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of URLs. This issue does not affect systems prior to Mac OS X v10.5.

Launch Services

CVE-ID: CVE-2008-0038

Available for: Mac OS X v10.5 - v10.5.1, Mac OS X Server v10.5 - v10.5.1

Impact: An application removed from the system may still be launched via the Time Machine backup

Description: Launch Services is an API to open applications or their document files or URLs in a way similar to the Finder or the Dock.

Users expect that uninstalling an application from their system will prevent it from being launched. However, when an application has been uninstalled from the system, Launch Services may allow it to be launched if it is present in a Time Machine backup. This update addresses the issue by not allowing applications to be launched directly from a Time Machine backup. This issue does not affect systems prior to Mac OS X v10.5. Credit to Steven Fisher of Discovery Software Ltd. and Ian Coutier for reporting this issue.

Mail

CVE-ID: CVE-2008-0039

Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11

Impact: Accessing a URL in a message may lead to arbitrary code execution

Description: An implementation issue exists in Mail's handling of file:// URLs, which may allow arbitrary applications to be launched without warning when a user clicks a URL in a message. This update addresses the issue by displaying the location of the file in Finder rather than launching it. This issue does not affect systems running Mac OS X v10.5 or later.

NFS

CVE-ID: CVE-2008-0040

Available for: Mac OS X v10.5 - v10.5.1, Mac OS X Server v10.5 - v10.5.1

Impact: If the system is being used as an NFS client or server, a remote attacker may cause an unexpected system shutdown or arbitrary code execution

Description: A memory corruption issue exists in NFS's handling of mbuf chains. If the system is being used as an NFS client or server, a malicious NFS server or client may be able to cause an unexpected system shutdown or arbitrary code execution. This update addresses the issue through improved handling of mbuf chains. This issue does not affect systems prior to Mac OS X v10.5. Credit to Oleg Drokin of Sun Microsystems for reporting this issue.

Open Directory

Available for: Mac OS X v10.4.11, Mac OS X v10.4.11 Server

Impact: NTLM authentication requests may always fail

Description: This update addresses a non-security issue introduced in Mac OS X v10.4.11. An race condition in Open Directory's Active Directory plug-in may terminate the operation of winbindd, causing NTLM authentications to fail. This update addresses the issue by correcting the race condition that could terminate winbindd. This issue only affects Mac OS X v10.4.11 systems configured for use with Active Directory.

Parental Controls

CVE-ID: CVE-2008-0041

Available for: Mac OS X v10.5 - v10.5.1, Mac OS X Server v10.5 - v10.5.1

Impact: Requesting to unblock a website leads to information disclosure

Description: When set to manage web content, Parental Controls will inadvertently contact www.apple.com when a website is unblocked. This allows a remote user to detect the machines running Parental Controls. This update addresses the issue by removing the outgoing network traffic when a website is unblocked. This issue does not affect systems prior to Mac OS X v10.5. Credit to Jesse Pearson for reporting this issue.

Samba

CVE-ID: CVE-2007-6015

Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 - v10.5.1, Mac OS X Server v10.5 - v10.5.1

Impact: A remote attacker may cause an unexpected application termination or arbitrary code execution

Description: A stack buffer overflow may occur in Samba when processing certain NetBIOS Name Service requests. If a system is explicitly configured to allow "domain logons", an unexpected application termination or arbitrary code execution could occur when processing a request. Mac OS X Server systems configured as domain controllers are also affected. This update addresses the issue by applying the Samba patch. Further information is available via the Samba web site at http://www.samba.org/samba/history/security.html

Credit to Alin Rad Pop of Secunia Research for reporting this issue.

Terminal

CVE-ID: CVE-2008-0042

Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 - v10.5.1, Mac OS X Server v10.5 - v10.5.1

Impact: Viewing a maliciously crafted web page may lead to arbitrary code execution

Description: An input validation issue exists in the processing of URL schemes handled by Terminal.app. By enticing a user to visit a maliciously crafted web page, an attacker may cause an application to be launched with controlled command line arguments, which may lead to arbitrary code execution. This update addresses the issue through improved validation of URLs. Credit to Olli Leppanen of Digital Film Finland and Brian Mastenbrook for reporting this issue.

X11

CVE-ID: CVE-2007-4568

Available for: Mac OS X v10.5 - v10.5.1, Mac OS X Server v10.5 - v10.5.1

Impact: Multiple Vulnerabilities in X11 X Font Server (XFS) 1.0.4

Description: Multiple vulnerabilities exist in X11 X Font Server (XFS), the most serious of which may lead to arbitrary code execution. This update addresses the issues by updating to version 1.0.5. Further information is available via the X.Org website at http://www.x.org/wiki/Development/Security

X11

CVE-ID: CVE-2008-0037

Available for: Mac OS X v10.5 - v10.5.1, Mac OS X Server v10.5 - v10.5.1

Impact: Changing the settings in the Security Preferences Panel has no effect

Description: The X11 server is not correctly reading its "Allow connections from network client" preference. This can cause the X11 server to allow connections from network clients, even when the preference is turned off. This update addresses the issue by ensuring that the X11 server correctly reads this preference. This issue does not affect systems prior to Mac OS X v10.5.

Mac OS X v10.5.2 and Security Update 2008-001 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site:

http://www.apple.com/support/downloads/

The Software Update utility will present the update that applies to your system configuration. Only one is needed, either Mac OS X v10.5.2 or Security Update 2008-001.

For Mac OS X v10.5 - v10.5.1

The download file is named: "MacOSXUpdCombo10.5.2.dmg"

Its SHA-1 digest is: 524e0a707afbdeff798cdd9464d62f672136ab5a

For Mac OS X Server v10.5 - v10.5.1

The download file is named: "MacOSXServerUpdCombo10.5.2.dmg"

Its SHA-1 digest is: 1a98a5ce84795c1352e04e4ff4ef448b563a35db

For Mac OS X v10.4.11 (Universal)

The download file is named: "SecUpd2008-001Univ.dmg"

Its SHA-1 digest is: f572a0e29df4b44e124a92d5601ba45772818e02

For Mac OS X Server v10.4.11 (PowerPC)

The download file is named: "SecUpd2008-001PPC.dmg"

Its SHA-1 digest is: bf3ebc69e094000d48d94e997a4d51f25c4824e0

Information will also be posted to the Apple Security Updates web site:

http://docs.info.apple.com/article.html?artnum=61798

This message is signed with Apple's Product Security PGP key, and details are available at:

http://www.apple.com/support/security/pgp/

This advisory contains information released by the original author. Some of the information may have changed since it was released. If the issue affects you, it may be prudent to retrieve the advisory from the site of the original source to ensure that you receive the most current information concerning that problem. Reference to any specific commercial product, process, or service by trade name, trademark manufacturer, or otherwise, does not constitute or imply its endorsement, recommendation, or favouring by CPNI.

The views and opinions of authors expressed within this notice shall not be used for advertising or product endorsement purposes. CPNI shall not accept responsibility for any errors or omissions contained within this advisory. In particular, they shall not be liable for any loss or damage whatsoever, arising from or in connection with the usage of information contained within this advisory.

CSIRTUK is a member of the Forum of Incident Response and Security Teams (FIRST) and has contacts with other international Incident Response Teams (IRTs) in order to foster cooperation and coordination in incident prevention, to prompt rapid reaction to incidents, and to promote information sharing amongst its members and the community at large.

Wed, 13 Feb 2008 12:15:00 GMT
Domain affected: Technical
  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |