ID: 3737
Date: 16/12/2008
Title: 3737 - APPLE-SA-2008-12-15 Security Update 2008-008 / Mac OS X v10.5.6
Platform level affected:Operating System
Hardware components affected:Apple MAC
Specific operating systems components affected: Apple Mac OS
Net-enabled software: Other
Security software:Other
Other software: Other
Remediation Summary:Update your copy of the software with the download available from the supplier.
Vendors affected:Apple
Applications affected:OS X
Adversity source: Unknown
Attack Vector: Vulnerability exploitation
Virulence: Unknown
Warning Status: Active
Potential Damage: Remote execution/modification
Possible Duration: Open Ended
Availability of fix: Available
Type of fix: Patch
Source: Apple
Reliability of source: Trusted
Source URL: http://support.apple.com/kb/HT1222
CVE: 2008-4236, 2008-4217, 2008-3623, 2008-3170, 2008-4234, 2008-4818, 2008-4819, 2008-4820, 2008-4821, 2008-4822, 2008-4823, 2008-4824, 2008-4218, 2008-4219, 2008-4220, 2008-4221, 2008-1391, 2008-4237, 2008-4222, 2008-4223, 2008-4224
Abstract: Security Update 2008-008 / Mac OS X v10.5.6 is now available and addresses a number of issues.
APPLE-SA-2008-12-15 Security Update 2008-008 / Mac OS X v10.5.6
Security Update 2008-008 / Mac OS X v10.5.6 is now available and addresses the following issues:
ATS
CVE-ID: CVE-2008-4236
Available for: Mac OS X v10.5 through v10.5.5, Mac OS X Server v10.5 through v10.5.5
Impact: Viewing or downloading a PDF file containing a maliciously crafted embedded font may lead to a denial of service
Description: An infinite loop may occur in the Apple Type Services server's handling of embedded fonts in PDF files. Viewing or downloading a PDF file containing a maliciously crafted embedded font may lead to a denial of service. This update addresses the issue by performing additional validation of embedded fonts. This issue does not affect systems prior to Mac OS X v10.5. Credit to Michael Samarin and Mikko Vihonen of Futurice Ltd. for reporting this issue.
BOM
CVE-ID: CVE-2008-4217
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.5, Mac OS X Server v10.5 through v10.5.5
Impact: Downloading or viewing a maliciously crafted CPIO archive may lead to arbitrary code execution or unexpected application termination
Description: A signedness issue exists in BOM's handling of CPIO headers which may result in a stack buffer overflow. Downloading or viewing a maliciously crafted CPIO archive may lead to arbitrary code execution or unexpected application termination. This update addresses the issue by performing additional validation of CPIO headers. Credit: Apple.
CoreGraphics
CVE-ID: CVE-2008-3623
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.5, Mac OS X Server v10.5 through v10.5.5
Impact: Viewing a maliciously crafted image may lead to an unexpected application termination or arbitrary code execution
Description: A heap buffer overflow exists in the handling of color spaces within CoreGraphics. Viewing a maliciously crafted image may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit: Apple.
CoreServices
CVE-ID: CVE-2008-3170
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.5, Mac OS X Server v10.5 through v10.5.5
Impact: Visiting a maliciously crafted website may lead to the disclosure of user credentials
Description: Safari allows web sites to set cookies for country- specific top-level domains, which may allow a remote attacker to perform a session fixation attack and hijack a user's credentials.
This update addresses the issue by performing additional validation of domain names. Credit to Alexander Clauss of iCab.de for reporting this issue.
CoreTypes
CVE-ID: CVE-2008-4234
Available for: Mac OS X v10.5 through v10.5.5, Mac OS X Server v10.5 through v10.5.5
Impact: Attempting to launch unsafe downloaded content may not lead to a warning
Description: Mac OS X provides the Download Validation capability to indicate potentially unsafe files. Applications such as Safari and others use Download Validation to help warn users prior to launching files marked as potentially unsafe. This update adds to the list of potentially unsafe types. It adds the content type for files that have executable permissions and no specific application association.
These files are potentially unsafe as they will launch in Terminal and their content will be executed as commands. While these files are not automatically launched, if manually opened they could lead to the execution of arbitrary code. This issue does not affect systems prior to Mac OS X v10.5.
Flash Player Plug-in
CVE-ID: CVE-2008-4818, CVE-2008-4819, CVE-2008-4820, CVE-2008-4821, CVE-2008-4822, CVE-2008-4823, CVE-2008-4824 Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.5, Mac OS X Server v10.5 through v10.5.5
Impact: Multiple vulnerabilities in Adobe Flash Player plug-in
Description: Multiple issues exist in the Adobe Flash Player plug- in, the most serious of which may lead to arbitrary code execution when viewing a maliciously crafted web site. The issues are addressed by updating the Flash Player plug-in to version 9.0.151.0. Further information is available via the Adobe web site at
http://www.adobe.com/support/security/bulletins/apsb08-20.html
Kernel
CVE-ID: CVE-2008-4218
Available for: Mac OS X v10.5 through v10.5.5, Mac OS X Server v10.5 through v10.5.5
Impact: A local user may obtain system privileges
Description: Integer overflow issues exist within the i386_set_ldt and i386_get_ldt system calls, which may allow a local user to execute arbitrary code with system privileges. This update addresses the issues through improved bounds checking. These issues do not affect PowerPC systems. Credit to Richard Vaneeden of IOActive, Inc.
for reporting these issues.
Kernel
CVE-ID: CVE-2008-4219
Available for: Mac OS X v10.5 through v10.5.5, Mac OS X Server v10.5 through v10.5.5
Impact: Running an executable that links dynamic libraries on an NFS share may lead to an unexpected system shutdown
Description: An infinite loop may occur when a program located on an NFS share receives an exception. This may lead to an unexpected system shutdown. This update addresses the issue through improved handling of exceptions. Credit to Ben Loer of Princeton University for reporting this issue.
Libsystem
CVE-ID: CVE-2008-4220
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.5, Mac OS X Server v10.5 through v10.5.5
Impact: Applications that use the inet_net_pton API may be vulnerable to arbitrary code execution or an unexpected application termination
Description: An integer overflow exists in Libsystem's inet_net_pton API, which may lead to arbitrary code execution or the unexpected termination of the application using the API. This update addresses the issue through improved bounds checking. This API is not normally called with untrusted data, and no exploitable cases of this issue are known. This update is provided to help mitigate potential attacks against any application using this API.
Libsystem
CVE-ID: CVE-2008-4221
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.5, Mac OS X Server v10.5 through v10.5.5
Impact: Applications that use the strptime API may be vulnerable to arbitrary code execution or unexpected application termination
Description: A memory corruption issue exists in Libsystem's strptime API. Parsing a maliciously crafted date string may lead to arbitrary code execution or unexpected application termination. This update addresses the issue through improved memory allocation.
Credit: Apple.
Libsystem
CVE-ID: CVE-2008-1391
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.5, Mac OS X Server v10.5 through v10.5.5
Impact: Applications that use the strfmon API may be exposed to an unexpected application termination or arbitrary code execution
Description: Multiple integer overflows exist in Libsystem's strfmon implementation. An application calling strfmon with large values of certain integer fields in the format string argument may unexpectedly terminate or lead to arbitrary code execution. This update addresses the issues through improved bounds checking.
Managed Client
CVE-ID: CVE-2008-4237
Available for: Mac OS X v10.5 through v10.5.5, Mac OS X Server v10.5 through v10.5.5
Impact: The managed screen saver settings are not applied
Description: The method by which the software on a managed client system installs per-host configuration information does not always correctly identify the system. On a misidentified system, per-host settings are not applied, including the screen saver lock. This update addresses the issue by having Managed Client use the correct system identification. This issue does not affect systems with built- in Ethernet. Credit to John Barnes of ESRI, and Trevor Lalish-Menagh of Tamman Technologies, Inc. for reporting this issue.
network_cmds
CVE-ID: CVE-2008-4222
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.5, Mac OS X Server v10.5 through v10.5.5
Impact: A remote attacker may be able to cause a denial of service if Internet Sharing is enabled
Description: An infinite loop may occur in the handling of TCP packets in natd. By sending a maliciously crafted TCP packet, a remote attacker may be able to cause a denial of service if Internet Sharing is enabled. This update addresses the issue by performing additional validation of TCP packets. Credit to Alex Rosenberg of Ohmantics, and Gary Teter of Paizo Publishing for reporting this issue.
Podcast Producer
CVE-ID: CVE-2008-4223
Available for: Mac OS X Server v10.5 through v10.5.5
Impact: A remote attacker may be able to access the administrative functions of Podcast Producer
Description: An authentication bypass issue exists in the Podcast Producer server, which may allow an unauthorized user to access administrative functions in the server. This update addresses the issue through improved handling of access restrictions. Podcast Producer was introduced in Mac OS X Server v10.5.
UDF
CVE-ID: CVE-2008-4224
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.5, Mac OS X Server v10.5 through v10.5.5
Impact: Opening an ISO file may lead to an unexpected system shutdown
Description: An input validation issue exists in the handling of malformed UDF volumes. Opening a maliciously crafted ISO file may lead to an unexpected system shutdown. This update addresses the issue through improved input validation. Credit to Mauro Notarianni of PCAX Solutions for reporting this issue.
Security Update 2008-008 and Mac OS X v10.5.6 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/
The Software Update utility will present the update that applies to your system configuration. Only one is needed, either Security Update 2008-008 or Mac OS X v10.5.6.
For Mac OS X v10.5.5
The download file is named: "MacOSXUpd10.5.6.dmg"
Its SHA-1 digest is: 684f67524a92b4314a4bdd52498fb3b6af8f9ded
For Mac OS X v10.5 - v10.5.4
The download file is named: "MacOSXUpdCombo10.5.6.dmg"
Its SHA-1 digest is: 09de4ac2c5591ab75d51ef37dc70f9e5630150d4
For Mac OS X Server v10.5.5
The download file is named: "MacOSXServerUpd10.5.6.dmg"
Its SHA-1 digest is: bd14ab94b9bcc896da1613ac761171b54286bcac
For Mac OS X Server v10.5 - v10.5.4
The download file is named: "MacOSXServerUpdCombo10.5.6.dmg"
Its SHA-1 digest is: e20d8d458be3ec51b0083ff823ce27def00dbca7
For Mac OS X v10.4.11 (Intel)
The download file is named: "SecUpd2008-008Intel.dmg"
Its SHA-1 digest is: 651e592fad1bd158a76459a81d2ebede1f3bedea
For Mac OS X v10.4.11 (PowerPC)
The download file is named: "SecUpd2008-008PPC.dmg"
Its SHA-1 digest is: 9bb2aa7fcc924715b6442e808fc778789f359906
For Mac OS X Server v10.4.11 (Universal) The download file is named: "SecUpdSrvr2008-008Univ.dmg"
Its SHA-1 digest is: 21702064037150cdeb9d708304ee91eb254c7371
For Mac OS X Server v10.4.11 (PowerPC)
The download file is named: "SecUpdSrvr2008-008PPC.dmg"
Its SHA-1 digest is: d0e4720051ea27b8edf0ab2a124d6e9f0e16534c
Information will also be posted to the Apple Security Updates web site:
http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key, and details are available at:
http://www.apple.com/support/security/pgp/
This advisory contains information released by the original author. Some of the information may have changed since it was released. If the issue affects you, it may be prudent to retrieve the advisory from the site of the original source to ensure that you receive the most current information concerning that problem. Reference to any specific commercial product, process, or service by trade name, trademark manufacturer, or otherwise, does not constitute or imply its endorsement, recommendation, or favouring by CPNI.
The views and opinions of authors expressed within this notice shall not be used for advertising or product endorsement purposes. CPNI shall not accept responsibility for any errors or omissions contained within this advisory. In particular, they shall not be liable for any loss or damage whatsoever, arising from or in connection with the usage of information contained within this advisory.
CSIRTUK is a member of the Forum of Incident Response and Security Teams (FIRST) and has contacts with other international Incident Response Teams (IRTs) in order to foster cooperation and coordination in incident prevention, to prompt rapid reaction to incidents, and to promote information sharing amongst its members and the community at large.
Tue, 16 Dec 2008 09:00:00 GMT
Domain affected: Technical