APPLE-SA-2008-07-31 Security Update 2008-005
APPLE-SA-2008-07-31 Security Update 2008-005
- Subject: APPLE-SA-2008-07-31 Security Update 2008-005
- From: Apple Product Security <email@hidden>
- Date: Thu, 31 Jul 2008 20:07:45 -0700
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2008-07-31 Security Update 2008-005
Security Update 2008-005 is now available and addresses the following
issues:
Open Scripting Architecture
CVE-ID: CVE-2008-2830
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.4, Mac OS X Server v10.5.4
Impact: A local user may execute commands with elevated privileges
Description: A design issue exists in the Open Scripting
Architecture libraries when determining whether to load scripting
addition plugins into applications running with elevated privileges.
Sending scripting addition commands to a privileged application may
allow the execution of arbitrary code with those privileges. This
update addresses the issue by not loading scripting addition plugins
into applications running with system privileges. The recently
reported ARDAgent and SecurityAgent issues are addressed by this
update. Credit to Charles Srstka for reporting this issue.
BIND
CVE-ID: CVE-2008-1447
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.4, Mac OS X Server v10.5.4
Impact: BIND is susceptible to DNS cache poisoning and may return
forged information
Description: The Berkeley Internet Name Domain (BIND) server is
distributed with Mac OS X, and is not enabled by default. When
enabled, the BIND server provides translation between host names and
IP addresses. A weakness in the DNS protocol may allow remote
attackers to perform DNS cache poisoning attacks. As a result,
systems that rely on the BIND server for DNS may receive forged
information. This update addresses the issue by implementing source
port randomization to improve resilience against cache poisoning
attacks. For Mac OS X v10.4.11 systems, BIND is updated to version
9.3.5-P1. For Mac OS X v10.5.4 systems, BIND is updated to version
9.4.2-P1. Credit to Dan Kaminsky of IOActive for reporting this
issue.
CarbonCore
CVE-ID: CVE-2008-2320
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.4, Mac OS X Server v10.5.4
Impact: Processing long filenames may lead to an unexpected
application termination or arbitrary code execution
Description: A stack buffer overflow exists in the handling of long
filenames. Processing long filenames may lead to an unexpected
application termination or arbitrary code execution. This update
addresses the issue through improved bounds checking. Credit to
Thomas Raffetseder of the International Secure Systems Lab and Sergio
'shadown' Alvarez of n.runs AG for reporting this issue.
CoreGraphics
CVE-ID: CVE-2008-2321
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.4, Mac OS X Server v10.5.4
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: CoreGraphics contains memory corruption issues in the
processing of arguments. Passing untrusted input to CoreGraphics via
an application, such as a web browser, may lead to an unexpected
application termination or arbitrary code execution. This update
addresses the issue through improved bounds checking. Credit to
Michal Zalewski of Google for reporting this issue.
CoreGraphics
CVE-ID: CVE-2008-2322
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.4, Mac OS X Server v10.5.4
Impact: Viewing a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: An integer overflow in the handling of PDF files may
result in a heap buffer overflow. Viewing a maliciously crafted PDF
file may lead to an unexpected application termination or arbitrary
code execution. This update addresses the issue through additional
validation of PDF files. Credit to Pariente Kobi working with the
iDefense VCP for reporting this issue.
Data Detectors Engine
CVE-ID: CVE-2008-2323
Available for: Mac OS X v10.5.4, Mac OS X Server v10.5.4
Impact: Viewing maliciously crafted messages with Data Detectors may
lead to an unexpected application termination
Description: Data Detectors are used to extract reference
information from textual content or archives. A resource consumption
issue exists in Data Detectors' handling of textual content. Viewing
maliciously crafted content in an application that uses Data
Detectors may lead to a denial of service, but not arbitrary code
execution. This issue does not affect systems prior to Mac OS X
v10.5.
Disk Utility
CVE-ID: CVE-2008-2324
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11
Impact: A local user may obtain system privileges
Description: The "Repair Permissions" tool in Disk Utility makes
/usr/bin/emacs setuid. After the Repair Permissions tool has been
run, a local user may use emacs to run commands with system
privileges. This update addresses the issue by correcting the
permissions applied to emacs in the Repair Permissions tool. This
issue does not affect systems running Mac OS X v10.5 and later.
Credit to Anton Rang and Brian Timares for reporting this issue.
OpenLDAP
CVE-ID: CVE-2008-2952
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.4, Mac OS X Server v10.5.4
Impact: A remote attacker may be able to cause an unexpected
application termination
Description: An issue exists in OpenLDAP's ASN.1 BER decoding.
Processing a maliciously crafted LDAP message may trigger an
assertion and lead to an unexpected application termination of the
OpenLDAP daemon, slapd. This update addresses the issue by performing
additional validation of LDAP messages.
OpenSSL
CVE-ID: CVE-2007-5135
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.4, Mac OS X Server v10.5.4
Impact: A remote attacker may be able to cause an unexpected
application termination or arbitrary code execution
Description: A range checking issue exists in the
SSL_get_shared_ciphers() utility function within OpenSSL. In an
application using this function, processing maliciously crafted
packets may lead to an unexpected application termination or
arbitrary code execution. This update addresses the issue through
improved bounds checking.
PHP
CVE-ID: CVE-2008-2051, CVE-2008-2050, CVE-2007-4850, CVE-2008-0599,
CVE-2008-0674
Available for: Mac OS X v10.5.4, Mac OS X Server v10.5.4
Impact: Multiple vulnerabilities in PHP 5.2.5
Description: PHP is updated to version 5.2.6 to address multiple
vulnerabilities, the most serious of which may lead to arbitrary code
execution. Further information is available via the PHP website at
http://www.php.net/ PHP version 5.2.x is only provided with Mac OS X
v10.5 systems.
QuickLook
CVE-ID: CVE-2008-2325
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.4, Mac OS X Server v10.5.4
Impact: Downloading a maliciously crafted Microsoft Office file may
lead to an unexpected application termination or arbitrary code
execution
Description: Multiple memory corruption issues exist in QuickLook's
handling of Microsoft Office files. Downloading a maliciously crafted
Microsoft Office file may lead to an unexpected application
termination or arbitrary code execution. This update addresses the
issue through improved bounds checking. This issue does not affect
systems prior to Mac OS X v10.5.
rsync
CVE-ID: CVE-2007-6199, CVE-2007-6200
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.4, Mac OS X Server v10.5.4
Impact: Files outside the module root may be accessed or overwritten
remotely
Description: Path validation issues exist in rsync's handling of
symbolic links when running in daemon mode. Placing symbolic links in
an rsync module may allow files outside of the module root to be
accessed or overwritten. This update addresses the issue through
improved handling of symbolic links. Further information on the
patches applied is available via the rsync web site at
http://rsync.samba.org/
Security Update 2008-005 may be obtained from the Software Update
pane in System Preferences, or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/
For Mac OS X v10.5.4 and Mac OS X Server 10.5.4
The download file is named: "SecUpd2008-005.dmg"
Its SHA-1 digest is: 9c4fd4ee59965819427445f6de172c42b223e6e1
For Mac OS X v10.4.11 (Intel)
The download file is named: "SecUpd2008-005Intel.dmg"
Its SHA-1 digest is: 1ff3242935c98325769b33148a2a8b1e72db567c
For Mac OS X v10.4.11 (PPC)
The download file is named: "SecUpd2008-005PPC.dmg"
Its SHA-1 digest is: 2f56ea4311d5b85de3c494f6fee46360e5b7317e
For Mac OS X Server v10.4.11 (Universal)
The download file is named: "SecUpdSrvr2008-005Univ.dmg"
Its SHA-1 digest is: 256401659308a634cee06b00d1a6ae9dc20b5467
For Mac OS X Server v10.4.11 (PPC)
The download file is named: "SecUpdSrvr2008-005PPC.dmg"
Its SHA-1 digest is: d310d471bd39df92cb5580e18f356a222824d7d2
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
http://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.3 (Build 2932)
iQEVAwUBSJJ9c3kodeiKZIkBAQiWmggAmx3HBLe2vwoDmCr+ycU+orkLNDvRW0zJ
Kq8rJZNRC4HwoDvAdduzNcwL9vudnJqcY0ZEGaXp6USRPjvioFUZJNUoDG/1goj5
E6q9velCEgu67WBT66ampy9oyqaHFP5YdWKKDg4AvGeFiJqgplFsBEaCqr7xigoh
T+xbPAzWt5aXp8rlAnZPhEFbK7ZAQEGEtoc5UnSdTlm4mwDdMRszG8JhgpoiII72
8LIjZpf7cMf0neUua2pvGDNITHoZfNWg2a11CyIDilIPUj7Vl4Rhfw6b+bcSK6Po
FMS1ZF0D9I58j6KLQ2LuSr0lB0Xd1tfsZGlCNdWQzK5RH/UrmbEMXg==
=k/dw
-----END PGP SIGNATURE-----
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden