Apple Mac OS X 2008-004 Multiple Security Vulnerabilities
BID:30018
Info
Apple Mac OS X 2008-004 Multiple Security Vulnerabilities
| Bugtraq ID: | 30018 |
| Class: | Unknown |
| CVE: |
CVE-2008-2308 CVE-2008-2309 CVE-2008-2310 CVE-2008-2314 CVE-2008-2311 CVE-2008-2313 |
| Remote: | Yes |
| Local: | Yes |
| Published: | Jun 30 2008 12:00AM |
| Updated: | Jul 02 2008 08:00PM |
| Credit: | Brian Mastenbrook, Andrew Cassell of Marine Spill Response Corporation, Andrew Mortensen of the University of Michigan and the vendor reported these issues. |
| Vulnerable: |
Apple Mac OS X Server 10.5.3 Apple Mac OS X Server 10.5.2 Apple Mac OS X Server 10.5.1 Apple Mac OS X Server 10.4.11 Apple Mac OS X Server 10.4.10 Apple Mac OS X Server 10.4.9 Apple Mac OS X Server 10.4.8 Apple Mac OS X Server 10.4.7 Apple Mac OS X Server 10.4.6 Apple Mac OS X Server 10.4.5 Apple Mac OS X Server 10.4.4 Apple Mac OS X Server 10.4.3 Apple Mac OS X Server 10.4.2 Apple Mac OS X Server 10.4.1 Apple Mac OS X Server 10.5 Apple Mac OS X 10.5.3 Apple Mac OS X 10.5.2 Apple Mac OS X 10.5.1 Apple Mac OS X 10.4.11 Apple Mac OS X 10.4.10 Apple Mac OS X 10.4.9 Apple Mac OS X 10.4.8 Apple Mac OS X 10.4.7 Apple Mac OS X 10.4.6 Apple Mac OS X 10.4.5 Apple Mac OS X 10.4.4 Apple Mac OS X 10.4.3 Apple Mac OS X 10.4.2 Apple Mac OS X 10.4.1 Apple Mac OS X 10.5 |
| Not Vulnerable: |
Apple Mac OS X Server 10.5.4 Apple Mac OS X 10.5.4 |
Discussion
Apple Mac OS X 2008-004 Multiple Security Vulnerabilities
Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2008-004 and Mac OS X/Mac OS X Server 10.5.4.
Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers.
Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2008-004 and Mac OS X/Mac OS X Server 10.5.4.
Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers.
Exploit / POC
Apple Mac OS X 2008-004 Multiple Security Vulnerabilities
To exploit some of these issues, an attacker must entice a victim into visiting a malicious web page or into opening a malicious file. For other issues, the attacker must send malformed network packets or acquire local access.
To exploit some of these issues, an attacker must entice a victim into visiting a malicious web page or into opening a malicious file. For other issues, the attacker must send malformed network packets or acquire local access.
Solution / Fix
Apple Mac OS X 2008-004 Multiple Security Vulnerabilities
Solution:
A vendor advisory is available to address these issues. Please see the referenced advisory for more information.
Apple Mac OS X 10.5
Apple Mac OS X Server 10.5
Apple Mac OS X Server 10.4.11
Apple Mac OS X Server 10.5.1
Apple Mac OS X 10.5.1
Apple Mac OS X Server 10.5.2
Apple Mac OS X 10.5.2
Apple Mac OS X 10.5.3
Apple Mac OS X Server 10.5.3
Solution:
A vendor advisory is available to address these issues. Please see the referenced advisory for more information.
Apple Mac OS X 10.5
-
Apple MacOSXUpdCombo10.5.4.dmg
http://www.apple.com/support/downloads/
Apple Mac OS X Server 10.5
-
Apple MacOSXServerUpdCombo10.5.4.dmg
http://www.apple.com/support/downloads/
Apple Mac OS X Server 10.4.11
-
Apple SecUpdSrvr2008-004PPC.dmg
http://www.apple.com/support/downloads/ -
Apple SecUpdSrvr2008-004Univ.dmg
http://www.apple.com/support/downloads/
Apple Mac OS X Server 10.5.1
-
Apple MacOSXServerUpdCombo10.5.4.dmg
http://www.apple.com/support/downloads/
Apple Mac OS X 10.5.1
-
Apple MacOSXUpdCombo10.5.4.dmg
http://www.apple.com/support/downloads/
Apple Mac OS X Server 10.5.2
-
Apple MacOSXServerUpdCombo10.5.4.dmg
http://www.apple.com/support/downloads/
Apple Mac OS X 10.5.2
-
Apple MacOSXUpdCombo10.5.4.dmg
http://www.apple.com/support/downloads/
Apple Mac OS X 10.5.3
-
Apple MacOSXUpd10.5.4.dmg
http://www.apple.com/support/downloads/
Apple Mac OS X Server 10.5.3
-
Apple MacOSXServerUpd10.5.4.dmg
http://www.apple.com/support/downloads/
References
Apple Mac OS X 2008-004 Multiple Security Vulnerabilities
References:
References: