Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > October 2008 > 3697 - APPLE-SA-2008-10-09 Security Update 2008-007

October 2008

3697 - APPLE-SA-2008-10-09 Security Update 2008-007

ID: 3697
Date: 10/10/2008
Title: 3697 - APPLE-SA-2008-10-09 Security Update 2008-007
Platform level affected:Operating System
Hardware components affected:Apple MAC
Specific operating systems components affected: Apple Mac OS
Net-enabled software: Other
Security software:Other
Other software: Other
Remediation Summary:Update your copy of the software with the download available from the supplier.
Vendors affected:Apple
Applications affected:OS X
Adversity source: Unknown
Attack Vector: Vulnerability exploitation
Virulence: Unknown
Warning Status: Unknown
Potential Damage: Remote execution/modification
Possible Duration: Open Ended
Availability of fix: Available
Type of fix: Patch
Source: Apple
Reliability of source: Trusted
Source URL: http://support.apple.com/kb/HT3216
CVE: CVE-2007-2691, 4850, 5333, 5342, 5461, 5969, 6286, 6420, CVE-2008-0002, 0226, 0227, 0674, 1232, 1389, 1678, 1767, 1947, 2079, 2364, 2370, 2371, 2712, 2938, 3294, 3432, 3641, 3642, 3643, 3645, 3646, 2008-3647, 3912, 3913, 3914, 4101, 4211, 4212, 4214, 4215
Abstract: Apple Security Update 2008-007 is now available and addresses a number of issues.

APPLE-SA-2008-10-09 Security Update 2008-007

Security Update 2008-007 is now available and addresses the following

issues:

Apache

CVE-ID: CVE-2007-6420, CVE-2008-1678, CVE-2008-2364 Available for: Mac OS X v10.5.5, Mac OS X Server v10.5.5

Impact: Multiple vulnerabilities in Apache 2.2.8

Description: Apache is updated to version 2.2.9 to address several vulnerabilities, the most serious of which may lead to cross site request forgery. Apache version 2 is not bundled with Mac OS X Client systems prior to version 10.5. Apache version 2 is bundled with Mac OS X Server v10.4.x systems, but is not active by default. Further information is available via the Apache web site at http://httpd.apache.org/

Certificates

Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.5, Mac OS X Server v10.5.5

Impact: Root certificates have been updated

Description: Several trusted certificates were added to the list of system roots. Several existing certificates were updated to their most recent version. The complete list of recognized system roots may be viewed via the Keychain Access application.

ClamAV

CVE-ID: CVE-2008-1389, CVE-2008-3912, CVE-2008-3913, CVE-2008-3914 Available for: Mac OS X Server v10.4.11, Mac OS X Server v10.5.5

Impact: Multiple vulnerabilities in ClamAV 0.93.3

Description: Multiple vulnerabilities exist in ClamAV 0.93.3, the most serious of which may lead to arbitrary code execution. This update addresses the issues by updating to ClamAV 0.94. ClamAV is not bundled on Mac OS X Client systems. Further information is available via the ClamAV website at http://www.clamav.net/

ColorSync

CVE-ID: CVE-2008-3642

Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.5, Mac OS X Server v10.5.5

Impact: Viewing a maliciously crafted image may lead to an unexpected application termination or arbitrary code execution

Description: A buffer overflow exists in the handling of images with an embedded ICC profile. Opening a maliciously crafted image with an embedded ICC profile may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of ICC profiles in images.

Credit: Apple.

CUPS

CVE-ID: CVE-2008-3641

Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.5, Mac OS X Server v10.5.5

Impact: A remote attacker may be able to cause arbitrary code execution with the privileges of the 'lp' user

Description: A range checking issue exists in the Hewlett-Packard Graphics Language (HPGL) filter, which may cause arbitrary memory to be overwritten with controlled data. If Printer Sharing is enabled, a remote attacker may be able to cause arbitrary code execution with the privileges of the 'lp' user. If Printer Sharing is not enabled, a local user may be able to obtain elevated privileges. This update addresses the issue by performing additional bounds checking. Credit to regenrecht working with TippingPoint's Zero Day Initiative for reporting this issue.

Finder

CVE-ID: CVE-2008-3643

Available for: Mac OS X v10.5.5, Mac OS X Server v10.5.5

Impact: A file on the Desktop may lead to a denial of service

Description: An error recovery issue exists in Finder. A maliciously crafted file on the Desktop which causes Finder to unexpectedly terminate when generating its icon will cause Finder to continually terminate and restart. Until the file is removed, the user account is not accessible via Finder's user interface. This update addresses the issue by generating icons in a separate process. This issue does not affect systems prior to Mac OS X v10.5. Credit to Sergio 'shadown'

Alvarez of n.runs AG for reporting this issue.

launchd

Available for: Mac OS X v10.5.5, Mac OS X Server v10.5.5

Impact: Applications may fail to enter a sandbox when requested

Description: This update addresses an issue introduced in Mac OS X v10.5.5. An implementation issue in launchd may cause an application's request to enter a sandbox to fail. This issue does not affect programs that use the documented sandbox_init API. This update addresses the issue by providing an updated version of launchd. This issue does not affect systems prior to Mac OS X v10.5.5.

libxslt

CVE-ID: CVE-2008-1767

Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.5, Mac OS X Server v10.5.5

Impact: Processing an XML document may lead to an unexpected application termination or arbitrary code execution

Description: A heap buffer overflow issue exists in the libxslt library. Viewing a maliciously crafted HTML page may lead to an unexpected application termination or arbitrary code execution.

Further information on the patch applied is available via http://xmlsoft.org/XSLT/ Credit to Anthony de Almeida Lopes of

Outpost24 AB, and Chris Evans of Google Security Team for reporting this issue.

MySQL Server

CVE-ID: CVE-2007-2691, CVE-2007-5969, CVE-2008-0226, CVE-2008-0227,

CVE-2008-2079

Available for: Mac OS X Server v10.5.5

Impact: Multiple vulnerabilities in MySQL 5.0.45

Description: MySQL is updated to version 5.0.67 to address several vulnerabilities, the most serious of which may lead to arbitrary code execution. These issues only affect Mac OS X Server systems. Further information is available via the MySQL web site at http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-67.html

Networking

CVE-ID: CVE-2008-3645

Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.5, Mac OS X Server v10.5.5

Impact: A local user may obtain system privileges

Description: A heap buffer overflow exists in the local IPC component of configd's EAPOLController plugin, which may allow a local user to obtain system privileges. This update addresses the issue through improved bounds checking. Credit: Apple.

PHP

CVE-ID: CVE-2007-4850, CVE-2008-0674, CVE-2008-2371 Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X Server v10.5.5

Impact: Multiple vulnerabilities in PHP 4.4.8

Description: PHP is updated to version 4.4.9 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the PHP website at http://www.php.net/ These issues only affect systems running Mac OS X v10.4.x, Mac OS X Server v10.4.x, or Mac OS X Server v10.5.x.

Postfix

CVE-ID: CVE-2008-3646

Available for: Mac OS X v10.5.5

Impact: A remote attacker may be able to send mail directly to local users

Description: An issue exists in the Postfix configuration files. For a period of one minute after a local command-line tool sends mail, postfix is accessible from the network. During this time, a remote entity who could connect to the SMTP port may send mail to local users and otherwise use the SMTP protocol. This issue does not cause the system to be an open mail relay. This issue is addressed by modifying the Postfix configuration to prevent SMTP connections from remote machines. This issue does not affect systems prior to Mac OS X

v10.5 and does not affect Mac OS X Server. Credit to Pelle Johansson for reporting this issue.

PSNormalizer

CVE-ID: CVE-2008-3647

Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.5, Mac OS X Server v10.5.5

Impact: Viewing a maliciously crafted PostScript file may lead to an unexpected application termination or arbitrary code execution

Description: A buffer overflow exists in PSNormalizer's handling of the bounding box comment in PostScript files. Viewing a maliciously crafted PostScript file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of PostScript files.

Credit: Apple.

QuickLook

CVE-ID: CVE-2008-4211

Available for: Mac OS X v10.5.5, Mac OS X Server v10.5.5

Impact: Downloading or viewing a maliciously crafted Microsoft Excel file may lead to an unexpected application termination or arbitrary code execution

Description: A signedness issue exists in QuickLook's handling of columns in Microsoft Excel files may result in an out-of-bounds memory access. Downloading or viewing a maliciously crafted Microsoft Excel file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of Microsoft Excel files. This issue does not affect systems prior to Mac OS X v10.5. Credit: Apple.

rlogin

CVE-ID: CVE-2008-4212

Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.5, Mac OS X Server v10.5.5

Impact: Systems that have been manually configured to use rlogin and host.equiv may unexpectedly permit root login

Description: The manpage for the configuration file hosts.equiv indicates that entries do not apply to root. However, an implementation issue in rlogind causes these entries to also apply to root. This update addresses the issue by properly disallowing rlogin from the root user if the remote system is in hosts.equiv. The rlogin service is not enabled by default in Mac OS X, and must be manually configured in order to be enabled. Credit to Ralf Meyer for reporting this issue.

Script Editor

CVE-ID: CVE-2008-4214

Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.5, Mac OS X Server v10.5.5

Impact: A local user may gain the privileges of another user that is using Script Editor

Description: An insecure file operation issue exists in the Script Editor application when opening application scripting dictionaries. A local user can cause the scripting dictionary to be written to an arbitrary path accessible by the user that is running the application. This update addresses the issue by creating the temporary file in a secure location. Credit: Apple.

Single Sign-On

Available for: Mac OS X v10.5.5, Mac OS X Server v10.5.5

Impact: The sso_util command now accepts passwords from a file

Description: The sso_util command now accepts passwords from a file named in the SSO_PASSWD_PATH environment variable. This enables automated scripts to use sso_util more securely.

Tomcat

CVE-ID: CVE-2007-6286, CVE-2008-0002, CVE-2008-1232, CVE-2008-1947, CVE-2008-2370, CVE-2008-2938, CVE-2007-5333, CVE-2007-5342,

CVE-2007-5461

Available for: Mac OS X Server v10.5.5

Impact: Multiple vulnerabilities in Tomcat 6.0.14

Description: Tomcat on Mac OS X v10.5 systems is updated to version

6.0.18 to address several vulnerabilities, the most serious of which may lead to a cross site scripting attack. These issues only affect Mac OS X Server systems. Further information is available via the Tomcat site at http://tomcat.apache.org/

vim

CVE-ID: CVE-2008-2712, CVE-2008-4101, CVE-2008-2712, CVE-2008-3432,

CVE-2008-3294

Available for: Mac OS X v10.5.5, Mac OS X Server v10.5.5

Impact: Multiple vulnerabilities in vim 7.0

Description: Multiple vulnerabilities exist in vim 7.0, the most serious of which may lead to arbitrary code execution when working with maliciously crafted files. This update addresses the issues by updating to vim 7.2.0.22. Further information is available via the vim website at http://www.vim.org/

Weblog

CVE-ID: CVE-2008-4215

Available for: Mac OS X Server v10.4.11

Impact: Access control on weblog postings may not be enforced

Description: An unchecked error condition exists in the weblog server. Adding a user with multiple short names to the access control list for a weblog posting may cause the Weblog server to not enforce the access control. This issue is addressed by improving the way access control lists are saved. This issue only affects systems running Mac OS X Server v10.4. Credit: Apple.

Security Update 2008-007 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site:

http://www.apple.com/support/downloads/

For Mac OS X v10.5.5

The download file is named: "SecUpd2008-007.dmg"

Its SHA-1 digest is: 2e2489a223d13e9d7b9928735b6693ab0cbe6e00

For Mac OS X Server v10.5.5

The download file is named: "SecUpdSrvr2008-007.dmg"

Its SHA-1 digest is: 62db4a0d0688bc047fcf391a20e23e1a72ae292c

For Mac OS X v10.4.11 (Intel)

The download file is named: "SecUpd2008-007Intel.dmg"

Its SHA-1 digest is: 810167ffc3480a897f0b3ef62fdaaed2cfd77f1a

For Mac OS X v10.4.11 (PPC)

The download file is named: "SecUpd2008-007PPC.dmg"

Its SHA-1 digest is: 2e1253241cec2999c8754db40816f801ad80ad8b

For Mac OS X Server v10.4.11 (Universal) The download file is named: "SecUpdSrvr2008-007Univ.dmg"

Its SHA-1 digest is: 7c71ffd314d7412dcb73746151d4fd7c32749415

For Mac OS X Server v10.4.11 (PPC)

The download file is named: "SecUpdSrvr2008-007PPC.dmg"

Its SHA-1 digest is: be0868a142a9e2a6e93d42c3208ca9585a25cc6d

Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key, and details are available at:

http://www.apple.com/support/security/pgp/

This advisory contains information released by the original author. Some of the information may have changed since it was released. If the issue affects you, it may be prudent to retrieve the advisory from the site of the original source to ensure that you receive the most current information concerning that problem. Reference to any specific commercial product, process, or service by trade name, trademark manufacturer, or otherwise, does not constitute or imply its endorsement, recommendation, or favouring by CPNI.

The views and opinions of authors expressed within this notice shall not be used for advertising or product endorsement purposes. CPNI shall not accept responsibility for any errors or omissions contained within this advisory. In particular, they shall not be liable for any loss or damage whatsoever, arising from or in connection with the usage of information contained within this advisory.

CSIRTUK is a member of the Forum of Incident Response and Security Teams (FIRST) and has contacts with other international Incident Response Teams (IRTs) in order to foster cooperation and coordination in incident prevention, to prompt rapid reaction to incidents, and to promote information sharing amongst its members and the community at large.

Fri, 10 Oct 2008 15:30:00 GMT
Domain affected: Technical
  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |