RETIRED: Apple Mac OS X 2008-005 Multiple Security Vulnerabilities
BID:30483
Info
RETIRED: Apple Mac OS X 2008-005 Multiple Security Vulnerabilities
| Bugtraq ID: | 30483 |
| Class: | Unknown |
| CVE: |
CVE-2008-2320 CVE-2008-2321 CVE-2008-2322 CVE-2008-2323 CVE-2008-2324 CVE-2008-2325 |
| Remote: | Yes |
| Local: | Yes |
| Published: | Jul 31 2008 12:00AM |
| Updated: | Aug 01 2008 05:57PM |
| Credit: | Thomas Raffetseder, Sergio 'shadown' Alvarez, Michal Zalewski, Pariente Kobi, Anton Rang and Brian Timares |
| Vulnerable: |
Apple Mac OS X Server 10.5.4 Apple Mac OS X Server 10.5.3 Apple Mac OS X Server 10.5.2 Apple Mac OS X Server 10.5.1 Apple Mac OS X Server 10.4.11 Apple Mac OS X Server 10.4.10 Apple Mac OS X Server 10.4.9 Apple Mac OS X Server 10.4.8 Apple Mac OS X Server 10.4.7 Apple Mac OS X Server 10.4.6 Apple Mac OS X Server 10.4.5 Apple Mac OS X Server 10.4.4 Apple Mac OS X Server 10.4.3 Apple Mac OS X Server 10.4.2 Apple Mac OS X Server 10.4.1 Apple Mac OS X Server 10.4 Apple Mac OS X Server 10.5 Apple Mac OS X 10.5.4 Apple Mac OS X 10.5.3 Apple Mac OS X 10.5.2 Apple Mac OS X 10.5.1 Apple Mac OS X 10.4.11 Apple Mac OS X 10.4.10 Apple Mac OS X 10.4.9 Apple Mac OS X 10.4.8 Apple Mac OS X 10.4.7 Apple Mac OS X 10.4.6 Apple Mac OS X 10.4.5 Apple Mac OS X 10.4.4 Apple Mac OS X 10.4.3 Apple Mac OS X 10.4.2 Apple Mac OS X 10.4.1 Apple Mac OS X 10.4 Apple Mac OS X 10.5 |
| Not Vulnerable: | |
Discussion
RETIRED: Apple Mac OS X 2008-005 Multiple Security Vulnerabilities
Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2008-005.
The security update addresses a total of six new vulnerabilities that affect the CarbonCore, CoreGraphics, Data Detectors Engine, Disk Utility, OpenLDAP, and QuickLook components of Mac OS X. The advisory also contains security updates for 11 previously reported issues.
NOTE: This BID is being retired; the following individual records have been created to better document these issues:
30487 Apple Mac OS X CarbonCore Stack Based Buffer Overflow
30488 Apple Mac OS X CoreGraphics Multiple Memory Corruption Vulnerabilities
30489 Apple Mac OS X CoreGraphics Heap Based Buffer Overflow Vulnerability
30490 Apple Mac OS X Data Detectors Engine Denial Of Service Vulnerability
30492 Apple Mac OS X Disk Utility Privilege Escalation Vulnerability
30493 Apple Mac OS X QuickLook Multiple Memory Corruption Vulnerabilities
Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2008-005.
The security update addresses a total of six new vulnerabilities that affect the CarbonCore, CoreGraphics, Data Detectors Engine, Disk Utility, OpenLDAP, and QuickLook components of Mac OS X. The advisory also contains security updates for 11 previously reported issues.
NOTE: This BID is being retired; the following individual records have been created to better document these issues:
30487 Apple Mac OS X CarbonCore Stack Based Buffer Overflow
30488 Apple Mac OS X CoreGraphics Multiple Memory Corruption Vulnerabilities
30489 Apple Mac OS X CoreGraphics Heap Based Buffer Overflow Vulnerability
30490 Apple Mac OS X Data Detectors Engine Denial Of Service Vulnerability
30492 Apple Mac OS X Disk Utility Privilege Escalation Vulnerability
30493 Apple Mac OS X QuickLook Multiple Memory Corruption Vulnerabilities
Exploit / POC
RETIRED: Apple Mac OS X 2008-005 Multiple Security Vulnerabilities
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
RETIRED: Apple Mac OS X 2008-005 Multiple Security Vulnerabilities
Solution:
The vendor has released an advisory and updates to address these issues. Please see the referenced advisory for more information.
Apple Mac OS X 10.5.4
Apple Mac OS X Server 10.5.4
Solution:
The vendor has released an advisory and updates to address these issues. Please see the referenced advisory for more information.
Apple Mac OS X 10.5.4
-
Apple SecUpd2008-005.dmg
For Mac OS X v10.5.4 and Mac OS X Server 10.5.4
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=20388&cat= 1&platform=osx&method=sa/SecUpd2008-005.dmg
Apple Mac OS X Server 10.5.4
-
Apple SecUpd2008-005.dmg
For Mac OS X v10.5.4 and Mac OS X Server 10.5.4
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=20388&cat= 1&platform=osx&method=sa/SecUpd2008-005.dmg
References
RETIRED: Apple Mac OS X 2008-005 Multiple Security Vulnerabilities
References:
References:
- Mac OS X Homepage (Apple)