site_archiver@lists.apple.com Delivered-To: security-announce@lists.apple.com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2007-05-24 Security Update 2007-005 Security Update 2007-005 is now available and addresses the following issues: Alias Manager CVE-ID: CVE-2007-0740 Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9 Impact: Users may be misled into opening a substituted file Description: In certain circumstances, an implementation issue in Alias Manager will not show identically-named files contained in identically-named mounted disk images. By enticing a user to mount two identically-named disk images, an attacker could mislead the user into opening a malicious program. This update addresses the issue by performing additional validation of mountpaths. Credit to Greg Bolsinga of Blurb, Inc. for reporting this issue. BIND CVE-ID: CVE-2007-0493, CVE-2007-0494, CVE-2006-4095,CVE-2006-4096 Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9 Impact: Multiple vulnerabilities in BIND, the most serious of which is remote denial of service Description: BIND is updated to version 9.3.4. Further information is available via the ISC web site at http://www.isc.org/index.pl?/sw/bind/ CoreGraphics CVE-ID: CVE-2007-0750 Available for: Mac OS X v10.4.9, Mac OS X Server v10.4.9 Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: An integer overflow vulnerability exists in the handling of PDF files. By enticing a user to open a maliciously crafted PDF file, an attacker could trigger the overflow which may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of PDF files. This issue does not affect systems prior to Mac OS X v10.4. crontabs CVE-ID: CVE-2007-0751 Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9 Impact: The daily /tmp cleanup script may lead to a denial of service Description: Filesystems mounted in the /tmp directory may be deleted when the daily cleanup script is executed, which may lead to a denial of service. This update addresses the issues by updating the daily cleanup script to prevent find commands from descending into mounted filesystems. fetchmail CVE-ID: CVE-2007-1558 Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9 Impact: fetchmail password disclosure may be possible Description: fetchmail is updated to version 6.3.8 to address a cryptographic weakness that could lead to the disclosure of fetchmail passwords. Further information is available via the fetchmail web site at http://fetchmail.berlios.de/fetchmail-SA-2007-01.txt file CVE-ID: CVE-2007-1536 Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9 Impact: Running the file command on a maliciously crafted file may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow vulnerability exists in the file command line tool, which may lead to an unexpected application termination or arbitrary code execution. This update addresses by performing additional validation of files that are passed to the file command. iChat CVE-ID: CVE-2007-2390 Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9 Impact: An attacker on the local network may be able to cause a denial of service or arbitrary code execution Description: A buffer overflow vulnerability exists in the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) code used to create Port Mappings on home NAT gateways in iChat. By sending a maliciously crafted packet, an attacker on the local network can trigger the overflow which may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation when processing UPnP protocol packets in iChat. mDNSResponder CVE-ID: CVE-2007-2386 Available for: Mac OS X v10.4.9, Mac OS X Server v10.4.9 Impact: An attacker on the local network may be able to cause a denial of service or arbitrary code execution Description: A buffer overflow vulnerability exists in the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) code used to create Port Mappings on home NAT gateways in the OS X mDNSResponder implementation. By sending a maliciously crafted packet, an attacker on the local network can trigger the overflow which may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation when processing UPnP protocol packets. This issue does not affect systems prior to Mac OS X v10.4. Credit to Michael Lynn of Juniper Networks for reporting this issue. PPP CVE-ID: CVE-2007-0752 Available for: Mac OS X v10.4.9, Mac OS X Server v10.4.9 Impact: A local user may obtain system privileges Description: An implementation issue exists in the PPP daemon when loading plugins via the command line, which allows a local user to obtain system privileges. This update addresses the issue by allowing only the superuser to load plugins. This issue does not affect systems prior to Mac OS X v10.4. Credit to an anonymous researcher working with the iDefense VCP for reporting this issue. ruby CVE-ID: CVE-2006-5467, CVE-2006-6303 Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9 Impact: Denial of service vulnerabilities in the Ruby CGI library Description: Multiple denial of service issues exist in the Ruby CGI library. By sending maliciously crafted HTTP requests to a web application using cgi.rb, an attacker could trigger an issue which may lead to a denial of service. This update addresses the issues by applying the Ruby patches. screen CVE-ID: CVE-2006-4573 Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9 Impact: Multiple denial of service vulnerabilities in GNU Screen Description: The screen command line tool is updated to address multiple denial of service vulnerabilities. Further information is available via the GNU web site at http://lists.gnu.org/archive/html/screen-users/2006-10/msg00028.html texinfo CVE-ID: CVE-2005-3011 Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9 Impact: A local user may cause another user running texinfo to overwrite arbitrary files Description: A file handling issue exists in texinfo, which may allow a local user to create or overwrite files with the privileges of the user running texinfo. This update addresses the issue through improved handling of temporary files. VPN CVE-ID: CVE-2007-0753 Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9 Impact: A local user may obtain system privileges Description: A format string vulnerability exists in vpnd. By running the vpnd command with maliciously crafted arguments, a local user can trigger the vulnerability which may lead to arbitrary code execution with system privileges. This update addresses the issue by performing additional validation of the arguments passed to vpnd. Credit to Chris Anley of NGSSoftware for reporting this issue. Security Update 2007-005 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ For Mac OS X v10.4.9 (PowerPC) and Mac OS X Server v10.4.9 (PowerPC) The download file is named: "SecUpd2007-005Ti.dmg" Its SHA-1 digest is: 7cad5f9bd497af88342ace4f908679e186d11540 For Mac OS X v10.4.9 (Universal) and Mac OS X Server v10.4.9 (Universal) The download file is named: "SecUpd2007-005Univ.dmg" Its SHA-1 digest is: 539f872ac444dc707d73991a914c58ed32d51677 For Mac OS X v10.3.9 The download file is named: "SecUpd2007-005Pan.dmg" Its SHA-1 digest is: 2dfb56137a47a9e1b335efc7aa5bf405cc8e046e For Mac OS X Server v10.3.9 The download file is named: "SecUpdSrvr2007-005Pan.dmg" Its SHA-1 digest is: 5673f4e3b99cd2c27d46a80892453298f5ba43cb Information will also be posted to the Apple Product Security web site: http://docs.info.apple.com/article.html?artnum=61798 This message is signed with Apple's Product Security PGP key, and details are available at: http://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQEVAwUBRl3R98gAoqu4Rp5tAQjQWgf8D4RFX0EDEDWptthJwtclmQOu55ODBDNO ZZ5n1dT+YjIDUVrF1IyY09BfMbEh/CGggF0M6NS7P5gHuDVfQ2+XxJ/fnIpY3uUo rSEQ2PCrunzreIU3Fti9A7ihUwFUK8Fo06jb1/3BaWquiHkb6KDxG75H3xWjzFph 6l25qEzNi7Pg5z9MF3UbX1mepABf2F2NpmiKmyuraOzdLVbkUOrqHMwkErnERV19 T3skYrbISlLRSDtCmpGJ9jGJ33vmmQJ60uHarF6uw6KwQnb8vNJycuX3SHgHNCt+ lVpaXmDb6YzdhkDPu7Pwxi5Hh32Ll07aa5GNu6t/FU1ELhqkViwVNw== =tkfV -----END PGP SIGNATURE----- _______________________________________________ Do not post admin requests to the list. They will be ignored. Security-announce mailing list (Security-announce@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/security-announce/site_archiver%40lis... This email sent to site_archiver@lists.apple.com