Mac OS X v10.3.9 and Mac OS X Server v10.3.9 are now available and
deliver the following security enhancements:
Kernel
CVE ID: CAN-2005-0969
Impact: A kernel input validation issue can lead to a local denial
of service
Description: The Kernel contains syscall emulation functionality
that was never used in Mac OS X. Insufficient validation of an input
parameter list could result in a heap overflow and a local denial of
service through a kernel panic. The issue is addressed by removing
the syscall emulation functionality. Credit to Dino Dai Zovi for
reporting this issue.
Kernel
CVE ID: CAN-2005-0970
Impact: Permitting SUID/SGID scripts to be installed could lead to
privilege escalation.
Description: Mac OS X inherited the ability to run SUID/SGID scripts
from FreeBSD. Apple does not distribute any SUID/SGID scripts, but
the system would allow them to be installed or created. This update
removes the ability of Mac OS X to run SUID/SGID scripts. Credit to
Bruce Murphy of rattus.net and Justin Walker for reporting this
issue.
Kernel
CVE ID: CAN-2005-0971
CERT: VU#212190
Impact: A Kernel stack overflow in the semop() system call could
lead to a local privilege escalation.
Description: The incorrect handling of system call arguments could
be used to obtain elevated privileges. This update includes a fix to
check access to the kernel object.
Kernel
CVE ID: CAN-2005-0972
CERT: VU#185702
Impact: An integer overflow in the searchfs() system call could
allow an unprivileged local user to execute arbitrary code with
elevated privileges
Description: The searchfs() system call contains an integer overflow
vulnerability that could allow an unprivileged local user to execute
arbitrary code with elevated privileges. This update adds input
validation on the parameters passed to searchfs() to correct the
issue.
Kernel
CVE ID: CAN-2005-0973
Impact: Local system users can cause a system resource starvation
Description: A vulnerability in the handling of values passed to the
setsockopt() call could allow unprivileged local users to exhaust
available memory. Credit to Robert Stump <email@hidden> for
reporting this issue.
Kernel
CVE ID: CAN-2005-0974
CERT: VU#713614
Impact: Local system users can cause a local denial of service
Description: A vulnerability in the nfs_mount() call due to
insufficient checks on input values could allow unprivileged local
users to create a denial of service via a kernel panic.
Kernel
CVE ID: CAN-2005-0975
Impact: Local system users can cause a temporary interruption of
system operation
Description: A vulnerability in the parsing of certain executable
files could allow unprivileged local users to temporarily suspend
system operations. Credit to Neil Archibald for reporting this
issue.
Safari
CVE ID: CAN-2005-0976
Impact: Remote sites could cause html and javascript to run in the
local domain.
Description: This update closes a vulnerability that allowed remote
websites to load javascript to execute in the local domain. Credit
to David Remahl for reporting this issue.
Note: It is Apple's standard practice to provide security fixes via
a Security Update. On occasion, when a security fix is required to a
core system component such as the Kernel, it will be released in a
Software Update.
Mac OS X v10.3.9 and Mac OS X Server v10.3.9 may be obtained from the
Software Update pane in System Preferences, or Apple's Software
Downloads web site: http://www.apple.com/support/downloads/
For Mac OS X v10.3.9
If updating from Mac OS X v10.3.8:
The download file is named: "MacOSXUpdate10.3.9.dmg"
Its SHA-1 digest is: 94ca918ce07f7318488cb5d3a0c754bb3a8c7b07
For Mac OS X v10.3.9
If updating from Mac OS X v10.3 to v10.3.7:
The download file is named: "MacOSXUpdateCombo10.3.9.dmg"
Its SHA-1 digest is: f74f7e76e7a04ec623046934980edbba8c4798c4
For Mac OS X Server v10.3.9
If updating from Mac OS X Server v10.3.8:
The download file is named: "MacOSXServerUpdate10.3.9.dmg"
Its SHA-1 digest is: 2a7ac87fa36f5883f1ccb8ef5ab83b2e840896bc
For Mac OS X Server v10.3.9
If updating from Mac OS X Server v10.3 to v10.3.7:
The download file is named: "MacOSXSrvrUpdCombo10.3.9.dmg"
Its SHA-1 digest is: 17d125118ca3b278b7558488364d0aacaf826dbd
