Apple Mac OS X Multiple Security Vulnerabilities
BID:17634
Info
Apple Mac OS X Multiple Security Vulnerabilities
| Bugtraq ID: | 17634 |
| Class: | Unknown |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 20 2006 12:00AM |
| Updated: | May 17 2006 07:59PM |
| Credit: | Tom Ferris is credited with the discovery of these issues. |
| Vulnerable: |
Apple Safari 2.0.3 Apple Safari 2.0.2 Apple Safari 2.0.1 Apple Mobile Safari 0 Apple Mac OS X Server 10.4.6 Apple Mac OS X Server 10.4.5 Apple Mac OS X Server 10.4.4 Apple Mac OS X Server 10.4.3 Apple Mac OS X Server 10.4.2 Apple Mac OS X Server 10.4.1 Apple Mac OS X Server 10.4 Apple Mac OS X Server 10.3.9 Apple Mac OS X Server 10.3.8 Apple Mac OS X Server 10.3.7 Apple Mac OS X Server 10.3.6 Apple Mac OS X Server 10.3.5 Apple Mac OS X Server 10.3.4 Apple Mac OS X Server 10.3.3 Apple Mac OS X Server 10.3.2 Apple Mac OS X Server 10.3.1 Apple Mac OS X Server 10.3 Apple Mac OS X 10.4.6 Apple Mac OS X 10.4.5 Apple Mac OS X 10.4.4 Apple Mac OS X 10.4.3 Apple Mac OS X 10.4.2 Apple Mac OS X 10.4.1 Apple Mac OS X 10.4 Apple Mac OS X 10.3.9 Apple Mac OS X 10.3.8 Apple Mac OS X 10.3.7 Apple Mac OS X 10.3.6 Apple Mac OS X 10.3.5 Apple Mac OS X 10.3.4 Apple Mac OS X 10.3.3 Apple Mac OS X 10.3.2 Apple Mac OS X 10.3.1 Apple Mac OS X 10.3 |
| Not Vulnerable: | |
Discussion
Apple Mac OS X Multiple Security Vulnerabilities
Apple Mac OS X is reported prone to multiple security vulnerabilities.
These issue affect Mac OS X and various applications including Safari, Preview, Finder, QuickTime, and BOMArchiveHelper. A remote attacker may exploit these issues to execute arbitrary code and/or trigger a denial-of-service condition.
Apple Mac OS X 10.4.6 and prior are reported vulnerable to these issues.
Apple Mac OS X is reported prone to multiple security vulnerabilities.
These issue affect Mac OS X and various applications including Safari, Preview, Finder, QuickTime, and BOMArchiveHelper. A remote attacker may exploit these issues to execute arbitrary code and/or trigger a denial-of-service condition.
Apple Mac OS X 10.4.6 and prior are reported vulnerable to these issues.
Exploit / POC
Apple Mac OS X Multiple Security Vulnerabilities
Various proof-of-concept examples are available. Note that Symantec has not verified the integrity of these proofs of concept.
TIFF files:
http://security-protocols.com/poc/sp-x30.html
http://security-protocols.com/poc/sp-x29.html
http://www.security-protocols.com/poc/sp-x24.tiff
ZIP file:
http://security-protocols.com/poc/sp-x25.zip
BMP file:
http://security-protocols.com/poc/sp-x27.html
HTML files to trigger crashes in Safari:
http://security-protocols.com/poc/sp-x26-1.html
http://security-protocols.com/poc/sp-x26-2.html
http://security-protocols.com/poc/sp-x26-4.html
Various proof-of-concept examples are available. Note that Symantec has not verified the integrity of these proofs of concept.
TIFF files:
http://security-protocols.com/poc/sp-x30.html
http://security-protocols.com/poc/sp-x29.html
http://www.security-protocols.com/poc/sp-x24.tiff
ZIP file:
http://security-protocols.com/poc/sp-x25.zip
BMP file:
http://security-protocols.com/poc/sp-x27.html
HTML files to trigger crashes in Safari:
http://security-protocols.com/poc/sp-x26-1.html
http://security-protocols.com/poc/sp-x26-2.html
http://security-protocols.com/poc/sp-x26-4.html
Solution / Fix
Apple Mac OS X Multiple Security Vulnerabilities
Solution:
The vendor has released a security advisory to address the majority of these issues.
Reports indicate that the Safari issues and the 'ReadBMP()' issue have not been addressed.
Apple Mac OS X Server 10.3.9
Apple Mac OS X 10.3.9
Apple Mac OS X Server 10.4.6
Apple Mac OS X 10.4.6
Solution:
The vendor has released a security advisory to address the majority of these issues.
Reports indicate that the Safari issues and the 'ReadBMP()' issue have not been addressed.
Apple Mac OS X Server 10.3.9
-
Apple SecUpdSrvr2006-003Pan.dmg
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=10488&cat= 1&platform=osx&method=sa/SecUpdSrvr2006-003Pan.dmg
Apple Mac OS X 10.3.9
-
Apple SecUpd2006-003Pan.dmg
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=10486&cat= 1&platform=osx&method=sa/SecUpd2006-003Pan.dmg
Apple Mac OS X Server 10.4.6
-
Apple SecUpdSrvr2006-003Ti.dmg
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=10487&cat= 1&platform=osx&method=sa/SecUpdSrvr2006-003Ti.dmg
Apple Mac OS X 10.4.6
References
Apple Mac OS X Multiple Security Vulnerabilities
References:
References:
- About Security Update 2006-003 (Apple)
- Apple OS X 10.4.5 .tiff LZWDecodeVector () Heap Overflow (Security-Protocols)
- Apple OS X 10.4.6 .tiff _cg_TIFFSetField () DoS (Security-Protocols)
- Apple OS X 10.4.6 .tiff PredictorVSetField () Heap Overflow (Security-Protocols)
- Apple OS X 10.4.6 CFAllocatorAllocate () .gif Heap Overflow (Security-Protocols)
- Apple OS X 10.4.6 ReadBMP () .bmp Heap Overflow (Security-Protocols)
- Apple OS X BOM ArchiveHelper .zip Heap Overflow (Security-Protocols)
- Apple OS X Safari 2.0.3 Multiple Vulnerabilities (Security-Protocols)
- Apple Security Updates (Apple)
- Is Apple committed to security�?� or just positive press? (Security-Protocols)
- Mac OS X Homepage (Apple)
- Update: Apple Security Update 2006-003 (tom_ferris)