site_archiver@lists.apple.com Delivered-To: security-announce@lists.apple.com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2005-04-15 Mac OS X v10.3.9 Mac OS X v10.3.9 and Mac OS X Server v10.3.9 are now available and deliver the following security enhancements: Kernel CVE ID: CAN-2005-0969 Impact: A kernel input validation issue can lead to a local denial of service Description: The Kernel contains syscall emulation functionality that was never used in Mac OS X. Insufficient validation of an input parameter list could result in a heap overflow and a local denial of service through a kernel panic. The issue is addressed by removing the syscall emulation functionality. Credit to Dino Dai Zovi for reporting this issue. Kernel CVE ID: CAN-2005-0970 Impact: Permitting SUID/SGID scripts to be installed could lead to privilege escalation. Description: Mac OS X inherited the ability to run SUID/SGID scripts from FreeBSD. Apple does not distribute any SUID/SGID scripts, but the system would allow them to be installed or created. This update removes the ability of Mac OS X to run SUID/SGID scripts. Credit to Bruce Murphy of rattus.net and Justin Walker for reporting this issue. Kernel CVE ID: CAN-2005-0971 CERT: VU#212190 Impact: A Kernel stack overflow in the semop() system call could lead to a local privilege escalation. Description: The incorrect handling of system call arguments could be used to obtain elevated privileges. This update includes a fix to check access to the kernel object. Kernel CVE ID: CAN-2005-0972 CERT: VU#185702 Impact: An integer overflow in the searchfs() system call could allow an unprivileged local user to execute arbitrary code with elevated privileges Description: The searchfs() system call contains an integer overflow vulnerability that could allow an unprivileged local user to execute arbitrary code with elevated privileges. This update adds input validation on the parameters passed to searchfs() to correct the issue. Kernel CVE ID: CAN-2005-0973 Impact: Local system users can cause a system resource starvation Description: A vulnerability in the handling of values passed to the setsockopt() call could allow unprivileged local users to exhaust available memory. Credit to Robert Stump <rds3792@cs.rit.com> for reporting this issue. Kernel CVE ID: CAN-2005-0974 CERT: VU#713614 Impact: Local system users can cause a local denial of service Description: A vulnerability in the nfs_mount() call due to insufficient checks on input values could allow unprivileged local users to create a denial of service via a kernel panic. Kernel CVE ID: CAN-2005-0975 Impact: Local system users can cause a temporary interruption of system operation Description: A vulnerability in the parsing of certain executable files could allow unprivileged local users to temporarily suspend system operations. Credit to Neil Archibald for reporting this issue. Safari CVE ID: CAN-2005-0976 Impact: Remote sites could cause html and javascript to run in the local domain. Description: This update closes a vulnerability that allowed remote websites to load javascript to execute in the local domain. Credit to David Remahl for reporting this issue. Note: It is Apple's standard practice to provide security fixes via a Security Update. On occasion, when a security fix is required to a core system component such as the Kernel, it will be released in a Software Update. Mac OS X v10.3.9 and Mac OS X Server v10.3.9 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ For Mac OS X v10.3.9 If updating from Mac OS X v10.3.8: The download file is named: "MacOSXUpdate10.3.9.dmg" Its SHA-1 digest is: 94ca918ce07f7318488cb5d3a0c754bb3a8c7b07 For Mac OS X v10.3.9 If updating from Mac OS X v10.3 to v10.3.7: The download file is named: "MacOSXUpdateCombo10.3.9.dmg" Its SHA-1 digest is: f74f7e76e7a04ec623046934980edbba8c4798c4 For Mac OS X Server v10.3.9 If updating from Mac OS X Server v10.3.8: The download file is named: "MacOSXServerUpdate10.3.9.dmg" Its SHA-1 digest is: 2a7ac87fa36f5883f1ccb8ef5ab83b2e840896bc For Mac OS X Server v10.3.9 If updating from Mac OS X Server v10.3 to v10.3.7: The download file is named: "MacOSXSrvrUpdCombo10.3.9.dmg" Its SHA-1 digest is: 17d125118ca3b278b7558488364d0aacaf826dbd Information will also be posted to the Apple Product Security web site: http://docs.info.apple.com/article.html?artnum=61798 This message is signed with Apple's Product Security PGP key, and details are available at: http://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 iQEVAwUBQmAk3Zyw5owIz4TQAQIx8gf/XNQ+PrURNg0sdQsTEhxoz/9z1xnwXcHY A8mSrx3eGUpfwGGJFoF13R18bzSuhqO60ldbdOGCU8mgHHBbFQBWONsejttb6TIe 79vczBVMf6ZbpSXUQLCLnsXjgiwfQMMQ+bVrQCfwg4KBeyd+Fb48DxQr1YBLlHY0 bznupfN3O6+ERlpFRV/A9TCFkHQ8gu0pbJlLBVb+ZJA1Jyzo54pN/W/uVYmnywkt an+0q067+RpNDEGXjTNoCROeUIWs3vwGiA1f1Bt3xfeXDTTECJwHIxUpPLmYB91u g3NUEPqy6B/7QG4PNvwTPFkRntM4Gh//XpfXM1/n5W4sVJK0ohpYEg== =+WPr -----END PGP SIGNATURE----- _______________________________________________ Do not post admin requests to the list. They will be ignored. Security-announce mailing list (Security-announce@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/security-announce/site_archiver%40lis... This email sent to site_archiver@lists.apple.com