Apple Mac OS X Multiple Applications Multiple Vulnerabilities
BID:22948
Info
Apple Mac OS X Multiple Applications Multiple Vulnerabilities
| Bugtraq ID: | 22948 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-0719 CVE-2007-0721 CVE-2007-0722 CVE-2007-0723 CVE-2007-0724 CVE-2007-0733 CVE-2007-0726 CVE-2007-0728 CVE-2007-0730 CVE-2007-0731 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 05 2007 12:00AM |
| Updated: | Apr 20 2007 05:11PM |
| Credit: | Ferris of Security-Protocols, Andrew Garber of University of Victoria, Alex Harper, Michael Evans, Luke Church of the Computer Laboratory University of Cambridge, Jeff Mccune of The Ohio State University, and Cameron Kay of Massey University New Zealand a |
| Vulnerable: |
Apple Mac OS X Server 10.4.8 Apple Mac OS X Server 10.4.7 Apple Mac OS X Server 10.4.6 Apple Mac OS X Server 10.4.5 Apple Mac OS X Server 10.4.4 Apple Mac OS X Server 10.4.3 Apple Mac OS X Server 10.4.2 Apple Mac OS X Server 10.4.1 Apple Mac OS X Server 10.4 Apple Mac OS X Server 10.3.9 Apple Mac OS X 10.4.8 Apple Mac OS X 10.4.7 Apple Mac OS X 10.4.6 Apple Mac OS X 10.4.5 Apple Mac OS X 10.4.4 Apple Mac OS X 10.4.3 Apple Mac OS X 10.4.2 Apple Mac OS X 10.4.1 Apple Mac OS X 10.4 Apple Mac OS X 10.3.9 |
| Not Vulnerable: |
Apple Mac OS X Server 10.4.9 Apple Mac OS X 10.4.9 |
Discussion
Apple Mac OS X Multiple Applications Multiple Vulnerabilities
Mac OS X is prone to multiple vulnerabilities including stack-based buffer-overflow issues, denial-of-service vulnerabilities, two memory-corruption issues, an integer-overflow issue, two authentication-bypass issues, an information-disclosure vulnerability, and an insecure command-execution issue.
An attacker can exploit these issues to execute arbitrary code in the context of the user running the application, cause denial-of-service conditions, compromise the application, and access or modify data.
Few details regarding these issues are currently available. Separate BIDs for each issue will be created as new information becomes available.
Mac OS X and Mac OS X Server versions 10.3.9 and 10.4 through 10.4.8 are vulnerable.
Mac OS X is prone to multiple vulnerabilities including stack-based buffer-overflow issues, denial-of-service vulnerabilities, two memory-corruption issues, an integer-overflow issue, two authentication-bypass issues, an information-disclosure vulnerability, and an insecure command-execution issue.
An attacker can exploit these issues to execute arbitrary code in the context of the user running the application, cause denial-of-service conditions, compromise the application, and access or modify data.
Few details regarding these issues are currently available. Separate BIDs for each issue will be created as new information becomes available.
Mac OS X and Mac OS X Server versions 10.3.9 and 10.4 through 10.4.8 are vulnerable.
Exploit / POC
Apple Mac OS X Multiple Applications Multiple Vulnerabilities
To exploit some of these issues, an attacker must entice an unsuspecting user to execute a malicious file.
Currently we are not aware of any exploits for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
To exploit some of these issues, an attacker must entice an unsuspecting user to execute a malicious file.
Currently we are not aware of any exploits for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution / Fix
Apple Mac OS X Multiple Applications Multiple Vulnerabilities
Solution:
Apple has released advisory APPLE-SA-2007-03-13 and Mac OS X 10.4.9 to address this issue. Please see the references for more information.
Due to a packaging issue, the fix that was originally distributed via the Mac OS X v10.4.9 update may not have been delivered to all systems. The APPLE-SA-2007-04-19 update redistributes the fix in order to reach all affected systems. Please see the reference section for more information.
Apple Mac OS X 10.3.9
Apple Mac OS X Server 10.3.9
Apple Mac OS X Server 10.4
Apple Mac OS X 10.4
Apple Mac OS X Server 10.4.1
Apple Mac OS X 10.4.1
Apple Mac OS X 10.4.2
Apple Mac OS X Server 10.4.2
Apple Mac OS X Server 10.4.3
Apple Mac OS X 10.4.3
Apple Mac OS X 10.4.4
Apple Mac OS X Server 10.4.4
Apple Mac OS X Server 10.4.5
Apple Mac OS X 10.4.5
Apple Mac OS X Server 10.4.6
Apple Mac OS X 10.4.6
Apple Mac OS X 10.4.7
Apple Mac OS X Server 10.4.7
Apple Mac OS X Server 10.4.8
Apple Mac OS X 10.4.8
Solution:
Apple has released advisory APPLE-SA-2007-03-13 and Mac OS X 10.4.9 to address this issue. Please see the references for more information.
Due to a packaging issue, the fix that was originally distributed via the Mac OS X v10.4.9 update may not have been delivered to all systems. The APPLE-SA-2007-04-19 update redistributes the fix in order to reach all affected systems. Please see the reference section for more information.
Apple Mac OS X 10.3.9
-
Apple Security Update 2007-004 (10.3.9 Server)
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=13655&cat= 1&platform=osx&method=sa/SecUpdSrvr2007-004Pan.dmg -
Apple Mac OS X v10.4.9
http://www.apple.com/support/downloads/ -
Apple Security Update 2007-004 (10.3.9 Client)
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=13657&cat= 1&platform=osx&method=sa/SecUpd2007-004Pan.dmg -
Apple Security Update 2007-004 (Universal)
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=13659&cat= 1&platform=osx&method=sa/SecUpd2007-004Univ.dmg
Apple Mac OS X Server 10.3.9
-
Apple Mac OS X v10.4.9
http://www.apple.com/support/downloads/ -
Apple Security Update 2007-004 (Universal)
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=13659&cat= 1&platform=osx&method=sa/SecUpd2007-004Univ.dmg
Apple Mac OS X Server 10.4
-
Apple Mac OS X v10.4.9
http://www.apple.com/support/downloads/
Apple Mac OS X 10.4
-
Apple Mac OS X v10.4.9
http://www.apple.com/support/downloads/
Apple Mac OS X Server 10.4.1
-
Apple Mac OS X v10.4.9
http://www.apple.com/support/downloads/
Apple Mac OS X 10.4.1
-
Apple Mac OS X v10.4.9
http://www.apple.com/support/downloads/
Apple Mac OS X 10.4.2
-
Apple Mac OS X v10.4.9
http://www.apple.com/support/downloads/
Apple Mac OS X Server 10.4.2
-
Apple Mac OS X v10.4.9
http://www.apple.com/support/downloads/
Apple Mac OS X Server 10.4.3
-
Apple Mac OS X v10.4.9
http://www.apple.com/support/downloads/
Apple Mac OS X 10.4.3
-
Apple Mac OS X v10.4.9
http://www.apple.com/support/downloads/
Apple Mac OS X 10.4.4
-
Apple Mac OS X v10.4.9
http://www.apple.com/support/downloads/
Apple Mac OS X Server 10.4.4
-
Apple Mac OS X v10.4.9
http://www.apple.com/support/downloads/
Apple Mac OS X Server 10.4.5
-
Apple Mac OS X v10.4.9
http://www.apple.com/support/downloads/
Apple Mac OS X 10.4.5
-
Apple Mac OS X v10.4.9
http://www.apple.com/support/downloads/
Apple Mac OS X Server 10.4.6
-
Apple Mac OS X v10.4.9
http://www.apple.com/support/downloads/
Apple Mac OS X 10.4.6
-
Apple Mac OS X v10.4.9
http://www.apple.com/support/downloads/
Apple Mac OS X 10.4.7
-
Apple Mac OS X v10.4.9
http://www.apple.com/support/downloads/
Apple Mac OS X Server 10.4.7
-
Apple Mac OS X v10.4.9
http://www.apple.com/support/downloads/
Apple Mac OS X Server 10.4.8
-
Apple Mac OS X v10.4.9
http://www.apple.com/support/downloads/
Apple Mac OS X 10.4.8
-
Apple Mac OS X v10.4.9
http://www.apple.com/support/downloads/
References
Apple Mac OS X Multiple Applications Multiple Vulnerabilities
References:
References: