Apple Mac OS X 2007-005 Multiple Security Vulnerabilities
BID:24144
Info
Apple Mac OS X 2007-005 Multiple Security Vulnerabilities
| Bugtraq ID: | 24144 |
| Class: | Unknown |
| CVE: |
CVE-2007-0752 CVE-2007-2390 CVE-2007-0751 CVE-2007-0750 CVE-2007-0740 |
| Remote: | Yes |
| Local: | Yes |
| Published: | May 24 2007 12:00AM |
| Updated: | Jul 21 2008 06:18PM |
| Credit: | The vendor disclosed some of these issues. An anonymous researcher working with iDefense Labs is credited with the PPP issue (CVE-2007-0752). |
| Vulnerable: |
Cosmicperl Directory Pro 10.0.3 Apple Mac OS X Server 10.4.9 Apple Mac OS X Server 10.4.8 Apple Mac OS X Server 10.4.7 Apple Mac OS X Server 10.4.6 Apple Mac OS X Server 10.4.5 Apple Mac OS X Server 10.4.4 Apple Mac OS X Server 10.4.3 Apple Mac OS X Server 10.4.2 Apple Mac OS X Server 10.4.1 Apple Mac OS X Server 10.4 Apple Mac OS X Server 10.3.9 Apple Mac OS X Server 10.3.8 Apple Mac OS X Server 10.3.7 Apple Mac OS X Server 10.3.6 Apple Mac OS X Server 10.3.5 Apple Mac OS X Server 10.3.4 Apple Mac OS X Server 10.3.3 Apple Mac OS X Server 10.3.2 Apple Mac OS X Server 10.3.1 Apple Mac OS X Server 10.3 Apple Mac OS X Server 10.2.8 Apple Mac OS X Server 10.2.7 Apple Mac OS X Server 10.2.6 Apple Mac OS X Server 10.2.5 Apple Mac OS X Server 10.2.4 Apple Mac OS X Server 10.2.3 Apple Mac OS X Server 10.2.2 Apple Mac OS X Server 10.2.1 Apple Mac OS X Server 10.2 Apple Mac OS X Server 10.1.5 Apple Mac OS X Server 10.1.4 Apple Mac OS X Server 10.1.3 Apple Mac OS X Server 10.1.2 Apple Mac OS X Server 10.1.1 Apple Mac OS X Server 10.1 Apple Mac OS X Server 10.0 Apple Mac OS X Preview.app 3.0.8 Apple Mac OS X 10.4.9 Apple Mac OS X 10.4.8 Apple Mac OS X 10.4.7 Apple Mac OS X 10.4.6 Apple Mac OS X 10.4.5 Apple Mac OS X 10.4.4 Apple Mac OS X 10.4.3 Apple Mac OS X 10.4.2 Apple Mac OS X 10.4.1 Apple Mac OS X 10.4 Apple Mac OS X 10.3.9 Apple Mac OS X 10.3.8 Apple Mac OS X 10.3.7 Apple Mac OS X 10.3.6 Apple Mac OS X 10.3.5 Apple Mac OS X 10.3.4 Apple Mac OS X 10.3.3 Apple Mac OS X 10.3.2 Apple Mac OS X 10.3.1 Apple Mac OS X 10.3 Apple Mac OS X 10.2.8 Apple Mac OS X 10.2.7 Apple Mac OS X 10.2.6 Apple Mac OS X 10.2.5 Apple Mac OS X 10.2.4 Apple Mac OS X 10.2.3 Apple Mac OS X 10.2.2 Apple Mac OS X 10.2.1 Apple Mac OS X 10.2 Apple Mac OS X 10.1.5 Apple Mac OS X 10.1.4 Apple Mac OS X 10.1.3 Apple Mac OS X 10.1.2 Apple Mac OS X 10.1.1 Apple Mac OS X 10.1 Apple Mac OS X 10.1 Apple Mac OS X 10.0.4 Apple Mac OS X 10.0.3 Apple Mac OS X 10.0.2 Apple Mac OS X 10.0.1 Apple Mac OS X 10.0 3 Apple Mac OS X 10.0 |
| Not Vulnerable: | |
Discussion
Apple Mac OS X 2007-005 Multiple Security Vulnerabilities
Apple Mac OS X is prone to multiple security vulnerabilities.
These issues affect Mac OS X and various applications, including Alias Manager, CoreGraphics, crontabs, iChat, and PPP.
Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers. Both local and remote vulnerabilities are present.
Apple Mac OS X 10.4.9 and prior versions are vulnerable to these issues.
Apple Mac OS X is prone to multiple security vulnerabilities.
These issues affect Mac OS X and various applications, including Alias Manager, CoreGraphics, crontabs, iChat, and PPP.
Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers. Both local and remote vulnerabilities are present.
Apple Mac OS X 10.4.9 and prior versions are vulnerable to these issues.
Exploit / POC
Apple Mac OS X 2007-005 Multiple Security Vulnerabilities
Some of these issues may not require specific exploit code.
Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product for the pppd issue. This exploit is not otherwise publicly available or known to be circulating in the wild.
Exploit code for the pppd issue is available.
Some of these issues may not require specific exploit code.
Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product for the pppd issue. This exploit is not otherwise publicly available or known to be circulating in the wild.
Exploit code for the pppd issue is available.
Solution / Fix
Apple Mac OS X 2007-005 Multiple Security Vulnerabilities
Solution:
The vendor has released a security advisory to address these issues. Please see the referenced advisory for details.
Apple Mac OS X Server 10.3.9
Apple Mac OS X 10.3.9
Apple Mac OS X Server 10.4.9
Apple Mac OS X 10.4.9
Solution:
The vendor has released a security advisory to address these issues. Please see the referenced advisory for details.
Apple Mac OS X Server 10.3.9
-
Apple SecUpdSrvr2007-005Pan.dmg
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=13993&cat= 1&platform=osx&method=sa/SecUpdSrvr2007-005Pan.dmg
Apple Mac OS X 10.3.9
-
Apple SecUpd2007-005Pan.dmg
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=13992&cat= 1&platform=osx&method=sa/SecUpd2007-005Pan.dmg
Apple Mac OS X Server 10.4.9
-
Apple SecUpd2007-005Ti.dmg
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=13995&cat= 1&platform=osx&method=sa/SecUpd2007-005Ti.dmg -
Apple SecUpd2007-005Univ.dmg
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=13998&cat= 1&platform=osx&method=sa/SecUpd2007-005Univ.dmg
Apple Mac OS X 10.4.9
References
Apple Mac OS X 2007-005 Multiple Security Vulnerabilities
References:
References:
- Apple Security Update 2007-005 (Apple)
- Mac OS X Homepage (Apple)
- VU#116100: Apple Mac OS X iChat UPnP buffer overflow (US-CERT)
- iDefense Security Advisory 05.24.07: Apple Computer Mac OS X pppd Plugin Loading (iDefense Labs)
- Apple Computer Mac OS X pppd Plugin Loading Privilege Escalation Vulnerability (iDefense Labs)