APPLE-SA-2006-09-29 Mac OS X v10.4.8 and Security Update 2006-006
APPLE-SA-2006-09-29 Mac OS X v10.4.8 and Security Update 2006-006
- Subject: APPLE-SA-2006-09-29 Mac OS X v10.4.8 and Security Update 2006-006
- From: Apple Product Security <email@hidden>
- Date: Fri, 29 Sep 2006 10:50:24 -0700
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2006-09-29 Mac OS X v10.4.8 and Security Update 2006-006
Mac OS X v10.4.8 and Security Update 2006-006 are now available and
provide fixes for the following security issues. Mac OS X v10.4.8
also provides additional functionality changes, and information is
available in its release note.
The Software Update utility will present the update that applies
to your system configuration. Only one is needed, either
Mac OS X v10.4.8 or Security Update 2006-006.
CFNetwork
CVE-ID: CVE-2006-4390
Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS
X v10.4 through Mac OS X v10.4.7, Mac OS X Server v10.4 through
Mac OS X Server v10.4.7
Impact: CFNetwork clients such as Safari may allow
unauthenticated SSL sites to appear as authenticated
Description: Connections created using SSL are normally
authenticated and encrypted. When encryption is implemented
without authentication, malicious sites may be able to pose as
trusted sites. In the case of Safari this may lead to the lock
icon being displayed when the identity of a remote site cannot
be trusted. This update addresses the issue by disallowing
anonymous SSL connections by default. Credit to Adam Bryzak of
Queensland University of Technology for reporting this issue.
Flash Player
CVE-ID: CVE-2006-3311, CVE-2006-3587, CVE-2006-3588,
CVE-2006-4640
Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS
X v10.4 through Mac OS X v10.4.7, Mac OS X Server v10.4 through
Mac OS X Server v10.4.7
Impact: Playing Flash content may lead to arbitrary code
execution
Description: Adobe Flash Player contains critical
vulnerabilities that may lead to arbitrary code execution when
handling maliciously-crafted content. This update addresses the
issues by incorporating Flash Player version 9.0.16.0 on Mac OS
X v10.3.9 and Flash Player version 9.0.20.0 on Mac OS X v10.4
systems.
Further information is available via the Adobe web site at:
http://www.adobe.com/support/security/bulletins/apsb06-11.html
ImageIO
CVE-ID: CVE-2006-4391
Available for: Mac OS X v10.4 through Mac OS X v10.4.7, Mac OS X
Server v10.4 through Mac OS X Server v10.4.7
Impact: Viewing a maliciously-crafted JPEG2000 image may lead to
an application crash or arbitrary code execution
Description: By carefully crafting a corrupt JPEG2000 image, an
attacker can trigger a buffer overflow which may lead to an
application crash or arbitrary code execution. This update
addresses the image by performing additional validation of
JPEG2000 images. This issue does not affect systems prior to Mac
OS X v10.4. Credit to Tom Saxton of Idle Loop Software Design
for reporting this issue.
Kernel
CVE-ID: CVE-2006-4392
Available for: Mac OS X v10.4 through Mac OS X v10.4.7, Mac OS X
Server v10.4 through Mac OS X Server v10.4.7
Impact: Local users may be able to run arbitrary code with
raised privileges
Description: An error handling mechanism in the kernel, known as
Mach exception ports, provides the ability to control programs
when certain types of errors are encountered. Malicious local
users could use this mechanism to execute arbitrary code in
privileged programs if an error is encountered. This update
addresses the issue by restricting access to Mach exception
ports for privileged programs. Credit to Dino Dai Zovi of
Matasano Security for reporting this issue.
LoginWindow
CVE-ID: CVE-2006-4397
Available for: Mac OS X v10.4 through Mac OS X v10.4.7, Mac OS X
Server v10.4 through Mac OS X Server v10.4.7
Impact: After an unsuccessful attempt to log in to a network
account, Kerberos tickets may be accessible to other local users
Description: Due to an unchecked error condition, Kerberos
tickets may not be properly destroyed after unsuccessfully
attempting to log in to a network account via loginwindow. This
could result in unauthorized access by other local users to a
previous user's Kerberos tickets. This update addresses the
issue by clearing the credentials cache after failed logins.
This issue does not affect systems prior to Mac OS X v10.4.
Credit to Patrick Gallagher of Digital Peaks Corporation for
reporting this issue.
LoginWindow
CVE-ID: CVE-2006-4393
Available for: Mac OS X v10.4 through Mac OS X v10.4.7, Mac OS X
Server v10.4 through Mac OS X Server v10.4.7
Impact: Kerberos tickets may be accessible to other local users
if Fast User Switching is enabled
Description: An error in the handling of Fast User Switching may
allow a local user to gain access to the Kerberos tickets of
other local users. Fast User Switching has been updated to
prevent this situation. This issue does not affect systems prior
to Mac OS X v10.4. Credit to Ragnar Sundblad of the Royal
Institute of Technology, Stockholm, Sweden for reporting this
issue.
LoginWindow
CVE-ID: CVE-2006-4394
Available for: Mac OS X v10.4 through Mac OS X v10.4.7, Mac OS X
Server v10.4 through Mac OS X Server v10.4.7
Impact: Network accounts may be able to bypass loginwindow
service access controls
Description: Service access controls can be used to restrict
which users are allowed to log in to a system via loginwindow. A
logic error in loginwindow allows network accounts without GUIDs
to bypass service access controls. This issue only affects
systems that have been configured to use service access controls
for loginwindow and to allow network accounts to authenticate
users without a GUID. The issue has been resolved by properly
handling service access controls in loginwindow. This issue does
not affect systems prior to Mac OS X v10.4.
Preferences
CVE-ID: CVE-2006-4387
Available for: Mac OS X v10.4 through Mac OS X v10.4.7, Mac OS X
Server v10.4 through Mac OS X Server v10.4.7
Impact: After removing an account's Admin privileges, the
account may still manage WebObjects applications
Description: Clearing the "Allow user to administer this
computer" checkbox in System Preferences may fail to remove the
account from the appserveradm or appserverusr groups. These
groups allow an account to manage WebObjects applications. This
update addresses the issue by ensuring the account is removed
from the appropriate groups. This issue does not affect systems
prior to Mac OS X v10.4. Credit to Phillip Tejada of Fruit Bat
Software for reporting this issue.
QuickDraw Manager
CVE-ID: CVE-2006-4395
Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS
X v10.4 through Mac OS X v10.4.7, Mac OS X Server v10.4 through
Mac OS X Server v10.4.7
Impact: Opening a malicious PICT image with certain applications
may lead to an application crash or arbitrary code execution
Description: Certain applications invoke an unsupported
QuickDraw operation to display PICT images. By carefully
crafting a corrupt PICT image, an attacker can trigger memory
corruption in these applications, which may lead to an
application crash or arbitrary code execution. This update
addresses the issue by preventing the unsupported operation.
SASL
CVE-ID: CVE-2006-1721
Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS
X v10.4 through Mac OS X v10.4.7, Mac OS X Server v10.4 through
Mac OS X Server v10.4.7
Impact: Remote attackers may be able to cause an IMAP server
denial of service
Description: An issue in the DIGEST-MD5 negotiation support in
Cyrus SASL can lead to a segmentation fault in the IMAP server
with a maliciously-crafted realm header. This update addresses
the issue through improved handling of realm heders in
authentication attempts.
WebCore
CVE-ID: CVE-2006-3946
Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS
X v10.4 through Mac OS X v10.4.7, Mac OS X Server v10.4 through
Mac OS X Server v10.4.7
Impact: Viewing a maliciously-crafted web page may lead to
arbitrary code execution
Description: A memory management error in WebKit's handling of
certain HTML could allow a malicious web site to cause a crash
or potentially execute arbitrary code as the user viewing the
site. This update addresses the issue by preventing the
condition causing the overflow. Credit to Jens Kutilek of
Netzallee for reporting this issue.
Workgroup Manager
CVE-ID: CVE-2006-4399
Available for: Mac OS X Server v10.4 through Mac OS X Server
v10.4.7
Impact: Accounts in a NetInfo parent that appear to use
ShadowHash passwords may still use crypt
Description: Workgroup Manager appears to allow switching
authentication type from crypt to ShadowHash passwords in a
NetInfo parent, when in actuality it does not. Refreshing the
view of an account in a NetInfo parent will properly indicate
that crypt is still being used. This update addresses the issue
by disallowing administrators from selecting ShadowHash
passwords for accounts in a NetInfo parent. Credit to Chris
Pepper of The Rockefeller University for reporting this issue.
Mac OS X v10.4.8 and Security Update 2006-006 may be obtained from
the Software Update pane in System Preferences, or Apple's Software
Downloads web site:
http://www.apple.com/support/downloads/
The Software Update utility will present the update that applies
to your system configuration. Only one is needed, either
Mac OS X v10.4.8 or Security Update 2006-006.
For Mac OS X v10.3.9
The download file is named: "SecUpd2006-006Pan.dmg"
Its SHA-1 digest is: fddff89d465bd850bb32573857a1dcc66b415a01
For Mac OS X Server v10.3.9
The download file is named: "SecUpdSrvr2006-006Pan.dmg"
Its SHA-1 digest is: 0be0cb9ef603c6d093d863193aa8c83964c110c3
For Mac OS X v10.4.7 (PowerPC)
The download file is named: "MacOSXUpd10.4.8PPC.dmg"
Its SHA-1 digest is: 982d70a52099297e322ba8e4540ef6d30fa5673a
For Mac OS X v10.4 (PowerPC) through v10.4.6 (PowerPC)
The download file is named: "MacOSXUpdCombo10.4.8PPC.dmg"
Its SHA-1 digest is: dfa38c7d99ba103d4b0460859e03bc8437690bd2
For Mac OS X v10.4.7 (Intel)
The download file is named: "MacOSXUpd10.4.8Intel.dmg"
Its SHA-1 digest is: 540955d0c2c7d4b11a3a6951003f02d6b46e8d2d
For Mac OS X v10.4.4 (Intel) through v10.4.6 (Intel)
The download file is named: "MacOSXUpdCombo10.4.8Intel.dmg"
Its SHA-1 digest is: 46ed3360238415adc1612440dda8f58c1443cb37
For Mac OS X Server v10.4.7 (PowerPC)
The download file is named: "MacOSXServerUpd10.4.8PPC.dmg"
Its SHA-1 digest is: c2e7b6483cc2a873c838aa97e629b07d147aa679
For Mac OS X Server v10.4.7 (Universal)
The download file is named: "MacOSXServerUpd10.4.8Univ.dmg"
Its SHA-1 digest is: fb4abd5d926704f6ed73018189e6ce6e0d8be1fd
For Mac OS X Server v10.4 through v10.4.6 (PowerPC)
The download file is named: "MacOSXSrvrCombo10.4.8PPC.dmg"
Its SHA-1 digest is: c84e2cb0ccf1d71b976026d35266c693d7e71954
Information will also be posted to the Apple Security Updates
web site:
http://docs.info.apple.com/article.html?artnum=61798
This message is signed with Apple's Product Security PGP key,
and details are available at:
http://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.6 (Build 6060)
iQEVAwUBRRxmrYmzP5/bU5rtAQhhnAf+KYmtVj8SOXUM/tSzJcV8LDm8GezrhU63
/dI60vzR4c/9D6QvCt2sFWaY5JjvYMuzktIHDeqxuvkwvCfXK8WBr/7pMwEVtL79
9KQ/JiBG9FEXb+BxMk9qlFc5Sc6w0X9ZxIE26qYQoXgu0+iEeeskbyTKnmZrOGO6
dm1QJmOH74V8zYonN3MKqAug36nzulu8dUoA1PXgCwFQ55Wdu0YOW/i/IfpURzVj
NDI5tcBprpqxyAx0fkSu4EWdvL9y/FyO/pYpkeJa+FORNXyUD2/XfBwmAw0NvsbX
97z+IBU86ZUT6VJFJk4jvFzrqKIx6gy78i3YnMXLmRj/epS7dWSg8A==
=e06p
-----END PGP SIGNATURE-----
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden