VARIoT IoT vulnerabilities database
| VAR-200809-0162 | CVE-2008-4193 | SecurityGateway 'SecurityGateway.dll' Remote Buffer Overflow Vulnerability |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Stack-based buffer overflow in SecurityGateway.dll in Alt-N Technologies SecurityGateway 1.0.1 allows remote attackers to execute arbitrary code via a long username parameter. SecurityGateway is prone to a buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized buffer. Failed exploit attempts will result in a denial-of-service condition.
SecurityGateway 1.0.1 is vulnerable; other versions may also be affected. ----------------------------------------------------------------------
Want a new job?
http://secunia.com/secunia_security_specialist/
http://secunia.com/hardcore_disassembler_and_reverse_engineer/
----------------------------------------------------------------------
TITLE:
Alt-N SecurityGateway "username" Buffer Overflow Vulnerability
SECUNIA ADVISORY ID:
SA30497
VERIFY ADVISORY:
http://secunia.com/advisories/30497/
CRITICAL:
Highly critical
IMPACT:
DoS, System access
WHERE:
>From remote
SOFTWARE:
Alt-N SecurityGateway 1.x
http://secunia.com/product/18916/
DESCRIPTION:
securfrog has discovered a vulnerability in Alt-N SecurityGateway,
which can be exploited by malicious people to compromise a vulnerable
system.
The vulnerability is caused due to a boundary error in the processing
of HTTP requests sent to the administrative web interface.
Successful exploitation allows execution of arbitrary code.
The vulnerability is confirmed in version 1.0.1.
SOLUTION:
Restrict network access to the administrative web interface.
PROVIDED AND/OR DISCOVERED BY:
securfrog
ORIGINAL ADVISORY:
http://milw0rm.com/exploits/5718
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200806-0058 | CVE-2008-2540 | Apple Safari In Vulnerabilities that do not warn before downloading |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt the user before downloading an object that has an unrecognized content type, which allows remote attackers to place malware into the (1) Desktop directory on Windows or (2) Downloads directory on Mac OS X, and subsequently allows remote attackers to execute arbitrary code on Windows by leveraging an untrusted search path vulnerability in (a) Internet Explorer 7 on Windows XP or (b) the SearchPath function in Windows XP, Vista, and Server 2003 and 2008, aka a "Carpet Bomb" and a "Blended Threat Elevation of Privilege Vulnerability," a different issue than CVE-2008-1032. NOTE: Apple considers this a vulnerability only because the Microsoft products can load application libraries from the desktop and, as of 20080619, has not covered the issue in an advisory for Mac OS X. A vulnerability in Apple Safari on the Microsoft Windows operating system stems from a combination of security issues in Safari and all versions of Windows XP and Vista that will allow executables to be downloaded to a user's computer and run without prompting.
A vulnerability in Safari, known as the 'carpet-bombing' issue reported by Nitesh Dhanjani, allows an attacker to silently place malicious DLL files on a victim's computer. A problem in Internet Explorer, reported in December of 2006 by Aviv Raff, can then be used to run those malicious DLLs.
An attacker can exploit this issue by tricking a victim into visiting a malicious page with Safari; the malicious files will run when the victim starts Internet Explorer.
Successful exploitation allows execution of arbitrary code when a
user visits a malicious web site.
SOLUTION:
Set the download location in Safari to a location other than
"Desktop".
ORIGINAL ADVISORY:
http://www.microsoft.com/technet/security/advisory/953818.mspx
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
National Cyber Alert System
Technical Cyber Security Alert TA09-104A
Microsoft Updates for Multiple Vulnerabilities
Original release date: April 14, 2009
Last revised: --
Source: US-CERT
Systems Affected
* Microsoft Windows
* Microsoft Office
* Microsoft Windows Server
* Microsoft ISA Server
Overview
Microsoft has released updates that address vulnerabilities in
Microsoft Windows, Office, Windows Server, and ISA Server.
I. Description
As part of the Microsoft Security Bulletin Summary for April 2009,
Microsoft released updates to address vulnerabilities that affect
Microsoft Windows, Office, Windows Server, and ISA Server.
II. Impact
A remote, unauthenticated attacker could execute arbitrary code,
gain elevated privileges, or cause a vulnerable application to
crash.
III. Solution
Microsoft has provided updates for these vulnerabilities in the
Microsoft Security Bulletin Summary for April 2009. The security
bulletin describes any known issues related to the updates.
Administrators are encouraged to note these issues and test for any
potentially adverse effects. Administrators should consider using
an automated update distribution system such as Windows Server
Update Services (WSUS).
IV. References
* Microsoft Security Bulletin Summary for April 2009 -
<http://www.microsoft.com/technet/security/bulletin/ms09-apr.mspx>
* Microsoft Windows Server Update Services -
<http://technet.microsoft.com/en-us/wsus/default.aspx>
____________________________________________________________________
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA09-104A.html>
____________________________________________________________________
Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "TA09-104A Feedback VU#999892" in
the subject.
____________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________
Produced 2009 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
April 14, 2009: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBSeTi+XIHljM+H4irAQIIWQf/TWAkmQKay9j5fDLBcyMGJ3icTpG05Zp2
rM8UXMjKohKcDBhY1K9mxKxif5L81+y87PlBz/WTl3icn+57wAGMl/pAAeTz3Hp3
T98eKMXfzvVU57WDGGxy+4Ad57DIIF5hRkiGusDjnNJfd5kdH7q+8rPjPCUvtYAu
H+0auzCpmob7NsIv/YuRXIHekkLiX5GPanhecy+mve1cvbSpXGKF9vf7LEGaFEsT
1XOtTeY0r4TjZEk/c5ahKqGehJINujvv4eVdiajqDOCVecaALi+p+XwMSLtlJvgK
Vaa/ioPIFq8nNUz7eefVSadsary2RfmKegDwmg8FZX/UOso+tQ21KQ==
=q59/
-----END PGP SIGNATURE-----
| VAR-200805-0186 | CVE-2008-2054 | CiscoWorks Common Services Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Unspecified vulnerability in Cisco CiscoWorks Common Services 3.0.3 through 3.1.1 allows remote attackers to execute arbitrary code on a client machine via unknown vectors. Failed exploit attempts will likely result in denial-of-service conditions.
The vulnerability is documented in Cisco Bug ID CSCsm77245.
No further technical details are currently available. We will update this BID as more information emerges.
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20080528-cw.shtml.
Affected Products
=================
Vulnerable Products
+------------------
CiscoWorks Common Services versions 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.1,
and 3.1.1 are vulnerable.
+---------------------------------------+
| | Product | Common |
| Product | Version | Services |
| | | Version |
|-----------------+----------+----------|
| Cisco Unified | | |
| Operations | 1.1 | 3.0.3 |
| Manager (CUOM) | | |
|-----------------+----------+----------|
| Cisco Unified | | |
| Operations | 2.0 | 3.0.3 |
| Manager (CUOM) | | |
|-----------------+----------+----------|
| Cisco Unified | | |
| Operations | 2.0.1 | 3.0.5 |
| Manager (CUOM) | | |
|-----------------+----------+----------|
| Cisco Unified | | |
| Operations | 2.0.2 | 3.0.5 |
| Manager (CUOM) | | |
|-----------------+----------+----------|
| Cisco Unified | | |
| Operations | 2.0.3 | 3.0.5 |
| Manager (CUOM) | | |
|-----------------+----------+----------|
| Cisco Unified | | |
| Service Monitor | 1.1 | 3.0.3 |
| (CUSM) | | |
|-----------------+----------+----------|
| Cisco Unified | | |
| Service Monitor | 2.0 | 3.0.4 |
| (CUSM) | | |
|-----------------+----------+----------|
| Cisco Unified | | |
| Service Monitor | 2.0.1 | 3.0.5 |
| (CUSM) | | |
|-----------------+----------+----------|
| CiscoWorks QoS | 4.0, | |
| Policy Manager | 4.0.1, | 3.0.5 |
| (QPM) | and | |
| | 4.0.2 | |
|-----------------+----------+----------|
| CiscoWorks LAN | 2.5, | |
| Management | 2.5.1, | 3.0.3 |
| Solution (LMS) | 2.6 | |
|-----------------+----------+----------|
| CiscoWorks LAN | 2.6 | |
| Management | Update | 3.0.5 |
| Solution (LMS) | | |
|-----------------+----------+----------|
| CiscoWorks LAN | | |
| Management | 3.0 | 3.1 |
| Solution (LMS) | | |
|-----------------+----------+----------|
| CiscoWorks LAN | 3.0 | |
| Management | December | 3.1.1 |
| Solution (LMS) | 2007 | |
| | Update | |
|-----------------+----------+----------|
| Cisco Security | 3.0 | 3.0.3 |
| Manager (CSM) | | |
|-----------------+----------+----------|
| Cisco Security | 3.0.1 | 3.0.4 |
| Manager (CSM) | | |
|-----------------+----------+----------|
| Cisco Security | 3.0.2 | 3.0.5 |
| Manager (CSM) | | |
|-----------------+----------+----------|
| Cisco Security | 3.1 and | 3.0.5 |
| Manager (CSM) | 3.1.1 | |
|-----------------+----------+----------|
| Cisco Security | 3.2 | 3.1 |
| Manager (CSM) | | |
|-----------------+----------+----------|
| Cisco | | |
| TelePresence | | |
| Readiness | 1.0 | 3.0.5 |
| Assessment | | |
| Manager (CTRAM) | | |
+---------------------------------------+
Note: CiscoWorks Voice Manager (CVM) and Cisco Unified Intelligent
Contact Management (ICM) could be vulnerable if their underlying
Common Services versions were upgraded.
Products Confirmed Not Vulnerable
+--------------------------------
Products that use CiscoWorks Common Services version 3.2 and later or
Common Management Framework (CMF) version 2.2 are not vulnerable.
The following CiscoWorks products are also not affected by this
vulnerability:
+---------------------------------------+
| | Product | Common |
| Product | Version | Services |
| | | Version |
|------------------+---------+----------|
| CiscoWorks IP | | |
| Communications | 1.0 | 3.0 SP1 |
| Manager | | |
|------------------+---------+----------|
| CiscoWorks IP | | |
| Communications | 1.0 | 3.0 SP1 |
| Service Monitor | | |
+---------------------------------------+
Note: CiscoWorks Voice Manager (CVM) and Cisco Unified Intelligent
Contact Management (ICM) could be vulnerable if their underlying
Common Services versions were upgraded. CiscoWorks is a
family of products based on Internet standards for managing networks
and devices. The CVSS
scoring in this Security Advisory is done in accordance with CVSS
version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability
severity and helps determine urgency and priority of response.
Cisco has provided a base and temporal score. Customers can then
compute environmental scores to assist in determining the impact of
the vulnerability in individual networks.
Cisco has provided an FAQ to answer additional questions regarding
CVSS at:
http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html
Cisco has also provided a CVSS calculator to help compute the
environmental impact for individual networks at:
http://intellishield.cisco.com/security/alertmanager/cvss
* CSCsm77245 - CiscoWorks URL Misbehavior
CVSS Base Score - 9.3
Access Vector - Network
Access Complexity - Medium
Authentication - None
Confidentiality Impact - Complete
Integrity Impact - Complete
Availability Impact - Complete
CVSS Temporal Score - 7.7
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
Impact
======
Successful exploitation of this vulnerability could allow a remote
attacker to execute arbitrary code on the user client machine.
Software Versions and Fixes
===========================
Cisco has released free software updates that address these
vulnerabilities. Prior to deploying software, customers should
consult their maintenance provider or check the software for feature
set compatibility and known issues specific to their environment.
This vulnerability has been corrected in CiscoWorks Common Services
version 3.2 and in the following software patches:
cwcs3.x-sol-CSCsm77245-0.tar.gz - for Solaris versions
cwcs3.x-win-CSCsm77245-0.zip - for Windows versions
The CiscoWorks Common Services patches can be downloaded from:
http://www.cisco.com/pcgi-bin/tablebuild.pl/cw2000-cd-one
When considering software upgrades, also consult
http://www.cisco.com/go/psirt and any subsequent advisories to
determine exposure and a complete upgrade solution.
In all cases, customers should exercise caution to be certain the
devices to be upgraded contain sufficient memory and that current
hardware and software configurations will continue to be supported
properly by the new release. If the information is not clear, contact
the Cisco Technical Assistance Center (TAC) or your contracted
maintenance provider for assistance.
Workarounds
===========
Filters such as Transit ACLs (tACLs) can be used to allow access to
the Administration Workstation from only trusted hosts.
Filters that deny HTTP packets using HTTPS packets using TCP port 443
and TCP port 1741 should be deployed throughout the network as part
of a tACL policy to protect the network from traffic that enters the
network at ingress access points. This policy should be configured to
protect the network device where the filter is applied and other
devices that are behind it. Filters for HTTPS packets that use TCP
port 443 and TCP port 1741 should also be deployed in front of
vulnerable network devices so only traffic from trusted clients is
allowed.
Note: Additional information about tACLs is available in "Transit
Access Control Lists: Filtering at Your Edge":
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_white_paper09186a00801afc76.shtml
For additional information on XSS attacks and the methods used to
exploit these vulnerabilities, please refer to the Cisco Applied
Intelligence Response "Understanding Cross-Site Scripting (XSS)
Threat Vectors", available at:
http://www.cisco.com/warp/public/707/cisco-amb-20060922-understanding-xss.shtml
Obtaining Fixed Software
========================
Customers may only install and expect support for the feature sets
they have purchased. By installing, downloading, accessing or
otherwise using such software upgrades, customers agree to be bound
by the terms of Cisco's software license terms found at
http://www.cisco.com/en/US/products/prod_warranties_item09186a008088e31f.html,
or as otherwise set forth at Cisco.com Downloads at
http://www.cisco.com/public/sw-center/sw-usingswc.shtml.
Do not contact psirt@cisco.com or security-alert@cisco.com for
software upgrades.
Customers with Service Contracts
+-------------------------------
Customers with contracts should obtain upgraded software through
their regular update channels. For most customers, this means that
upgrades should be obtained through the Software Center on Cisco's
worldwide website at http://www.cisco.com.
Customers using Third Party Support Organizations
+------------------------------------------------
Customers whose Cisco products are provided or maintained through
prior or existing agreements with third-party support organizations,
such as Cisco Partners, authorized resellers, or service providers
should contact that support organization for guidance and assistance
with the appropriate course of action in regards to this advisory.
The effectiveness of any workaround or fix is dependent on specific
customer situations, such as product mix, network topology, traffic
behavior, and organizational mission. Due to the variety of affected
products and releases, customers should consult with their service
provider or support organization to ensure any applied workaround or
fix is the most appropriate for use in the intended network before it
is deployed.
Customers without Service Contracts
+----------------------------------
Customers who purchase direct from Cisco but do not hold a Cisco
service contract, and customers who purchase through third-party
vendors but are unsuccessful in obtaining fixed software through
their point of sale should acquire upgrades by contacting the Cisco
Technical Assistance Center (TAC). TAC contacts are as follows.
* +1 800 553 2447 (toll free from within North America)
* +1 408 526 7209 (toll call from anywhere in the world)
* e-mail: tac@cisco.com
Customers should have their product serial number available and be
prepared to give the URL of this notice as evidence of entitlement to
a free upgrade. Free upgrades for non-contract customers must be
requested through the TAC.
Refer to http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml
for additional TAC contact information, including localized telephone
numbers, and instructions and e-mail addresses for use in various
languages.
Exploitation and Public Announcements
=====================================
The Cisco PSIRT team is not aware of any public announcements or
malicious use of the vulnerability described in this advisory.
Cisco PSIRT greatly appreciates the opportunity to work with
researchers on security vulnerabilities, and we welcome the
opportunity to review and assist in product reports.
Status of this Notice: FINAL
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY
KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE
INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS
AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS
DOCUMENT AT ANY TIME.
A stand-alone copy or Paraphrase of the text of this document that
omits the distribution URL in the following section is an
uncontrolled copy, and may lack important information or contain
factual errors.
Distribution
============
This advisory is posted on Cisco's worldwide website at:
http://www.cisco.com/warp/public/707/cisco-sa-20080528-cw.shtml
In addition to worldwide web posting, a text version of this notice
is clear-signed with the Cisco PSIRT PGP key and is posted to the
following e-mail and Usenet news recipients.
* cust-security-announce@cisco.com
* first-teams@first.org
* bugtraq@securityfocus.com
* vulnwatch@vulnwatch.org
* cisco@spot.colorado.edu
* cisco-nsp@puck.nether.net
* full-disclosure@lists.grok.org.uk
* comp.dcom.sys.cisco@newsgate.cisco.com
Future updates of this advisory, if any, will be placed on Cisco's
worldwide website, but may or may not be actively announced on
mailing lists or newsgroups. Users concerned about this problem are
encouraged to check the above URL for any updates.
Revision History
================
+---------------------------------------+
| Revision | | Initial |
| 1.0 | 2008-May-28 | public |
| | | release |
+---------------------------------------+
Cisco Security Procedures
=========================
Complete information on reporting security vulnerabilities in Cisco
products, obtaining assistance with security incidents, and
registering to receive security information from Cisco, is available
on Cisco's worldwide website at http://www.cisco.com/en/US/products/
products_security_vulnerability_policy.html. This includes
instructions for press inquiries regarding Cisco security notices.
All Cisco security advisories are available at http://www.cisco.com/
go/psirt.
-----BEGIN PGP SIGNATURE-----
iD8DBQFIPXfg86n/Gc8U/uARAixwAJ9TWDByyM82Z1CP3+PST5nyEWif1wCePmhh
VaI8iTxea7p+Zh3imAkhDgs=
=kqQb
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
Secunia Network Software Inspector 2.0 (NSI) - Public Beta
The Public Beta has ended. Thanks to all that participated.
http://www.cisco.com/pcgi-bin/tablebuild.pl/cw2000-cd-one
Solaris:
Apply cwcs3.x-sol-CSCsm77245-0.tar.gz
Windows:
Apply cwcs3.x-win-CSCsm77245-0.zip
PROVIDED AND/OR DISCOVERED BY:
Dave Lewis, Liquidmatrix.org
ORIGINAL ADVISORY:
Cisco:
http://www.cisco.com/warp/public/707/cisco-sa-20080528-cw.shtml
Liquidmatrix.org:
http://www.liquidmatrix.org/blog/2008/05/28/advisory-ciscoworks-arbitrary-code-execution-vulnerability/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor
| VAR-200805-0594 | CVE-2008-1034 | Apple Help Viewer vulnerable to buffer overflow |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Integer underflow in Help Viewer in Apple Mac OS X before 10.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted help:topic URL that triggers a buffer overflow.
Attackers can leverage this issue to execute arbitrary code with the privileges of the affected application. Successful exploits will compromise the application and possibly the underlying computer. Failed attacks will likely cause denial-of-service conditions.
NOTE: This issue was previously covered in BID 29412 (Apple Mac OS X 2008-003 Multiple Security Vulnerabilities) but has been given its own record to better document the vulnerability.
The security update addresses a total of 19 new vulnerabilities that affect the AFP Server, AppKit, Apple Pixlet Video, ATS, CFNetwork, CoreFoundation, CoreGraphics, CoreTypes, CUPS, Help Viewer, iCal, International Components for Unicode, Image Capture, ImageIO, Kernel, Mail, Single Sign-On, and Wiki Server components of Mac OS X.
I. Further
details are available in the US-CERT Vulnerability Notes Database.
II.
III. These and other updates are available via Software Update or
via Apple Downloads.
IV. Please send
email to <cert@cert.org> with "TA08-150A Feedback VU#566875" in the
subject.
_________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
_________________________________________________________________
Produced 2008 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
May 29 2008: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBSD8M8XIHljM+H4irAQL8gggAhPXOm6pPXxrZpjiJYHmlhwCCIclyj9vo
Yvs/cicI8vJ3vB4xkUd51/iFoze6D3mFnSxwVAgrixysdkaCxBUyWqmRumEDTXfx
403FR2yIFpSFr7+9VXXWpmq6E0aHVjrKPOArq5uysuIPOHiEbKUisT2gBXUlPrtN
RjUg/w/9/IEryPxv/nVzHMcLDde2OLyoo+tiSCOqJK/sC/VUM/d1zkdIDOfu0zom
vmqM10hDyA7VR2rgkKvSbqXOWHua0t4eHaNMP0h3N51yLmFhMHxBGj9zWXj9dpHI
DcQ9gnQKm7YocOfLC4IPV0BWuPoAkNOEAPeRapPgmJ60icjOpn/MTQ==
=QvSr
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
Secunia Network Software Inspector 2.0 (NSI) - Public Beta
The Public Beta has ended. Thanks to all that participated.
1) An error in AFP server allows connected users or guests to access
files and directories that are not within a shared directory.
2) Some vulnerabilities in Apache can be exploited by malicious
people to conduct cross-site scripting attacks or to cause a DoS
(Denial of Service). TextEdit).
4) Multiple unspecified errors exist in the processing of Pixlet
video files.
5) An unspecified error exists in Apple Type Services when processing
embedded fonts in PDF files. This can be exploited to cause a memory
corruption when a PDF file containing a specially crafted embedded
font is printed.
Successful exploitation may allow execution of arbitrary code.
6) An error in Safari's SSL client certificate handling can lead to
an information disclosure of the first client certificate found in
the keychain when a web server issues a client certificate request.
7) An integer overflow exists in CoreFoundation when handling CFData
objects. This can be exploited to cause a heap-based buffer overflow
if an application calls "CFDataReplaceBytes" with an invalid "length"
argument.
8) An error due to an uninitialised variable in CoreGraphics can
potentially be exploited to execute arbitrary code when a specially
crafted PDF is opened.
9) A weakness is caused due to users not being warned before opening
certain potentially unsafe content types.
10) An error when printing to password-protected printers with debug
logging enabled may lead to the disclosure of sensitive information.
11) Some vulnerabilities in Adobe Flash Player can be exploited by
malicious people to bypass certain security restrictions, conduct
cross-site scripting attacks, or to potentially compromise a user's
system.
Successful exploitation may allow execution of arbitrary code.
13) A conversion error exists in ICU when handling certain character
encodings. This can potentially be exploited bypass content filters
and may lead to cross-site scripting and disclosure of sensitive
information.
14) Input passed to unspecified parameters in Image Capture's
embedded web server is not properly sanitised before being used. This
can be exploited to disclose the content of local files via directory
traversal attacks.
15) An error in the handling of temporary files in Image Capture can
be exploited by malicious, local users to manipulate files with the
privilege of a user running Image Capture.
16) A boundary error in the BMP and GIF image decoding engine in
ImageIO can be exploited to disclose content in memory.
17) Some vulnerabilities in ImageIO can be exploited by malicious
people to cause a DoS (Denial of Service).
The vulnerabilities are caused due to the use of vulnerable libpng
code.
For more information:
SA27093
SA27130
18) An integer overflow error in ImageIO within the processing of
JPEG2000 images can be exploited to cause a heap-based buffer
overflow when a specially crafted JPEG2000 image is viewed.
Successful exploitation of this vulnerability may allow execution of
arbitrary code.
19) An error in Mail is caused due to an uninitialised variable and
can lead to disclosure of sensitive information and potentially
execution of arbitrary code when mail is sent through an SMTP server
over IPv6.
20) A vulnerability in Mongrel can be exploited by malicious people
to disclose sensitive information.
For more information:
SA28323
21) The sso_util command-line tool requires that passwords be passed
to it in its arguments, which can be exploited by malicious, local
users to disclose the passwords.
22) An error in Wiki Server can be exploited to determine valid local
user names when nonexistent blogs are accessed.
ORIGINAL ADVISORY:
http://support.apple.com/kb/HT1897
OTHER REFERENCES:
SA18008:
http://secunia.com/advisories/18008/
SA18307:
http://secunia.com/advisories/18307/
SA26273:
http://secunia.com/advisories/26273/
SA26636:
http://secunia.com/advisories/26636/
SA27093:
http://secunia.com/advisories/27093/
SA27130:
http://secunia.com/advisories/27130/
SA28081:
http://secunia.com/advisories/28081/
SA28083:
http://secunia.com/advisories/28083/
SA28323:
http://secunia.com/advisories/28323/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200805-0595 | CVE-2008-1028 | Apple Mac OS X of AppKit Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Unspecified vulnerability in AppKit in Apple Mac OS X before 10.5 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document file, as demonstrated by opening the document with TextEdit.
The security update addresses a total of 19 new vulnerabilities that affect the AFP Server, AppKit, Apple Pixlet Video, ATS, CFNetwork, CoreFoundation, CoreGraphics, CoreTypes, CUPS, Help Viewer, iCal, International Components for Unicode, Image Capture, ImageIO, Kernel, Mail, Single Sign-On, and Wiki Server components of Mac OS X. Apple Mac OS X is prone to a remote code-execution vulnerability that occurs in AppKit.
An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the affected application.
This issue affects Mac OS X 10.4.11 and Mac OS X Server 10.4.11.
I. Further
details are available in the US-CERT Vulnerability Notes Database.
II.
III. These and other updates are available via Software Update or
via Apple Downloads.
IV. Please send
email to <cert@cert.org> with "TA08-150A Feedback VU#566875" in the
subject.
_________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
_________________________________________________________________
Produced 2008 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
May 29 2008: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBSD8M8XIHljM+H4irAQL8gggAhPXOm6pPXxrZpjiJYHmlhwCCIclyj9vo
Yvs/cicI8vJ3vB4xkUd51/iFoze6D3mFnSxwVAgrixysdkaCxBUyWqmRumEDTXfx
403FR2yIFpSFr7+9VXXWpmq6E0aHVjrKPOArq5uysuIPOHiEbKUisT2gBXUlPrtN
RjUg/w/9/IEryPxv/nVzHMcLDde2OLyoo+tiSCOqJK/sC/VUM/d1zkdIDOfu0zom
vmqM10hDyA7VR2rgkKvSbqXOWHua0t4eHaNMP0h3N51yLmFhMHxBGj9zWXj9dpHI
DcQ9gnQKm7YocOfLC4IPV0BWuPoAkNOEAPeRapPgmJ60icjOpn/MTQ==
=QvSr
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
Secunia Network Software Inspector 2.0 (NSI) - Public Beta
The Public Beta has ended. Thanks to all that participated.
1) An error in AFP server allows connected users or guests to access
files and directories that are not within a shared directory.
2) Some vulnerabilities in Apache can be exploited by malicious
people to conduct cross-site scripting attacks or to cause a DoS
(Denial of Service). TextEdit).
4) Multiple unspecified errors exist in the processing of Pixlet
video files. These can be exploited to cause memory corruption and
potentially allow for execution of arbitrary code when a user opens a
specially crafted movie file.
5) An unspecified error exists in Apple Type Services when processing
embedded fonts in PDF files. This can be exploited to cause a memory
corruption when a PDF file containing a specially crafted embedded
font is printed.
Successful exploitation may allow execution of arbitrary code.
6) An error in Safari's SSL client certificate handling can lead to
an information disclosure of the first client certificate found in
the keychain when a web server issues a client certificate request.
7) An integer overflow exists in CoreFoundation when handling CFData
objects. This can be exploited to cause a heap-based buffer overflow
if an application calls "CFDataReplaceBytes" with an invalid "length"
argument.
8) An error due to an uninitialised variable in CoreGraphics can
potentially be exploited to execute arbitrary code when a specially
crafted PDF is opened.
9) A weakness is caused due to users not being warned before opening
certain potentially unsafe content types.
10) An error when printing to password-protected printers with debug
logging enabled may lead to the disclosure of sensitive information.
11) Some vulnerabilities in Adobe Flash Player can be exploited by
malicious people to bypass certain security restrictions, conduct
cross-site scripting attacks, or to potentially compromise a user's
system.
For more information:
SA28083
12) An integer underflow error in Help Viewer when handling
help:topic URLs can be exploited to cause a buffer overflow when a
specially crafted help:topic URL is accessed.
Successful exploitation may allow execution of arbitrary code.
13) A conversion error exists in ICU when handling certain character
encodings. This can potentially be exploited bypass content filters
and may lead to cross-site scripting and disclosure of sensitive
information.
14) Input passed to unspecified parameters in Image Capture's
embedded web server is not properly sanitised before being used. This
can be exploited to disclose the content of local files via directory
traversal attacks.
15) An error in the handling of temporary files in Image Capture can
be exploited by malicious, local users to manipulate files with the
privilege of a user running Image Capture.
16) A boundary error in the BMP and GIF image decoding engine in
ImageIO can be exploited to disclose content in memory.
17) Some vulnerabilities in ImageIO can be exploited by malicious
people to cause a DoS (Denial of Service).
The vulnerabilities are caused due to the use of vulnerable libpng
code.
For more information:
SA27093
SA27130
18) An integer overflow error in ImageIO within the processing of
JPEG2000 images can be exploited to cause a heap-based buffer
overflow when a specially crafted JPEG2000 image is viewed.
Successful exploitation of this vulnerability may allow execution of
arbitrary code.
19) An error in Mail is caused due to an uninitialised variable and
can lead to disclosure of sensitive information and potentially
execution of arbitrary code when mail is sent through an SMTP server
over IPv6.
20) A vulnerability in Mongrel can be exploited by malicious people
to disclose sensitive information.
For more information:
SA28323
21) The sso_util command-line tool requires that passwords be passed
to it in its arguments, which can be exploited by malicious, local
users to disclose the passwords.
22) An error in Wiki Server can be exploited to determine valid local
user names when nonexistent blogs are accessed.
ORIGINAL ADVISORY:
http://support.apple.com/kb/HT1897
OTHER REFERENCES:
SA18008:
http://secunia.com/advisories/18008/
SA18307:
http://secunia.com/advisories/18307/
SA26273:
http://secunia.com/advisories/26273/
SA26636:
http://secunia.com/advisories/26636/
SA27093:
http://secunia.com/advisories/27093/
SA27130:
http://secunia.com/advisories/27130/
SA28081:
http://secunia.com/advisories/28081/
SA28083:
http://secunia.com/advisories/28083/
SA28323:
http://secunia.com/advisories/28323/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200805-0589 | CVE-2008-1033 | Apple Mac OS X of CUPS Information disclosure vulnerability |
CVSS V2: 2.1 CVSS V3: - Severity: LOW |
The scheduler in CUPS in Apple Mac OS X 10.5 before 10.5.3, when debug logging is enabled and a printer requires a password, allows attackers to obtain sensitive information (credentials) by reading the log data, related to "authentication environment variables.". ( Authentication information ) There is a vulnerability that gets acquired.Authentication information may be obtained by reading log data.
The security update addresses a total of 19 new vulnerabilities that affect the AFP Server, AppKit, Apple Pixlet Video, ATS, CFNetwork, CoreFoundation, CoreGraphics, CoreTypes, CUPS, Help Viewer, iCal, International Components for Unicode, Image Capture, ImageIO, Kernel, Mail, Single Sign-On, and Wiki Server components of Mac OS X. This issue may be triggered when printing to a password-protected printer while debug logging is enabled.
Attackers can exploit this issue to harvest sensitive information that can aid in further attacks.
This issue affects Mac OS X 10.5 - 10.5.2 and Mac OS X Server 10.5 - 10.5.2.
NOTE: This issue was previously covered in BID 29412 (Apple Mac OS X 2008-003 Multiple Security Vulnerabilities) but has been given its own record to better document the vulnerability.
I. Further
details are available in the US-CERT Vulnerability Notes Database.
II.
III. These and other updates are available via Software Update or
via Apple Downloads.
IV. Please send
email to <cert@cert.org> with "TA08-150A Feedback VU#566875" in the
subject.
_________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
_________________________________________________________________
Produced 2008 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
May 29 2008: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBSD8M8XIHljM+H4irAQL8gggAhPXOm6pPXxrZpjiJYHmlhwCCIclyj9vo
Yvs/cicI8vJ3vB4xkUd51/iFoze6D3mFnSxwVAgrixysdkaCxBUyWqmRumEDTXfx
403FR2yIFpSFr7+9VXXWpmq6E0aHVjrKPOArq5uysuIPOHiEbKUisT2gBXUlPrtN
RjUg/w/9/IEryPxv/nVzHMcLDde2OLyoo+tiSCOqJK/sC/VUM/d1zkdIDOfu0zom
vmqM10hDyA7VR2rgkKvSbqXOWHua0t4eHaNMP0h3N51yLmFhMHxBGj9zWXj9dpHI
DcQ9gnQKm7YocOfLC4IPV0BWuPoAkNOEAPeRapPgmJ60icjOpn/MTQ==
=QvSr
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
Secunia Network Software Inspector 2.0 (NSI) - Public Beta
The Public Beta has ended. Thanks to all that participated.
1) An error in AFP server allows connected users or guests to access
files and directories that are not within a shared directory.
2) Some vulnerabilities in Apache can be exploited by malicious
people to conduct cross-site scripting attacks or to cause a DoS
(Denial of Service).
3) An unspecified error in AppKit can potentially be exploited to
execute arbitrary code when a user opens a specially crafted document
file with an editor that uses AppKit (e.g. TextEdit).
4) Multiple unspecified errors exist in the processing of Pixlet
video files. These can be exploited to cause memory corruption and
potentially allow for execution of arbitrary code when a user opens a
specially crafted movie file.
5) An unspecified error exists in Apple Type Services when processing
embedded fonts in PDF files. This can be exploited to cause a memory
corruption when a PDF file containing a specially crafted embedded
font is printed.
Successful exploitation may allow execution of arbitrary code.
6) An error in Safari's SSL client certificate handling can lead to
an information disclosure of the first client certificate found in
the keychain when a web server issues a client certificate request.
7) An integer overflow exists in CoreFoundation when handling CFData
objects. This can be exploited to cause a heap-based buffer overflow
if an application calls "CFDataReplaceBytes" with an invalid "length"
argument.
8) An error due to an uninitialised variable in CoreGraphics can
potentially be exploited to execute arbitrary code when a specially
crafted PDF is opened.
9) A weakness is caused due to users not being warned before opening
certain potentially unsafe content types.
11) Some vulnerabilities in Adobe Flash Player can be exploited by
malicious people to bypass certain security restrictions, conduct
cross-site scripting attacks, or to potentially compromise a user's
system.
For more information:
SA28083
12) An integer underflow error in Help Viewer when handling
help:topic URLs can be exploited to cause a buffer overflow when a
specially crafted help:topic URL is accessed.
Successful exploitation may allow execution of arbitrary code.
13) A conversion error exists in ICU when handling certain character
encodings. This can potentially be exploited bypass content filters
and may lead to cross-site scripting and disclosure of sensitive
information.
14) Input passed to unspecified parameters in Image Capture's
embedded web server is not properly sanitised before being used. This
can be exploited to disclose the content of local files via directory
traversal attacks.
15) An error in the handling of temporary files in Image Capture can
be exploited by malicious, local users to manipulate files with the
privilege of a user running Image Capture.
16) A boundary error in the BMP and GIF image decoding engine in
ImageIO can be exploited to disclose content in memory.
17) Some vulnerabilities in ImageIO can be exploited by malicious
people to cause a DoS (Denial of Service).
The vulnerabilities are caused due to the use of vulnerable libpng
code.
For more information:
SA27093
SA27130
18) An integer overflow error in ImageIO within the processing of
JPEG2000 images can be exploited to cause a heap-based buffer
overflow when a specially crafted JPEG2000 image is viewed.
Successful exploitation of this vulnerability may allow execution of
arbitrary code.
19) An error in Mail is caused due to an uninitialised variable and
can lead to disclosure of sensitive information and potentially
execution of arbitrary code when mail is sent through an SMTP server
over IPv6.
20) A vulnerability in Mongrel can be exploited by malicious people
to disclose sensitive information.
For more information:
SA28323
21) The sso_util command-line tool requires that passwords be passed
to it in its arguments, which can be exploited by malicious, local
users to disclose the passwords.
22) An error in Wiki Server can be exploited to determine valid local
user names when nonexistent blogs are accessed.
ORIGINAL ADVISORY:
http://support.apple.com/kb/HT1897
OTHER REFERENCES:
SA18008:
http://secunia.com/advisories/18008/
SA18307:
http://secunia.com/advisories/18307/
SA26273:
http://secunia.com/advisories/26273/
SA26636:
http://secunia.com/advisories/26636/
SA27093:
http://secunia.com/advisories/27093/
SA27130:
http://secunia.com/advisories/27130/
SA28081:
http://secunia.com/advisories/28081/
SA28083:
http://secunia.com/advisories/28083/
SA28323:
http://secunia.com/advisories/28323/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200805-0591 | CVE-2008-1577 | Apple Mac OS X of Pixlet Vulnerability in arbitrary code execution in codec |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Unspecified vulnerability in the Pixlet codec in Apple Pixlet Video in Apple Mac OS X before 10.5.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file, related to "multiple memory corruption issues.".
The security update addresses a total of 19 new vulnerabilities that affect the AFP Server, AppKit, Apple Pixlet Video, ATS, CFNetwork, CoreFoundation, CoreGraphics, CoreTypes, CUPS, Help Viewer, iCal, International Components for Unicode, Image Capture, ImageIO, Kernel, Mail, Single Sign-On, and Wiki Server components of Mac OS X. Apple Mac OS X is prone to multiple memory-corruption vulnerabilities that occur in Apple Pixlet Video.
An attacker can exploit these issues to execute arbitrary code with the privileges of the user running the affected application.
These issues affect Mac OS X 10.4.11, Mac OS X Server 10.4.11, Mac OS X 10.5 - 10.5.2, and Mac OS X Server 10.5 - 10.5.2.
NOTE: These issues were previously covered in BID 29412 (Apple Mac OS X 2008-003 Multiple Security Vulnerabilities) but have been given this record to better document them. This vulnerability is related to \"multiple A memory corruption problem\" is related.
I. Further
details are available in the US-CERT Vulnerability Notes Database.
II.
III. These and other updates are available via Software Update or
via Apple Downloads.
IV. Please send
email to <cert@cert.org> with "TA08-150A Feedback VU#566875" in the
subject.
_________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
_________________________________________________________________
Produced 2008 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
May 29 2008: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBSD8M8XIHljM+H4irAQL8gggAhPXOm6pPXxrZpjiJYHmlhwCCIclyj9vo
Yvs/cicI8vJ3vB4xkUd51/iFoze6D3mFnSxwVAgrixysdkaCxBUyWqmRumEDTXfx
403FR2yIFpSFr7+9VXXWpmq6E0aHVjrKPOArq5uysuIPOHiEbKUisT2gBXUlPrtN
RjUg/w/9/IEryPxv/nVzHMcLDde2OLyoo+tiSCOqJK/sC/VUM/d1zkdIDOfu0zom
vmqM10hDyA7VR2rgkKvSbqXOWHua0t4eHaNMP0h3N51yLmFhMHxBGj9zWXj9dpHI
DcQ9gnQKm7YocOfLC4IPV0BWuPoAkNOEAPeRapPgmJ60icjOpn/MTQ==
=QvSr
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
Secunia Network Software Inspector 2.0 (NSI) - Public Beta
The Public Beta has ended. Thanks to all that participated.
1) An error in AFP server allows connected users or guests to access
files and directories that are not within a shared directory.
2) Some vulnerabilities in Apache can be exploited by malicious
people to conduct cross-site scripting attacks or to cause a DoS
(Denial of Service).
3) An unspecified error in AppKit can potentially be exploited to
execute arbitrary code when a user opens a specially crafted document
file with an editor that uses AppKit (e.g. TextEdit).
4) Multiple unspecified errors exist in the processing of Pixlet
video files.
5) An unspecified error exists in Apple Type Services when processing
embedded fonts in PDF files. This can be exploited to cause a memory
corruption when a PDF file containing a specially crafted embedded
font is printed.
Successful exploitation may allow execution of arbitrary code.
6) An error in Safari's SSL client certificate handling can lead to
an information disclosure of the first client certificate found in
the keychain when a web server issues a client certificate request.
7) An integer overflow exists in CoreFoundation when handling CFData
objects. This can be exploited to cause a heap-based buffer overflow
if an application calls "CFDataReplaceBytes" with an invalid "length"
argument.
8) An error due to an uninitialised variable in CoreGraphics can
potentially be exploited to execute arbitrary code when a specially
crafted PDF is opened.
9) A weakness is caused due to users not being warned before opening
certain potentially unsafe content types.
10) An error when printing to password-protected printers with debug
logging enabled may lead to the disclosure of sensitive information.
11) Some vulnerabilities in Adobe Flash Player can be exploited by
malicious people to bypass certain security restrictions, conduct
cross-site scripting attacks, or to potentially compromise a user's
system.
For more information:
SA28083
12) An integer underflow error in Help Viewer when handling
help:topic URLs can be exploited to cause a buffer overflow when a
specially crafted help:topic URL is accessed.
Successful exploitation may allow execution of arbitrary code.
13) A conversion error exists in ICU when handling certain character
encodings. This can potentially be exploited bypass content filters
and may lead to cross-site scripting and disclosure of sensitive
information.
14) Input passed to unspecified parameters in Image Capture's
embedded web server is not properly sanitised before being used. This
can be exploited to disclose the content of local files via directory
traversal attacks.
15) An error in the handling of temporary files in Image Capture can
be exploited by malicious, local users to manipulate files with the
privilege of a user running Image Capture.
16) A boundary error in the BMP and GIF image decoding engine in
ImageIO can be exploited to disclose content in memory.
17) Some vulnerabilities in ImageIO can be exploited by malicious
people to cause a DoS (Denial of Service).
The vulnerabilities are caused due to the use of vulnerable libpng
code.
For more information:
SA27093
SA27130
18) An integer overflow error in ImageIO within the processing of
JPEG2000 images can be exploited to cause a heap-based buffer
overflow when a specially crafted JPEG2000 image is viewed.
Successful exploitation of this vulnerability may allow execution of
arbitrary code.
19) An error in Mail is caused due to an uninitialised variable and
can lead to disclosure of sensitive information and potentially
execution of arbitrary code when mail is sent through an SMTP server
over IPv6.
20) A vulnerability in Mongrel can be exploited by malicious people
to disclose sensitive information.
For more information:
SA28323
21) The sso_util command-line tool requires that passwords be passed
to it in its arguments, which can be exploited by malicious, local
users to disclose the passwords.
22) An error in Wiki Server can be exploited to determine valid local
user names when nonexistent blogs are accessed.
ORIGINAL ADVISORY:
http://support.apple.com/kb/HT1897
OTHER REFERENCES:
SA18008:
http://secunia.com/advisories/18008/
SA18307:
http://secunia.com/advisories/18307/
SA26273:
http://secunia.com/advisories/26273/
SA26636:
http://secunia.com/advisories/26636/
SA27093:
http://secunia.com/advisories/27093/
SA27130:
http://secunia.com/advisories/27130/
SA28081:
http://secunia.com/advisories/28081/
SA28083:
http://secunia.com/advisories/28083/
SA28323:
http://secunia.com/advisories/28323/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200805-0587 | CVE-2008-1031 | Apple Mac OS X of CoreGraphics Vulnerability in arbitrary code execution |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
CoreGraphics in Apple Mac OS X before 10.5.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document, related to an uninitialized variable.
The security update addresses a total of 19 new vulnerabilities that affect the AFP Server, AppKit, Apple Pixlet Video, ATS, CFNetwork, CoreFoundation, CoreGraphics, CoreTypes, CUPS, Help Viewer, iCal, International Components for Unicode, Image Capture, ImageIO, Kernel, Mail, Single Sign-On, and Wiki Server components of Mac OS X. Apple Mac OS X is prone to a remote code-execution vulnerability affecting CoreGraphics.
Successful exploits will allow the attacker to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.
This issue affects Mac OS X 10.4.11, Mac OS X Server 10.4.11, Mac OS X 10.5 - 10.5.2, and Mac OS X Server 10.5 - 10.5.2.
NOTE: This issue was previously covered in BID 29412 (Apple Mac OS X 2008-003 Multiple Security Vulnerabilities) but has been given its own record to better document the vulnerability. There is an uninitialized variable vulnerability when oreGraphics handles PDF files.
I. Further
details are available in the US-CERT Vulnerability Notes Database.
II.
III. These and other updates are available via Software Update or
via Apple Downloads.
IV. Please send
email to <cert@cert.org> with "TA08-150A Feedback VU#566875" in the
subject.
_________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
_________________________________________________________________
Produced 2008 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
May 29 2008: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBSD8M8XIHljM+H4irAQL8gggAhPXOm6pPXxrZpjiJYHmlhwCCIclyj9vo
Yvs/cicI8vJ3vB4xkUd51/iFoze6D3mFnSxwVAgrixysdkaCxBUyWqmRumEDTXfx
403FR2yIFpSFr7+9VXXWpmq6E0aHVjrKPOArq5uysuIPOHiEbKUisT2gBXUlPrtN
RjUg/w/9/IEryPxv/nVzHMcLDde2OLyoo+tiSCOqJK/sC/VUM/d1zkdIDOfu0zom
vmqM10hDyA7VR2rgkKvSbqXOWHua0t4eHaNMP0h3N51yLmFhMHxBGj9zWXj9dpHI
DcQ9gnQKm7YocOfLC4IPV0BWuPoAkNOEAPeRapPgmJ60icjOpn/MTQ==
=QvSr
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
Secunia Network Software Inspector 2.0 (NSI) - Public Beta
The Public Beta has ended. Thanks to all that participated.
1) An error in AFP server allows connected users or guests to access
files and directories that are not within a shared directory.
2) Some vulnerabilities in Apache can be exploited by malicious
people to conduct cross-site scripting attacks or to cause a DoS
(Denial of Service).
3) An unspecified error in AppKit can potentially be exploited to
execute arbitrary code when a user opens a specially crafted document
file with an editor that uses AppKit (e.g. TextEdit).
4) Multiple unspecified errors exist in the processing of Pixlet
video files. These can be exploited to cause memory corruption and
potentially allow for execution of arbitrary code when a user opens a
specially crafted movie file.
5) An unspecified error exists in Apple Type Services when processing
embedded fonts in PDF files. This can be exploited to cause a memory
corruption when a PDF file containing a specially crafted embedded
font is printed.
6) An error in Safari's SSL client certificate handling can lead to
an information disclosure of the first client certificate found in
the keychain when a web server issues a client certificate request.
7) An integer overflow exists in CoreFoundation when handling CFData
objects. This can be exploited to cause a heap-based buffer overflow
if an application calls "CFDataReplaceBytes" with an invalid "length"
argument.
8) An error due to an uninitialised variable in CoreGraphics can
potentially be exploited to execute arbitrary code when a specially
crafted PDF is opened.
9) A weakness is caused due to users not being warned before opening
certain potentially unsafe content types.
10) An error when printing to password-protected printers with debug
logging enabled may lead to the disclosure of sensitive information.
11) Some vulnerabilities in Adobe Flash Player can be exploited by
malicious people to bypass certain security restrictions, conduct
cross-site scripting attacks, or to potentially compromise a user's
system.
For more information:
SA28083
12) An integer underflow error in Help Viewer when handling
help:topic URLs can be exploited to cause a buffer overflow when a
specially crafted help:topic URL is accessed.
13) A conversion error exists in ICU when handling certain character
encodings. This can potentially be exploited bypass content filters
and may lead to cross-site scripting and disclosure of sensitive
information.
14) Input passed to unspecified parameters in Image Capture's
embedded web server is not properly sanitised before being used. This
can be exploited to disclose the content of local files via directory
traversal attacks.
15) An error in the handling of temporary files in Image Capture can
be exploited by malicious, local users to manipulate files with the
privilege of a user running Image Capture.
16) A boundary error in the BMP and GIF image decoding engine in
ImageIO can be exploited to disclose content in memory.
17) Some vulnerabilities in ImageIO can be exploited by malicious
people to cause a DoS (Denial of Service).
The vulnerabilities are caused due to the use of vulnerable libpng
code.
For more information:
SA27093
SA27130
18) An integer overflow error in ImageIO within the processing of
JPEG2000 images can be exploited to cause a heap-based buffer
overflow when a specially crafted JPEG2000 image is viewed.
19) An error in Mail is caused due to an uninitialised variable and
can lead to disclosure of sensitive information and potentially
execution of arbitrary code when mail is sent through an SMTP server
over IPv6.
20) A vulnerability in Mongrel can be exploited by malicious people
to disclose sensitive information.
For more information:
SA28323
21) The sso_util command-line tool requires that passwords be passed
to it in its arguments, which can be exploited by malicious, local
users to disclose the passwords.
22) An error in Wiki Server can be exploited to determine valid local
user names when nonexistent blogs are accessed.
ORIGINAL ADVISORY:
http://support.apple.com/kb/HT1897
OTHER REFERENCES:
SA18008:
http://secunia.com/advisories/18008/
SA18307:
http://secunia.com/advisories/18307/
SA26273:
http://secunia.com/advisories/26273/
SA26636:
http://secunia.com/advisories/26636/
SA27093:
http://secunia.com/advisories/27093/
SA27130:
http://secunia.com/advisories/27130/
SA28081:
http://secunia.com/advisories/28081/
SA28083:
http://secunia.com/advisories/28083/
SA28323:
http://secunia.com/advisories/28323/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200805-0590 | CVE-2008-1580 | Apple Mac OS X of Safari of CFNetwork In Web Vulnerability that leaks important information to the site |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
CFNetwork in Safari in Apple Mac OS X before 10.5.3 automatically sends an SSL client certificate in response to a web server's certificate request, which allows remote web sites to obtain sensitive information (Subject data) from personally identifiable certificates, and use arbitrary certificates to track user activities across domains, a related issue to CVE-2007-4879. Web A vulnerability that leaks to the site exists.Malicious Web Your site may receive important information and track user behavior across domains. Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2008-003 and Mac OS X/Mac OS X Server 10.5.3.
The security update addresses a total of 19 new vulnerabilities that affect the AFP Server, AppKit, Apple Pixlet Video, ATS, CFNetwork, CoreFoundation, CoreGraphics, CoreTypes, CUPS, Help Viewer, iCal, International Components for Unicode, Image Capture, ImageIO, Kernel, Mail, Single Sign-On, and Wiki Server components of Mac OS X.
NOTE: This BID is being retired; the following individual records have been created to better document the issues:
29480 Apple Mac OS X CoreGraphics PDF Handling Code Execution Vulnerability
29481 Apple Mac OS X CoreTypes Unsafe Content Warning Weakness
29483 Apple Mac OS X Help Viewer 'help:topic' URI Buffer Overflow Vulnerability
29484 Apple Mac OS X CUPS Debug Logging Information Disclosure Vulnerability
29486 Apple Mac OS X iCal '.ics' File Handling Remote Code Execution Vulnerability
29487 Apple Mac OS X AppKit Malformed File Remote Code Execution Vulnerability
29488 Apple Mac OS X International Components for Unicode Information Disclosure Vulnerability
29489 Apple Mac OS X Pixlet Video Multiple Unspecified Memory Corruption Vulnerabilities
29490 Apple Mac OS X AFP Server File Sharing Unauthorized File Access Vulnerability
29491 Apple Mac OS X CoreFoundation CFData Object Handling Code Execution Vulnerability
29492 Apple Mac OS X Apple Type Services PDF Handling Code Execution Vulnerability
29493 Apple Mac OS X CFNetwork SSL Client Certificate Handling Information Disclosure Vulnerability
29500 Apple Mac OS X Mail Memory Corruption Vulnerability
29501 Apple Mac OS X Image Capture Webserver Directory Traversal Vulnerability
29511 Apple Mac OS X Wiki Server User Name Enumeration Weakness
29513 Apple Mac OS X ImageIO BMP/GIF Image Information Disclosure Vulnerability
29514 Apple Mac OS X ImageIO JPEG2000 Handling Remote Code Execution Vulnerability
29520 Apple Mac OS X Single Sign-On 'sso_util' Local Information Disclosure Vulnerability
29521 Apple Mac OS X Image Capture Local Arbitrary File Overwrite Vulnerability.
An attacker could leverage this vulnerability to obtain potentially sensitive information that may aid in further attacks.
I. Further
details are available in the US-CERT Vulnerability Notes Database.
II.
III. These and other updates are available via Software Update or
via Apple Downloads.
IV. Please send
email to <cert@cert.org> with "TA08-150A Feedback VU#566875" in the
subject.
_________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
_________________________________________________________________
Produced 2008 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
May 29 2008: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBSD8M8XIHljM+H4irAQL8gggAhPXOm6pPXxrZpjiJYHmlhwCCIclyj9vo
Yvs/cicI8vJ3vB4xkUd51/iFoze6D3mFnSxwVAgrixysdkaCxBUyWqmRumEDTXfx
403FR2yIFpSFr7+9VXXWpmq6E0aHVjrKPOArq5uysuIPOHiEbKUisT2gBXUlPrtN
RjUg/w/9/IEryPxv/nVzHMcLDde2OLyoo+tiSCOqJK/sC/VUM/d1zkdIDOfu0zom
vmqM10hDyA7VR2rgkKvSbqXOWHua0t4eHaNMP0h3N51yLmFhMHxBGj9zWXj9dpHI
DcQ9gnQKm7YocOfLC4IPV0BWuPoAkNOEAPeRapPgmJ60icjOpn/MTQ==
=QvSr
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
Secunia Network Software Inspector 2.0 (NSI) - Public Beta
The Public Beta has ended. Thanks to all that participated.
1) An error in AFP server allows connected users or guests to access
files and directories that are not within a shared directory.
2) Some vulnerabilities in Apache can be exploited by malicious
people to conduct cross-site scripting attacks or to cause a DoS
(Denial of Service).
3) An unspecified error in AppKit can potentially be exploited to
execute arbitrary code when a user opens a specially crafted document
file with an editor that uses AppKit (e.g. TextEdit).
4) Multiple unspecified errors exist in the processing of Pixlet
video files. These can be exploited to cause memory corruption and
potentially allow for execution of arbitrary code when a user opens a
specially crafted movie file.
5) An unspecified error exists in Apple Type Services when processing
embedded fonts in PDF files. This can be exploited to cause a memory
corruption when a PDF file containing a specially crafted embedded
font is printed.
Successful exploitation may allow execution of arbitrary code.
7) An integer overflow exists in CoreFoundation when handling CFData
objects. This can be exploited to cause a heap-based buffer overflow
if an application calls "CFDataReplaceBytes" with an invalid "length"
argument.
8) An error due to an uninitialised variable in CoreGraphics can
potentially be exploited to execute arbitrary code when a specially
crafted PDF is opened.
9) A weakness is caused due to users not being warned before opening
certain potentially unsafe content types.
10) An error when printing to password-protected printers with debug
logging enabled may lead to the disclosure of sensitive information.
11) Some vulnerabilities in Adobe Flash Player can be exploited by
malicious people to bypass certain security restrictions, conduct
cross-site scripting attacks, or to potentially compromise a user's
system.
For more information:
SA28083
12) An integer underflow error in Help Viewer when handling
help:topic URLs can be exploited to cause a buffer overflow when a
specially crafted help:topic URL is accessed.
Successful exploitation may allow execution of arbitrary code.
13) A conversion error exists in ICU when handling certain character
encodings. This can potentially be exploited bypass content filters
and may lead to cross-site scripting and disclosure of sensitive
information.
14) Input passed to unspecified parameters in Image Capture's
embedded web server is not properly sanitised before being used. This
can be exploited to disclose the content of local files via directory
traversal attacks.
15) An error in the handling of temporary files in Image Capture can
be exploited by malicious, local users to manipulate files with the
privilege of a user running Image Capture.
16) A boundary error in the BMP and GIF image decoding engine in
ImageIO can be exploited to disclose content in memory.
17) Some vulnerabilities in ImageIO can be exploited by malicious
people to cause a DoS (Denial of Service).
The vulnerabilities are caused due to the use of vulnerable libpng
code.
For more information:
SA27093
SA27130
18) An integer overflow error in ImageIO within the processing of
JPEG2000 images can be exploited to cause a heap-based buffer
overflow when a specially crafted JPEG2000 image is viewed.
Successful exploitation of this vulnerability may allow execution of
arbitrary code.
19) An error in Mail is caused due to an uninitialised variable and
can lead to disclosure of sensitive information and potentially
execution of arbitrary code when mail is sent through an SMTP server
over IPv6.
For more information:
SA28323
21) The sso_util command-line tool requires that passwords be passed
to it in its arguments, which can be exploited by malicious, local
users to disclose the passwords.
22) An error in Wiki Server can be exploited to determine valid local
user names when nonexistent blogs are accessed.
ORIGINAL ADVISORY:
http://support.apple.com/kb/HT1897
OTHER REFERENCES:
SA18008:
http://secunia.com/advisories/18008/
SA18307:
http://secunia.com/advisories/18307/
SA26273:
http://secunia.com/advisories/26273/
SA26636:
http://secunia.com/advisories/26636/
SA27093:
http://secunia.com/advisories/27093/
SA27130:
http://secunia.com/advisories/27130/
SA28081:
http://secunia.com/advisories/28081/
SA28083:
http://secunia.com/advisories/28083/
SA28323:
http://secunia.com/advisories/28323/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200805-0588 | CVE-2008-1574 | Apple Mac OS X of ImageIO Vulnerable to buffer overflow |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Integer overflow in ImageIO in Apple Mac OS X before 10.5.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG2000 image that triggers a heap-based buffer overflow.
The security update addresses a total of 19 new vulnerabilities that affect the AFP Server, AppKit, Apple Pixlet Video, ATS, CFNetwork, CoreFoundation, CoreGraphics, CoreTypes, CUPS, Help Viewer, iCal, International Components for Unicode, Image Capture, ImageIO, Kernel, Mail, Single Sign-On, and Wiki Server components of Mac OS X.
Successful exploits will allow an attacker to run arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.
This issue affects Mac OS X 10.4.11, Mac OS X Server 10.4.11, Mac OS X 10.5 - 10.5.2, and Mac OS X Server 10.5 - 10.5.2.
NOTE: This issue was previously covered in BID 29412 (Apple Mac OS X 2008-003 Multiple Security Vulnerabilities) but has been given its own record to better document the vulnerability.
I. Further
details are available in the US-CERT Vulnerability Notes Database.
II.
III. These and other updates are available via Software Update or
via Apple Downloads.
IV. Please send
email to <cert@cert.org> with "TA08-150A Feedback VU#566875" in the
subject.
_________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
_________________________________________________________________
Produced 2008 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
May 29 2008: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBSD8M8XIHljM+H4irAQL8gggAhPXOm6pPXxrZpjiJYHmlhwCCIclyj9vo
Yvs/cicI8vJ3vB4xkUd51/iFoze6D3mFnSxwVAgrixysdkaCxBUyWqmRumEDTXfx
403FR2yIFpSFr7+9VXXWpmq6E0aHVjrKPOArq5uysuIPOHiEbKUisT2gBXUlPrtN
RjUg/w/9/IEryPxv/nVzHMcLDde2OLyoo+tiSCOqJK/sC/VUM/d1zkdIDOfu0zom
vmqM10hDyA7VR2rgkKvSbqXOWHua0t4eHaNMP0h3N51yLmFhMHxBGj9zWXj9dpHI
DcQ9gnQKm7YocOfLC4IPV0BWuPoAkNOEAPeRapPgmJ60icjOpn/MTQ==
=QvSr
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
Secunia Network Software Inspector 2.0 (NSI) - Public Beta
The Public Beta has ended. Thanks to all that participated.
1) An error in AFP server allows connected users or guests to access
files and directories that are not within a shared directory.
2) Some vulnerabilities in Apache can be exploited by malicious
people to conduct cross-site scripting attacks or to cause a DoS
(Denial of Service).
3) An unspecified error in AppKit can potentially be exploited to
execute arbitrary code when a user opens a specially crafted document
file with an editor that uses AppKit (e.g. TextEdit).
4) Multiple unspecified errors exist in the processing of Pixlet
video files. These can be exploited to cause memory corruption and
potentially allow for execution of arbitrary code when a user opens a
specially crafted movie file.
5) An unspecified error exists in Apple Type Services when processing
embedded fonts in PDF files. This can be exploited to cause a memory
corruption when a PDF file containing a specially crafted embedded
font is printed.
6) An error in Safari's SSL client certificate handling can lead to
an information disclosure of the first client certificate found in
the keychain when a web server issues a client certificate request.
7) An integer overflow exists in CoreFoundation when handling CFData
objects. This can be exploited to cause a heap-based buffer overflow
if an application calls "CFDataReplaceBytes" with an invalid "length"
argument.
8) An error due to an uninitialised variable in CoreGraphics can
potentially be exploited to execute arbitrary code when a specially
crafted PDF is opened.
9) A weakness is caused due to users not being warned before opening
certain potentially unsafe content types.
10) An error when printing to password-protected printers with debug
logging enabled may lead to the disclosure of sensitive information.
11) Some vulnerabilities in Adobe Flash Player can be exploited by
malicious people to bypass certain security restrictions, conduct
cross-site scripting attacks, or to potentially compromise a user's
system.
For more information:
SA28083
12) An integer underflow error in Help Viewer when handling
help:topic URLs can be exploited to cause a buffer overflow when a
specially crafted help:topic URL is accessed.
13) A conversion error exists in ICU when handling certain character
encodings. This can potentially be exploited bypass content filters
and may lead to cross-site scripting and disclosure of sensitive
information.
14) Input passed to unspecified parameters in Image Capture's
embedded web server is not properly sanitised before being used. This
can be exploited to disclose the content of local files via directory
traversal attacks.
15) An error in the handling of temporary files in Image Capture can
be exploited by malicious, local users to manipulate files with the
privilege of a user running Image Capture.
16) A boundary error in the BMP and GIF image decoding engine in
ImageIO can be exploited to disclose content in memory.
17) Some vulnerabilities in ImageIO can be exploited by malicious
people to cause a DoS (Denial of Service).
The vulnerabilities are caused due to the use of vulnerable libpng
code.
19) An error in Mail is caused due to an uninitialised variable and
can lead to disclosure of sensitive information and potentially
execution of arbitrary code when mail is sent through an SMTP server
over IPv6.
20) A vulnerability in Mongrel can be exploited by malicious people
to disclose sensitive information.
For more information:
SA28323
21) The sso_util command-line tool requires that passwords be passed
to it in its arguments, which can be exploited by malicious, local
users to disclose the passwords.
22) An error in Wiki Server can be exploited to determine valid local
user names when nonexistent blogs are accessed.
ORIGINAL ADVISORY:
http://support.apple.com/kb/HT1897
OTHER REFERENCES:
SA18008:
http://secunia.com/advisories/18008/
SA18307:
http://secunia.com/advisories/18307/
SA26273:
http://secunia.com/advisories/26273/
SA26636:
http://secunia.com/advisories/26636/
SA27093:
http://secunia.com/advisories/27093/
SA27130:
http://secunia.com/advisories/27130/
SA28081:
http://secunia.com/advisories/28081/
SA28083:
http://secunia.com/advisories/28083/
SA28323:
http://secunia.com/advisories/28323/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200805-0586 | CVE-2008-1027 | Apple Mac OS X of Apple Filing Protocol (AFP) Server Vulnerable to reading arbitrary files |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Apple Filing Protocol (AFP) Server in Apple Mac OS X before 10.5.3 does not verify that requested files and directories are inside shared folders, which allows remote attackers to read arbitrary files via unspecified AFP traffic. Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2008-003 and Mac OS X/Mac OS X Server 10.5.3.
The security update addresses a total of 19 new vulnerabilities that affect the AFP Server, AppKit, Apple Pixlet Video, ATS, CFNetwork, CoreFoundation, CoreGraphics, CoreTypes, CUPS, Help Viewer, iCal, International Components for Unicode, Image Capture, ImageIO, Kernel, Mail, Single Sign-On, and Wiki Server components of Mac OS X.
NOTE: This BID is being retired; the following individual records have been created to better document the issues:
29480 Apple Mac OS X CoreGraphics PDF Handling Code Execution Vulnerability
29481 Apple Mac OS X CoreTypes Unsafe Content Warning Weakness
29483 Apple Mac OS X Help Viewer 'help:topic' URI Buffer Overflow Vulnerability
29484 Apple Mac OS X CUPS Debug Logging Information Disclosure Vulnerability
29486 Apple Mac OS X iCal '.ics' File Handling Remote Code Execution Vulnerability
29487 Apple Mac OS X AppKit Malformed File Remote Code Execution Vulnerability
29488 Apple Mac OS X International Components for Unicode Information Disclosure Vulnerability
29489 Apple Mac OS X Pixlet Video Multiple Unspecified Memory Corruption Vulnerabilities
29490 Apple Mac OS X AFP Server File Sharing Unauthorized File Access Vulnerability
29491 Apple Mac OS X CoreFoundation CFData Object Handling Code Execution Vulnerability
29492 Apple Mac OS X Apple Type Services PDF Handling Code Execution Vulnerability
29493 Apple Mac OS X CFNetwork SSL Client Certificate Handling Information Disclosure Vulnerability
29500 Apple Mac OS X Mail Memory Corruption Vulnerability
29501 Apple Mac OS X Image Capture Webserver Directory Traversal Vulnerability
29511 Apple Mac OS X Wiki Server User Name Enumeration Weakness
29513 Apple Mac OS X ImageIO BMP/GIF Image Information Disclosure Vulnerability
29514 Apple Mac OS X ImageIO JPEG2000 Handling Remote Code Execution Vulnerability
29520 Apple Mac OS X Single Sign-On 'sso_util' Local Information Disclosure Vulnerability
29521 Apple Mac OS X Image Capture Local Arbitrary File Overwrite Vulnerability.
Successfully exploiting this issue will allow attackers to obtain potentially sensitive information that may lead to other attacks.
I. Further
details are available in the US-CERT Vulnerability Notes Database.
II.
III. These and other updates are available via Software Update or
via Apple Downloads.
IV. Please send
email to <cert@cert.org> with "TA08-150A Feedback VU#566875" in the
subject.
_________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
_________________________________________________________________
Produced 2008 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
May 29 2008: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBSD8M8XIHljM+H4irAQL8gggAhPXOm6pPXxrZpjiJYHmlhwCCIclyj9vo
Yvs/cicI8vJ3vB4xkUd51/iFoze6D3mFnSxwVAgrixysdkaCxBUyWqmRumEDTXfx
403FR2yIFpSFr7+9VXXWpmq6E0aHVjrKPOArq5uysuIPOHiEbKUisT2gBXUlPrtN
RjUg/w/9/IEryPxv/nVzHMcLDde2OLyoo+tiSCOqJK/sC/VUM/d1zkdIDOfu0zom
vmqM10hDyA7VR2rgkKvSbqXOWHua0t4eHaNMP0h3N51yLmFhMHxBGj9zWXj9dpHI
DcQ9gnQKm7YocOfLC4IPV0BWuPoAkNOEAPeRapPgmJ60icjOpn/MTQ==
=QvSr
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
Secunia Network Software Inspector 2.0 (NSI) - Public Beta
The Public Beta has ended. Thanks to all that participated.
2) Some vulnerabilities in Apache can be exploited by malicious
people to conduct cross-site scripting attacks or to cause a DoS
(Denial of Service).
3) An unspecified error in AppKit can potentially be exploited to
execute arbitrary code when a user opens a specially crafted document
file with an editor that uses AppKit (e.g. TextEdit).
4) Multiple unspecified errors exist in the processing of Pixlet
video files. These can be exploited to cause memory corruption and
potentially allow for execution of arbitrary code when a user opens a
specially crafted movie file.
5) An unspecified error exists in Apple Type Services when processing
embedded fonts in PDF files. This can be exploited to cause a memory
corruption when a PDF file containing a specially crafted embedded
font is printed.
Successful exploitation may allow execution of arbitrary code.
6) An error in Safari's SSL client certificate handling can lead to
an information disclosure of the first client certificate found in
the keychain when a web server issues a client certificate request.
7) An integer overflow exists in CoreFoundation when handling CFData
objects. This can be exploited to cause a heap-based buffer overflow
if an application calls "CFDataReplaceBytes" with an invalid "length"
argument.
8) An error due to an uninitialised variable in CoreGraphics can
potentially be exploited to execute arbitrary code when a specially
crafted PDF is opened.
9) A weakness is caused due to users not being warned before opening
certain potentially unsafe content types.
10) An error when printing to password-protected printers with debug
logging enabled may lead to the disclosure of sensitive information.
11) Some vulnerabilities in Adobe Flash Player can be exploited by
malicious people to bypass certain security restrictions, conduct
cross-site scripting attacks, or to potentially compromise a user's
system.
For more information:
SA28083
12) An integer underflow error in Help Viewer when handling
help:topic URLs can be exploited to cause a buffer overflow when a
specially crafted help:topic URL is accessed.
Successful exploitation may allow execution of arbitrary code.
13) A conversion error exists in ICU when handling certain character
encodings.
14) Input passed to unspecified parameters in Image Capture's
embedded web server is not properly sanitised before being used. This
can be exploited to disclose the content of local files via directory
traversal attacks.
15) An error in the handling of temporary files in Image Capture can
be exploited by malicious, local users to manipulate files with the
privilege of a user running Image Capture.
16) A boundary error in the BMP and GIF image decoding engine in
ImageIO can be exploited to disclose content in memory.
17) Some vulnerabilities in ImageIO can be exploited by malicious
people to cause a DoS (Denial of Service).
The vulnerabilities are caused due to the use of vulnerable libpng
code.
For more information:
SA27093
SA27130
18) An integer overflow error in ImageIO within the processing of
JPEG2000 images can be exploited to cause a heap-based buffer
overflow when a specially crafted JPEG2000 image is viewed.
Successful exploitation of this vulnerability may allow execution of
arbitrary code.
19) An error in Mail is caused due to an uninitialised variable and
can lead to disclosure of sensitive information and potentially
execution of arbitrary code when mail is sent through an SMTP server
over IPv6.
20) A vulnerability in Mongrel can be exploited by malicious people
to disclose sensitive information.
For more information:
SA28323
21) The sso_util command-line tool requires that passwords be passed
to it in its arguments, which can be exploited by malicious, local
users to disclose the passwords.
22) An error in Wiki Server can be exploited to determine valid local
user names when nonexistent blogs are accessed.
ORIGINAL ADVISORY:
http://support.apple.com/kb/HT1897
OTHER REFERENCES:
SA18008:
http://secunia.com/advisories/18008/
SA18307:
http://secunia.com/advisories/18307/
SA26273:
http://secunia.com/advisories/26273/
SA26636:
http://secunia.com/advisories/26636/
SA27093:
http://secunia.com/advisories/27093/
SA27130:
http://secunia.com/advisories/27130/
SA28081:
http://secunia.com/advisories/28081/
SA28083:
http://secunia.com/advisories/28083/
SA28323:
http://secunia.com/advisories/28323/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200805-0580 | CVE-2008-1576 | Apple Help Viewer vulnerable to buffer overflow |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Mail in Apple Mac OS X before 10.5, when an IPv6 SMTP server is used, does not properly initialize memory, which might allow remote attackers to execute arbitrary code or cause a denial of service (application crash), or obtain sensitive information (memory contents) in opportunistic circumstances, by sending an e-mail message. A vulnerability in the way Apple Help Viewer handles specially crafted URLs may allow an attacker to execute arbitrary code or cause a denial of service. Apple Mac OS X is prone to a memory-corruption vulnerability that affects the Mail application.
NOTE: This issue was previously covered in BID 29412 (Apple Mac OS X 2008-003 Multiple Security Vulnerabilities) but has been given its own record to better document the vulnerability.
This issue affects Mac OS X v10.4.11 and Mac OS X Server 10.4.11. Computers running Mac OS X v10.5 or later are not affected by this issue.
The security update addresses a total of 19 new vulnerabilities that affect the AFP Server, AppKit, Apple Pixlet Video, ATS, CFNetwork, CoreFoundation, CoreGraphics, CoreTypes, CUPS, Help Viewer, iCal, International Components for Unicode, Image Capture, ImageIO, Kernel, Mail, Single Sign-On, and Wiki Server components of Mac OS X. An uninitialized buffer vulnerability exists in Mail.
I. Further
details are available in the US-CERT Vulnerability Notes Database.
II.
III. These and other updates are available via Software Update or
via Apple Downloads.
IV. Please send
email to <cert@cert.org> with "TA08-150A Feedback VU#566875" in the
subject.
_________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
_________________________________________________________________
Produced 2008 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
May 29 2008: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBSD8M8XIHljM+H4irAQL8gggAhPXOm6pPXxrZpjiJYHmlhwCCIclyj9vo
Yvs/cicI8vJ3vB4xkUd51/iFoze6D3mFnSxwVAgrixysdkaCxBUyWqmRumEDTXfx
403FR2yIFpSFr7+9VXXWpmq6E0aHVjrKPOArq5uysuIPOHiEbKUisT2gBXUlPrtN
RjUg/w/9/IEryPxv/nVzHMcLDde2OLyoo+tiSCOqJK/sC/VUM/d1zkdIDOfu0zom
vmqM10hDyA7VR2rgkKvSbqXOWHua0t4eHaNMP0h3N51yLmFhMHxBGj9zWXj9dpHI
DcQ9gnQKm7YocOfLC4IPV0BWuPoAkNOEAPeRapPgmJ60icjOpn/MTQ==
=QvSr
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
Secunia Network Software Inspector 2.0 (NSI) - Public Beta
The Public Beta has ended. Thanks to all that participated.
1) An error in AFP server allows connected users or guests to access
files and directories that are not within a shared directory.
2) Some vulnerabilities in Apache can be exploited by malicious
people to conduct cross-site scripting attacks or to cause a DoS
(Denial of Service). TextEdit).
4) Multiple unspecified errors exist in the processing of Pixlet
video files.
5) An unspecified error exists in Apple Type Services when processing
embedded fonts in PDF files. This can be exploited to cause a memory
corruption when a PDF file containing a specially crafted embedded
font is printed.
Successful exploitation may allow execution of arbitrary code.
6) An error in Safari's SSL client certificate handling can lead to
an information disclosure of the first client certificate found in
the keychain when a web server issues a client certificate request.
7) An integer overflow exists in CoreFoundation when handling CFData
objects. This can be exploited to cause a heap-based buffer overflow
if an application calls "CFDataReplaceBytes" with an invalid "length"
argument.
8) An error due to an uninitialised variable in CoreGraphics can
potentially be exploited to execute arbitrary code when a specially
crafted PDF is opened.
9) A weakness is caused due to users not being warned before opening
certain potentially unsafe content types.
10) An error when printing to password-protected printers with debug
logging enabled may lead to the disclosure of sensitive information.
11) Some vulnerabilities in Adobe Flash Player can be exploited by
malicious people to bypass certain security restrictions, conduct
cross-site scripting attacks, or to potentially compromise a user's
system.
Successful exploitation may allow execution of arbitrary code.
13) A conversion error exists in ICU when handling certain character
encodings. This can potentially be exploited bypass content filters
and may lead to cross-site scripting and disclosure of sensitive
information.
14) Input passed to unspecified parameters in Image Capture's
embedded web server is not properly sanitised before being used. This
can be exploited to disclose the content of local files via directory
traversal attacks.
15) An error in the handling of temporary files in Image Capture can
be exploited by malicious, local users to manipulate files with the
privilege of a user running Image Capture.
16) A boundary error in the BMP and GIF image decoding engine in
ImageIO can be exploited to disclose content in memory.
17) Some vulnerabilities in ImageIO can be exploited by malicious
people to cause a DoS (Denial of Service).
The vulnerabilities are caused due to the use of vulnerable libpng
code.
For more information:
SA27093
SA27130
18) An integer overflow error in ImageIO within the processing of
JPEG2000 images can be exploited to cause a heap-based buffer
overflow when a specially crafted JPEG2000 image is viewed.
Successful exploitation of this vulnerability may allow execution of
arbitrary code.
20) A vulnerability in Mongrel can be exploited by malicious people
to disclose sensitive information.
For more information:
SA28323
21) The sso_util command-line tool requires that passwords be passed
to it in its arguments, which can be exploited by malicious, local
users to disclose the passwords.
22) An error in Wiki Server can be exploited to determine valid local
user names when nonexistent blogs are accessed.
ORIGINAL ADVISORY:
http://support.apple.com/kb/HT1897
OTHER REFERENCES:
SA18008:
http://secunia.com/advisories/18008/
SA18307:
http://secunia.com/advisories/18307/
SA26273:
http://secunia.com/advisories/26273/
SA26636:
http://secunia.com/advisories/26636/
SA27093:
http://secunia.com/advisories/27093/
SA27130:
http://secunia.com/advisories/27130/
SA28081:
http://secunia.com/advisories/28081/
SA28083:
http://secunia.com/advisories/28083/
SA28323:
http://secunia.com/advisories/28323/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200805-0579 | CVE-2008-1572 | Apple Mac OS X Image capture file overwrite vulnerability |
CVSS V2: 4.6 CVSS V3: - Severity: MEDIUM |
Image Capture in Apple Mac OS X before 10.5 does not properly use temporary files, which allows local users to overwrite arbitrary files, and display images that are being resized by this application.
A local attacker can exploit this issue to overwrite files with the privileges of another user running the affected application.
This issue affects Mac OS X 10.4.11 and Mac OS X Server 10.4.11.
NOTE: This issue was previously covered in BID 29412 (Apple Mac OS X 2008-003 Multiple Security Vulnerabilities) but has been given its own record to better document the vulnerability.
The security update addresses a total of 19 new vulnerabilities that affect the AFP Server, AppKit, Apple Pixlet Video, ATS, CFNetwork, CoreFoundation, CoreGraphics, CoreTypes, CUPS, Help Viewer, iCal, International Components for Unicode, Image Capture, ImageIO, Kernel, Mail, Single Sign-On, and Wiki Server components of Mac OS X.
I. Further
details are available in the US-CERT Vulnerability Notes Database.
II.
III. These and other updates are available via Software Update or
via Apple Downloads.
IV. Please send
email to <cert@cert.org> with "TA08-150A Feedback VU#566875" in the
subject.
_________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
_________________________________________________________________
Produced 2008 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
May 29 2008: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBSD8M8XIHljM+H4irAQL8gggAhPXOm6pPXxrZpjiJYHmlhwCCIclyj9vo
Yvs/cicI8vJ3vB4xkUd51/iFoze6D3mFnSxwVAgrixysdkaCxBUyWqmRumEDTXfx
403FR2yIFpSFr7+9VXXWpmq6E0aHVjrKPOArq5uysuIPOHiEbKUisT2gBXUlPrtN
RjUg/w/9/IEryPxv/nVzHMcLDde2OLyoo+tiSCOqJK/sC/VUM/d1zkdIDOfu0zom
vmqM10hDyA7VR2rgkKvSbqXOWHua0t4eHaNMP0h3N51yLmFhMHxBGj9zWXj9dpHI
DcQ9gnQKm7YocOfLC4IPV0BWuPoAkNOEAPeRapPgmJ60icjOpn/MTQ==
=QvSr
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
Secunia Network Software Inspector 2.0 (NSI) - Public Beta
The Public Beta has ended. Thanks to all that participated.
1) An error in AFP server allows connected users or guests to access
files and directories that are not within a shared directory.
2) Some vulnerabilities in Apache can be exploited by malicious
people to conduct cross-site scripting attacks or to cause a DoS
(Denial of Service).
3) An unspecified error in AppKit can potentially be exploited to
execute arbitrary code when a user opens a specially crafted document
file with an editor that uses AppKit (e.g. TextEdit).
4) Multiple unspecified errors exist in the processing of Pixlet
video files. These can be exploited to cause memory corruption and
potentially allow for execution of arbitrary code when a user opens a
specially crafted movie file.
5) An unspecified error exists in Apple Type Services when processing
embedded fonts in PDF files. This can be exploited to cause a memory
corruption when a PDF file containing a specially crafted embedded
font is printed.
Successful exploitation may allow execution of arbitrary code.
6) An error in Safari's SSL client certificate handling can lead to
an information disclosure of the first client certificate found in
the keychain when a web server issues a client certificate request.
7) An integer overflow exists in CoreFoundation when handling CFData
objects. This can be exploited to cause a heap-based buffer overflow
if an application calls "CFDataReplaceBytes" with an invalid "length"
argument.
8) An error due to an uninitialised variable in CoreGraphics can
potentially be exploited to execute arbitrary code when a specially
crafted PDF is opened.
9) A weakness is caused due to users not being warned before opening
certain potentially unsafe content types.
10) An error when printing to password-protected printers with debug
logging enabled may lead to the disclosure of sensitive information.
11) Some vulnerabilities in Adobe Flash Player can be exploited by
malicious people to bypass certain security restrictions, conduct
cross-site scripting attacks, or to potentially compromise a user's
system.
For more information:
SA28083
12) An integer underflow error in Help Viewer when handling
help:topic URLs can be exploited to cause a buffer overflow when a
specially crafted help:topic URL is accessed.
Successful exploitation may allow execution of arbitrary code.
13) A conversion error exists in ICU when handling certain character
encodings. This can potentially be exploited bypass content filters
and may lead to cross-site scripting and disclosure of sensitive
information.
14) Input passed to unspecified parameters in Image Capture's
embedded web server is not properly sanitised before being used. This
can be exploited to disclose the content of local files via directory
traversal attacks.
16) A boundary error in the BMP and GIF image decoding engine in
ImageIO can be exploited to disclose content in memory.
17) Some vulnerabilities in ImageIO can be exploited by malicious
people to cause a DoS (Denial of Service).
The vulnerabilities are caused due to the use of vulnerable libpng
code.
For more information:
SA27093
SA27130
18) An integer overflow error in ImageIO within the processing of
JPEG2000 images can be exploited to cause a heap-based buffer
overflow when a specially crafted JPEG2000 image is viewed.
Successful exploitation of this vulnerability may allow execution of
arbitrary code.
19) An error in Mail is caused due to an uninitialised variable and
can lead to disclosure of sensitive information and potentially
execution of arbitrary code when mail is sent through an SMTP server
over IPv6.
20) A vulnerability in Mongrel can be exploited by malicious people
to disclose sensitive information.
For more information:
SA28323
21) The sso_util command-line tool requires that passwords be passed
to it in its arguments, which can be exploited by malicious, local
users to disclose the passwords.
22) An error in Wiki Server can be exploited to determine valid local
user names when nonexistent blogs are accessed.
ORIGINAL ADVISORY:
http://support.apple.com/kb/HT1897
OTHER REFERENCES:
SA18008:
http://secunia.com/advisories/18008/
SA18307:
http://secunia.com/advisories/18307/
SA26273:
http://secunia.com/advisories/26273/
SA26636:
http://secunia.com/advisories/26636/
SA27093:
http://secunia.com/advisories/27093/
SA27130:
http://secunia.com/advisories/27130/
SA28081:
http://secunia.com/advisories/28081/
SA28083:
http://secunia.com/advisories/28083/
SA28323:
http://secunia.com/advisories/28323/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200805-0578 | CVE-2008-1575 | Apple Mac OS X of Apple Type Services (ATS) Vulnerability in arbitrary code execution on server |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Unspecified vulnerability in the Apple Type Services (ATS) server in Apple Mac OS X 10.5 before 10.5.3 allows user-assisted remote attackers to execute arbitrary code via a crafted embedded font in a PDF document, related to memory corruption that occurs during printing.
The security update addresses a total of 19 new vulnerabilities that affect the AFP Server, AppKit, Apple Pixlet Video, ATS, CFNetwork, CoreFoundation, CoreGraphics, CoreTypes, CUPS, Help Viewer, iCal, International Components for Unicode, Image Capture, ImageIO, Kernel, Mail, Single Sign-On, and Wiki Server components of Mac OS X.
Successful exploits will allow attackers to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.
This issue affects Mac OS X 10.5 - 10.5.2 and Mac OS X Server 10.5 - 10.5.2.
NOTE: This issue was previously covered in BID 29412 (Apple Mac OS X 2008-003 Multiple Security Vulnerabilities) but has been given its own record to better document the vulnerability. This vulnerability is related to the printing process. related to memory corruption.
I. Further
details are available in the US-CERT Vulnerability Notes Database.
II.
III. These and other updates are available via Software Update or
via Apple Downloads.
IV. Please send
email to <cert@cert.org> with "TA08-150A Feedback VU#566875" in the
subject.
_________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
_________________________________________________________________
Produced 2008 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
May 29 2008: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBSD8M8XIHljM+H4irAQL8gggAhPXOm6pPXxrZpjiJYHmlhwCCIclyj9vo
Yvs/cicI8vJ3vB4xkUd51/iFoze6D3mFnSxwVAgrixysdkaCxBUyWqmRumEDTXfx
403FR2yIFpSFr7+9VXXWpmq6E0aHVjrKPOArq5uysuIPOHiEbKUisT2gBXUlPrtN
RjUg/w/9/IEryPxv/nVzHMcLDde2OLyoo+tiSCOqJK/sC/VUM/d1zkdIDOfu0zom
vmqM10hDyA7VR2rgkKvSbqXOWHua0t4eHaNMP0h3N51yLmFhMHxBGj9zWXj9dpHI
DcQ9gnQKm7YocOfLC4IPV0BWuPoAkNOEAPeRapPgmJ60icjOpn/MTQ==
=QvSr
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
Secunia Network Software Inspector 2.0 (NSI) - Public Beta
The Public Beta has ended. Thanks to all that participated.
1) An error in AFP server allows connected users or guests to access
files and directories that are not within a shared directory.
2) Some vulnerabilities in Apache can be exploited by malicious
people to conduct cross-site scripting attacks or to cause a DoS
(Denial of Service).
3) An unspecified error in AppKit can potentially be exploited to
execute arbitrary code when a user opens a specially crafted document
file with an editor that uses AppKit (e.g. TextEdit).
4) Multiple unspecified errors exist in the processing of Pixlet
video files. These can be exploited to cause memory corruption and
potentially allow for execution of arbitrary code when a user opens a
specially crafted movie file. This can be exploited to cause a memory
corruption when a PDF file containing a specially crafted embedded
font is printed.
6) An error in Safari's SSL client certificate handling can lead to
an information disclosure of the first client certificate found in
the keychain when a web server issues a client certificate request.
7) An integer overflow exists in CoreFoundation when handling CFData
objects. This can be exploited to cause a heap-based buffer overflow
if an application calls "CFDataReplaceBytes" with an invalid "length"
argument.
8) An error due to an uninitialised variable in CoreGraphics can
potentially be exploited to execute arbitrary code when a specially
crafted PDF is opened.
9) A weakness is caused due to users not being warned before opening
certain potentially unsafe content types.
10) An error when printing to password-protected printers with debug
logging enabled may lead to the disclosure of sensitive information.
11) Some vulnerabilities in Adobe Flash Player can be exploited by
malicious people to bypass certain security restrictions, conduct
cross-site scripting attacks, or to potentially compromise a user's
system.
For more information:
SA28083
12) An integer underflow error in Help Viewer when handling
help:topic URLs can be exploited to cause a buffer overflow when a
specially crafted help:topic URL is accessed.
13) A conversion error exists in ICU when handling certain character
encodings. This can potentially be exploited bypass content filters
and may lead to cross-site scripting and disclosure of sensitive
information.
14) Input passed to unspecified parameters in Image Capture's
embedded web server is not properly sanitised before being used. This
can be exploited to disclose the content of local files via directory
traversal attacks.
15) An error in the handling of temporary files in Image Capture can
be exploited by malicious, local users to manipulate files with the
privilege of a user running Image Capture.
16) A boundary error in the BMP and GIF image decoding engine in
ImageIO can be exploited to disclose content in memory.
17) Some vulnerabilities in ImageIO can be exploited by malicious
people to cause a DoS (Denial of Service).
The vulnerabilities are caused due to the use of vulnerable libpng
code.
For more information:
SA27093
SA27130
18) An integer overflow error in ImageIO within the processing of
JPEG2000 images can be exploited to cause a heap-based buffer
overflow when a specially crafted JPEG2000 image is viewed.
19) An error in Mail is caused due to an uninitialised variable and
can lead to disclosure of sensitive information and potentially
execution of arbitrary code when mail is sent through an SMTP server
over IPv6.
20) A vulnerability in Mongrel can be exploited by malicious people
to disclose sensitive information.
For more information:
SA28323
21) The sso_util command-line tool requires that passwords be passed
to it in its arguments, which can be exploited by malicious, local
users to disclose the passwords.
22) An error in Wiki Server can be exploited to determine valid local
user names when nonexistent blogs are accessed.
ORIGINAL ADVISORY:
http://support.apple.com/kb/HT1897
OTHER REFERENCES:
SA18008:
http://secunia.com/advisories/18008/
SA18307:
http://secunia.com/advisories/18307/
SA26273:
http://secunia.com/advisories/26273/
SA26636:
http://secunia.com/advisories/26636/
SA27093:
http://secunia.com/advisories/27093/
SA27130:
http://secunia.com/advisories/27130/
SA28081:
http://secunia.com/advisories/28081/
SA28083:
http://secunia.com/advisories/28083/
SA28323:
http://secunia.com/advisories/28323/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200805-0576 | CVE-2008-1571 | Apple Mac OS X Embedded image capture Web Server traversal vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Directory traversal vulnerability in the embedded web server in Image Capture in Apple Mac OS X before 10.5 allows remote attackers to read arbitrary files via directory traversal sequences in the URI.
The security update addresses a total of 19 new vulnerabilities that affect the AFP Server, AppKit, Apple Pixlet Video, ATS, CFNetwork, CoreFoundation, CoreGraphics, CoreTypes, CUPS, Help Viewer, iCal, International Components for Unicode, Image Capture, ImageIO, Kernel, Mail, Single Sign-On, and Wiki Server components of Mac OS X. Apple's Image Capture is prone to a directory-traversal vulnerability because the application fails to properly sanitize user-supplied input.
An attacker can exploit this issue to gain access to arbitrary files in the context of the affected server. Information gathered may lead to other attacks.
This vulnerability affects Mac OS X 10.4.11 and Mac OS X Server 10.4.11.
NOTE: This issue was previously covered in BID 29412 (Apple Mac OS X 2008-003 Multiple Security Vulnerabilities) but has been given its own record to better document the vulnerability.
I. Further
details are available in the US-CERT Vulnerability Notes Database.
II.
III. These and other updates are available via Software Update or
via Apple Downloads.
IV. Please send
email to <cert@cert.org> with "TA08-150A Feedback VU#566875" in the
subject.
_________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
_________________________________________________________________
Produced 2008 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
May 29 2008: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBSD8M8XIHljM+H4irAQL8gggAhPXOm6pPXxrZpjiJYHmlhwCCIclyj9vo
Yvs/cicI8vJ3vB4xkUd51/iFoze6D3mFnSxwVAgrixysdkaCxBUyWqmRumEDTXfx
403FR2yIFpSFr7+9VXXWpmq6E0aHVjrKPOArq5uysuIPOHiEbKUisT2gBXUlPrtN
RjUg/w/9/IEryPxv/nVzHMcLDde2OLyoo+tiSCOqJK/sC/VUM/d1zkdIDOfu0zom
vmqM10hDyA7VR2rgkKvSbqXOWHua0t4eHaNMP0h3N51yLmFhMHxBGj9zWXj9dpHI
DcQ9gnQKm7YocOfLC4IPV0BWuPoAkNOEAPeRapPgmJ60icjOpn/MTQ==
=QvSr
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
Secunia Network Software Inspector 2.0 (NSI) - Public Beta
The Public Beta has ended. Thanks to all that participated.
1) An error in AFP server allows connected users or guests to access
files and directories that are not within a shared directory.
2) Some vulnerabilities in Apache can be exploited by malicious
people to conduct cross-site scripting attacks or to cause a DoS
(Denial of Service).
3) An unspecified error in AppKit can potentially be exploited to
execute arbitrary code when a user opens a specially crafted document
file with an editor that uses AppKit (e.g. TextEdit).
4) Multiple unspecified errors exist in the processing of Pixlet
video files. These can be exploited to cause memory corruption and
potentially allow for execution of arbitrary code when a user opens a
specially crafted movie file.
5) An unspecified error exists in Apple Type Services when processing
embedded fonts in PDF files. This can be exploited to cause a memory
corruption when a PDF file containing a specially crafted embedded
font is printed.
Successful exploitation may allow execution of arbitrary code.
6) An error in Safari's SSL client certificate handling can lead to
an information disclosure of the first client certificate found in
the keychain when a web server issues a client certificate request.
7) An integer overflow exists in CoreFoundation when handling CFData
objects. This can be exploited to cause a heap-based buffer overflow
if an application calls "CFDataReplaceBytes" with an invalid "length"
argument.
8) An error due to an uninitialised variable in CoreGraphics can
potentially be exploited to execute arbitrary code when a specially
crafted PDF is opened.
9) A weakness is caused due to users not being warned before opening
certain potentially unsafe content types.
10) An error when printing to password-protected printers with debug
logging enabled may lead to the disclosure of sensitive information.
11) Some vulnerabilities in Adobe Flash Player can be exploited by
malicious people to bypass certain security restrictions, conduct
cross-site scripting attacks, or to potentially compromise a user's
system.
For more information:
SA28083
12) An integer underflow error in Help Viewer when handling
help:topic URLs can be exploited to cause a buffer overflow when a
specially crafted help:topic URL is accessed.
Successful exploitation may allow execution of arbitrary code.
13) A conversion error exists in ICU when handling certain character
encodings. This can potentially be exploited bypass content filters
and may lead to cross-site scripting and disclosure of sensitive
information. This
can be exploited to disclose the content of local files via directory
traversal attacks.
15) An error in the handling of temporary files in Image Capture can
be exploited by malicious, local users to manipulate files with the
privilege of a user running Image Capture.
16) A boundary error in the BMP and GIF image decoding engine in
ImageIO can be exploited to disclose content in memory.
17) Some vulnerabilities in ImageIO can be exploited by malicious
people to cause a DoS (Denial of Service).
The vulnerabilities are caused due to the use of vulnerable libpng
code.
For more information:
SA27093
SA27130
18) An integer overflow error in ImageIO within the processing of
JPEG2000 images can be exploited to cause a heap-based buffer
overflow when a specially crafted JPEG2000 image is viewed.
Successful exploitation of this vulnerability may allow execution of
arbitrary code.
19) An error in Mail is caused due to an uninitialised variable and
can lead to disclosure of sensitive information and potentially
execution of arbitrary code when mail is sent through an SMTP server
over IPv6.
20) A vulnerability in Mongrel can be exploited by malicious people
to disclose sensitive information.
For more information:
SA28323
21) The sso_util command-line tool requires that passwords be passed
to it in its arguments, which can be exploited by malicious, local
users to disclose the passwords.
22) An error in Wiki Server can be exploited to determine valid local
user names when nonexistent blogs are accessed.
ORIGINAL ADVISORY:
http://support.apple.com/kb/HT1897
OTHER REFERENCES:
SA18008:
http://secunia.com/advisories/18008/
SA18307:
http://secunia.com/advisories/18307/
SA26273:
http://secunia.com/advisories/26273/
SA26636:
http://secunia.com/advisories/26636/
SA27093:
http://secunia.com/advisories/27093/
SA27130:
http://secunia.com/advisories/27130/
SA28081:
http://secunia.com/advisories/28081/
SA28083:
http://secunia.com/advisories/28083/
SA28323:
http://secunia.com/advisories/28323/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200805-0574 | CVE-2008-1579 | Apple Mac OS X of Wiki Server name disclosure vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Wiki Server in Apple Mac OS X 10.5 before 10.5.3 allows remote attackers to obtain sensitive information (user names) by reading the error message produced upon access to a nonexistent blog.
A successful exploit of this issue may aid in further attacks.
This issue affects Mac OS X Server 10.5 to 10.5.2.
The security update addresses a total of 19 new vulnerabilities that affect the AFP Server, AppKit, Apple Pixlet Video, ATS, CFNetwork, CoreFoundation, CoreGraphics, CoreTypes, CUPS, Help Viewer, iCal, International Components for Unicode, Image Capture, ImageIO, Kernel, Mail, Single Sign-On, and Wiki Server components of Mac OS X.
I. Further
details are available in the US-CERT Vulnerability Notes Database.
II.
III. These and other updates are available via Software Update or
via Apple Downloads.
IV. Please send
email to <cert@cert.org> with "TA08-150A Feedback VU#566875" in the
subject.
_________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
_________________________________________________________________
Produced 2008 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
May 29 2008: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBSD8M8XIHljM+H4irAQL8gggAhPXOm6pPXxrZpjiJYHmlhwCCIclyj9vo
Yvs/cicI8vJ3vB4xkUd51/iFoze6D3mFnSxwVAgrixysdkaCxBUyWqmRumEDTXfx
403FR2yIFpSFr7+9VXXWpmq6E0aHVjrKPOArq5uysuIPOHiEbKUisT2gBXUlPrtN
RjUg/w/9/IEryPxv/nVzHMcLDde2OLyoo+tiSCOqJK/sC/VUM/d1zkdIDOfu0zom
vmqM10hDyA7VR2rgkKvSbqXOWHua0t4eHaNMP0h3N51yLmFhMHxBGj9zWXj9dpHI
DcQ9gnQKm7YocOfLC4IPV0BWuPoAkNOEAPeRapPgmJ60icjOpn/MTQ==
=QvSr
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
Secunia Network Software Inspector 2.0 (NSI) - Public Beta
The Public Beta has ended. Thanks to all that participated.
1) An error in AFP server allows connected users or guests to access
files and directories that are not within a shared directory.
2) Some vulnerabilities in Apache can be exploited by malicious
people to conduct cross-site scripting attacks or to cause a DoS
(Denial of Service).
3) An unspecified error in AppKit can potentially be exploited to
execute arbitrary code when a user opens a specially crafted document
file with an editor that uses AppKit (e.g. TextEdit).
4) Multiple unspecified errors exist in the processing of Pixlet
video files. These can be exploited to cause memory corruption and
potentially allow for execution of arbitrary code when a user opens a
specially crafted movie file.
5) An unspecified error exists in Apple Type Services when processing
embedded fonts in PDF files. This can be exploited to cause a memory
corruption when a PDF file containing a specially crafted embedded
font is printed.
Successful exploitation may allow execution of arbitrary code.
6) An error in Safari's SSL client certificate handling can lead to
an information disclosure of the first client certificate found in
the keychain when a web server issues a client certificate request.
7) An integer overflow exists in CoreFoundation when handling CFData
objects. This can be exploited to cause a heap-based buffer overflow
if an application calls "CFDataReplaceBytes" with an invalid "length"
argument.
8) An error due to an uninitialised variable in CoreGraphics can
potentially be exploited to execute arbitrary code when a specially
crafted PDF is opened.
9) A weakness is caused due to users not being warned before opening
certain potentially unsafe content types.
10) An error when printing to password-protected printers with debug
logging enabled may lead to the disclosure of sensitive information.
11) Some vulnerabilities in Adobe Flash Player can be exploited by
malicious people to bypass certain security restrictions, conduct
cross-site scripting attacks, or to potentially compromise a user's
system.
For more information:
SA28083
12) An integer underflow error in Help Viewer when handling
help:topic URLs can be exploited to cause a buffer overflow when a
specially crafted help:topic URL is accessed.
Successful exploitation may allow execution of arbitrary code.
13) A conversion error exists in ICU when handling certain character
encodings. This can potentially be exploited bypass content filters
and may lead to cross-site scripting and disclosure of sensitive
information.
14) Input passed to unspecified parameters in Image Capture's
embedded web server is not properly sanitised before being used. This
can be exploited to disclose the content of local files via directory
traversal attacks.
15) An error in the handling of temporary files in Image Capture can
be exploited by malicious, local users to manipulate files with the
privilege of a user running Image Capture.
16) A boundary error in the BMP and GIF image decoding engine in
ImageIO can be exploited to disclose content in memory.
17) Some vulnerabilities in ImageIO can be exploited by malicious
people to cause a DoS (Denial of Service).
The vulnerabilities are caused due to the use of vulnerable libpng
code.
For more information:
SA27093
SA27130
18) An integer overflow error in ImageIO within the processing of
JPEG2000 images can be exploited to cause a heap-based buffer
overflow when a specially crafted JPEG2000 image is viewed.
Successful exploitation of this vulnerability may allow execution of
arbitrary code.
19) An error in Mail is caused due to an uninitialised variable and
can lead to disclosure of sensitive information and potentially
execution of arbitrary code when mail is sent through an SMTP server
over IPv6.
20) A vulnerability in Mongrel can be exploited by malicious people
to disclose sensitive information.
For more information:
SA28323
21) The sso_util command-line tool requires that passwords be passed
to it in its arguments, which can be exploited by malicious, local
users to disclose the passwords.
ORIGINAL ADVISORY:
http://support.apple.com/kb/HT1897
OTHER REFERENCES:
SA18008:
http://secunia.com/advisories/18008/
SA18307:
http://secunia.com/advisories/18307/
SA26273:
http://secunia.com/advisories/26273/
SA26636:
http://secunia.com/advisories/26636/
SA27093:
http://secunia.com/advisories/27093/
SA27130:
http://secunia.com/advisories/27130/
SA28081:
http://secunia.com/advisories/28081/
SA28083:
http://secunia.com/advisories/28083/
SA28323:
http://secunia.com/advisories/28323/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200805-0571 | CVE-2008-1578 | Apple Mac OS X of sso_util Password disclosure vulnerability |
CVSS V2: 2.1 CVSS V3: - Severity: LOW |
The sso_util program in Single Sign-On in Apple Mac OS X before 10.5.3 places passwords on the command line, which allows local users to obtain sensitive information by listing the process.
The security update addresses a total of 19 new vulnerabilities that affect the AFP Server, AppKit, Apple Pixlet Video, ATS, CFNetwork, CoreFoundation, CoreGraphics, CoreTypes, CUPS, Help Viewer, iCal, International Components for Unicode, Image Capture, ImageIO, Kernel, Mail, Single Sign-On, and Wiki Server components of Mac OS X.
Local attackers can leverage this issue to gain access to sensitive information that will aid in further attacks.
This issue affects Mac OS X 10.4.11, Mac OS X Server 10.4.11, Mac OS X 10.5 - 10.5.2, and Mac OS X Server 10.5 - 10.5.2. Leaked passwords include user, administrator, and KDC administrative passwords.
I. Further
details are available in the US-CERT Vulnerability Notes Database.
II.
III. These and other updates are available via Software Update or
via Apple Downloads.
IV. Please send
email to <cert@cert.org> with "TA08-150A Feedback VU#566875" in the
subject.
_________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
_________________________________________________________________
Produced 2008 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
May 29 2008: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBSD8M8XIHljM+H4irAQL8gggAhPXOm6pPXxrZpjiJYHmlhwCCIclyj9vo
Yvs/cicI8vJ3vB4xkUd51/iFoze6D3mFnSxwVAgrixysdkaCxBUyWqmRumEDTXfx
403FR2yIFpSFr7+9VXXWpmq6E0aHVjrKPOArq5uysuIPOHiEbKUisT2gBXUlPrtN
RjUg/w/9/IEryPxv/nVzHMcLDde2OLyoo+tiSCOqJK/sC/VUM/d1zkdIDOfu0zom
vmqM10hDyA7VR2rgkKvSbqXOWHua0t4eHaNMP0h3N51yLmFhMHxBGj9zWXj9dpHI
DcQ9gnQKm7YocOfLC4IPV0BWuPoAkNOEAPeRapPgmJ60icjOpn/MTQ==
=QvSr
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
Secunia Network Software Inspector 2.0 (NSI) - Public Beta
The Public Beta has ended. Thanks to all that participated.
1) An error in AFP server allows connected users or guests to access
files and directories that are not within a shared directory.
2) Some vulnerabilities in Apache can be exploited by malicious
people to conduct cross-site scripting attacks or to cause a DoS
(Denial of Service).
3) An unspecified error in AppKit can potentially be exploited to
execute arbitrary code when a user opens a specially crafted document
file with an editor that uses AppKit (e.g. TextEdit).
4) Multiple unspecified errors exist in the processing of Pixlet
video files. These can be exploited to cause memory corruption and
potentially allow for execution of arbitrary code when a user opens a
specially crafted movie file.
5) An unspecified error exists in Apple Type Services when processing
embedded fonts in PDF files. This can be exploited to cause a memory
corruption when a PDF file containing a specially crafted embedded
font is printed.
Successful exploitation may allow execution of arbitrary code.
6) An error in Safari's SSL client certificate handling can lead to
an information disclosure of the first client certificate found in
the keychain when a web server issues a client certificate request.
7) An integer overflow exists in CoreFoundation when handling CFData
objects. This can be exploited to cause a heap-based buffer overflow
if an application calls "CFDataReplaceBytes" with an invalid "length"
argument.
8) An error due to an uninitialised variable in CoreGraphics can
potentially be exploited to execute arbitrary code when a specially
crafted PDF is opened.
9) A weakness is caused due to users not being warned before opening
certain potentially unsafe content types.
10) An error when printing to password-protected printers with debug
logging enabled may lead to the disclosure of sensitive information.
11) Some vulnerabilities in Adobe Flash Player can be exploited by
malicious people to bypass certain security restrictions, conduct
cross-site scripting attacks, or to potentially compromise a user's
system.
For more information:
SA28083
12) An integer underflow error in Help Viewer when handling
help:topic URLs can be exploited to cause a buffer overflow when a
specially crafted help:topic URL is accessed.
Successful exploitation may allow execution of arbitrary code.
13) A conversion error exists in ICU when handling certain character
encodings. This can potentially be exploited bypass content filters
and may lead to cross-site scripting and disclosure of sensitive
information.
14) Input passed to unspecified parameters in Image Capture's
embedded web server is not properly sanitised before being used. This
can be exploited to disclose the content of local files via directory
traversal attacks.
15) An error in the handling of temporary files in Image Capture can
be exploited by malicious, local users to manipulate files with the
privilege of a user running Image Capture.
16) A boundary error in the BMP and GIF image decoding engine in
ImageIO can be exploited to disclose content in memory.
17) Some vulnerabilities in ImageIO can be exploited by malicious
people to cause a DoS (Denial of Service).
The vulnerabilities are caused due to the use of vulnerable libpng
code.
For more information:
SA27093
SA27130
18) An integer overflow error in ImageIO within the processing of
JPEG2000 images can be exploited to cause a heap-based buffer
overflow when a specially crafted JPEG2000 image is viewed.
Successful exploitation of this vulnerability may allow execution of
arbitrary code.
19) An error in Mail is caused due to an uninitialised variable and
can lead to disclosure of sensitive information and potentially
execution of arbitrary code when mail is sent through an SMTP server
over IPv6.
20) A vulnerability in Mongrel can be exploited by malicious people
to disclose sensitive information.
For more information:
SA28323
21) The sso_util command-line tool requires that passwords be passed
to it in its arguments, which can be exploited by malicious, local
users to disclose the passwords.
22) An error in Wiki Server can be exploited to determine valid local
user names when nonexistent blogs are accessed.
ORIGINAL ADVISORY:
http://support.apple.com/kb/HT1897
OTHER REFERENCES:
SA18008:
http://secunia.com/advisories/18008/
SA18307:
http://secunia.com/advisories/18307/
SA26273:
http://secunia.com/advisories/26273/
SA26636:
http://secunia.com/advisories/26636/
SA27093:
http://secunia.com/advisories/27093/
SA27130:
http://secunia.com/advisories/27130/
SA28081:
http://secunia.com/advisories/28081/
SA28083:
http://secunia.com/advisories/28083/
SA28323:
http://secunia.com/advisories/28323/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200805-0567 | CVE-2008-1032 | Apple Mac OS X of CoreTypes Vulnerable to arbitrary code execution |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.5.3 allows user-assisted remote attackers to execute arbitrary code via an (1) Automator, (2) Help, (3) Safari, or (4) Terminal content type for a downloadable object, which does not trigger a "potentially unsafe" warning message in (a) the Download Validation feature in Mac OS X 10.4 or (b) the Quarantine feature in Mac OS X 10.5.
The security update addresses a total of 19 new vulnerabilities that affect the AFP Server, AppKit, Apple Pixlet Video, ATS, CFNetwork, CoreFoundation, CoreGraphics, CoreTypes, CUPS, Help Viewer, iCal, International Components for Unicode, Image Capture, ImageIO, Kernel, Mail, Single Sign-On, and Wiki Server components of Mac OS X.
This issue can lead to a false sense of security, potentially aiding in network-based attacks.
This issue affects Mac OS X 10.4.11, Mac OS X Server 10.4.11, Mac OS X 10.5 - 10.5.2, and Mac OS X Server 10.5 - 10.5.2.
NOTE: This issue was previously covered in BID 29412 (Apple Mac OS X 2008-003 Multiple Security Vulnerabilities) but has been given its own record to better document the vulnerability. Although these content types are not automatically enabled, they can still lead to malicious payloads if they are manually enabled.
I. Further
details are available in the US-CERT Vulnerability Notes Database.
II.
III. These and other updates are available via Software Update or
via Apple Downloads.
IV. Please send
email to <cert@cert.org> with "TA08-150A Feedback VU#566875" in the
subject.
_________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
_________________________________________________________________
Produced 2008 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
May 29 2008: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBSD8M8XIHljM+H4irAQL8gggAhPXOm6pPXxrZpjiJYHmlhwCCIclyj9vo
Yvs/cicI8vJ3vB4xkUd51/iFoze6D3mFnSxwVAgrixysdkaCxBUyWqmRumEDTXfx
403FR2yIFpSFr7+9VXXWpmq6E0aHVjrKPOArq5uysuIPOHiEbKUisT2gBXUlPrtN
RjUg/w/9/IEryPxv/nVzHMcLDde2OLyoo+tiSCOqJK/sC/VUM/d1zkdIDOfu0zom
vmqM10hDyA7VR2rgkKvSbqXOWHua0t4eHaNMP0h3N51yLmFhMHxBGj9zWXj9dpHI
DcQ9gnQKm7YocOfLC4IPV0BWuPoAkNOEAPeRapPgmJ60icjOpn/MTQ==
=QvSr
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
Secunia Network Software Inspector 2.0 (NSI) - Public Beta
The Public Beta has ended. Thanks to all that participated.
1) An error in AFP server allows connected users or guests to access
files and directories that are not within a shared directory.
2) Some vulnerabilities in Apache can be exploited by malicious
people to conduct cross-site scripting attacks or to cause a DoS
(Denial of Service).
3) An unspecified error in AppKit can potentially be exploited to
execute arbitrary code when a user opens a specially crafted document
file with an editor that uses AppKit (e.g. TextEdit).
4) Multiple unspecified errors exist in the processing of Pixlet
video files. These can be exploited to cause memory corruption and
potentially allow for execution of arbitrary code when a user opens a
specially crafted movie file.
5) An unspecified error exists in Apple Type Services when processing
embedded fonts in PDF files. This can be exploited to cause a memory
corruption when a PDF file containing a specially crafted embedded
font is printed.
Successful exploitation may allow execution of arbitrary code.
6) An error in Safari's SSL client certificate handling can lead to
an information disclosure of the first client certificate found in
the keychain when a web server issues a client certificate request.
7) An integer overflow exists in CoreFoundation when handling CFData
objects. This can be exploited to cause a heap-based buffer overflow
if an application calls "CFDataReplaceBytes" with an invalid "length"
argument.
8) An error due to an uninitialised variable in CoreGraphics can
potentially be exploited to execute arbitrary code when a specially
crafted PDF is opened.
10) An error when printing to password-protected printers with debug
logging enabled may lead to the disclosure of sensitive information.
11) Some vulnerabilities in Adobe Flash Player can be exploited by
malicious people to bypass certain security restrictions, conduct
cross-site scripting attacks, or to potentially compromise a user's
system.
For more information:
SA28083
12) An integer underflow error in Help Viewer when handling
help:topic URLs can be exploited to cause a buffer overflow when a
specially crafted help:topic URL is accessed.
Successful exploitation may allow execution of arbitrary code.
13) A conversion error exists in ICU when handling certain character
encodings. This can potentially be exploited bypass content filters
and may lead to cross-site scripting and disclosure of sensitive
information.
14) Input passed to unspecified parameters in Image Capture's
embedded web server is not properly sanitised before being used. This
can be exploited to disclose the content of local files via directory
traversal attacks.
15) An error in the handling of temporary files in Image Capture can
be exploited by malicious, local users to manipulate files with the
privilege of a user running Image Capture.
16) A boundary error in the BMP and GIF image decoding engine in
ImageIO can be exploited to disclose content in memory.
17) Some vulnerabilities in ImageIO can be exploited by malicious
people to cause a DoS (Denial of Service).
The vulnerabilities are caused due to the use of vulnerable libpng
code.
For more information:
SA27093
SA27130
18) An integer overflow error in ImageIO within the processing of
JPEG2000 images can be exploited to cause a heap-based buffer
overflow when a specially crafted JPEG2000 image is viewed.
Successful exploitation of this vulnerability may allow execution of
arbitrary code.
19) An error in Mail is caused due to an uninitialised variable and
can lead to disclosure of sensitive information and potentially
execution of arbitrary code when mail is sent through an SMTP server
over IPv6.
20) A vulnerability in Mongrel can be exploited by malicious people
to disclose sensitive information.
For more information:
SA28323
21) The sso_util command-line tool requires that passwords be passed
to it in its arguments, which can be exploited by malicious, local
users to disclose the passwords.
22) An error in Wiki Server can be exploited to determine valid local
user names when nonexistent blogs are accessed.
ORIGINAL ADVISORY:
http://support.apple.com/kb/HT1897
OTHER REFERENCES:
SA18008:
http://secunia.com/advisories/18008/
SA18307:
http://secunia.com/advisories/18307/
SA26273:
http://secunia.com/advisories/26273/
SA26636:
http://secunia.com/advisories/26636/
SA27093:
http://secunia.com/advisories/27093/
SA27130:
http://secunia.com/advisories/27130/
SA28081:
http://secunia.com/advisories/28081/
SA28083:
http://secunia.com/advisories/28083/
SA28323:
http://secunia.com/advisories/28323/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200805-0565 | CVE-2008-1030 | Apple Mac OS X of CFData API Heap-based buffer overflow vulnerability |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Integer overflow in the CFDataReplaceBytes function in the CFData API in CoreFoundation in Apple Mac OS X before 10.5.3 allows context-dependent attackers to execute arbitrary code or cause a denial of service (crash) via an invalid length argument, which triggers a heap-based buffer overflow.
The security update addresses a total of 19 new vulnerabilities that affect the AFP Server, AppKit, Apple Pixlet Video, ATS, CFNetwork, CoreFoundation, CoreGraphics, CoreTypes, CUPS, Help Viewer, iCal, International Components for Unicode, Image Capture, ImageIO, Kernel, Mail, Single Sign-On, and Wiki Server components of Mac OS X. Apple Mac OS X is prone to a remote code-execution vulnerability affecting CoreFoundation.
Successful exploits will allow attackers to execute arbitrary code in the context of the affected component. Failed exploit attempts will likely result in denial-of-service conditions.
This issue affects Mac OS X 10.4.11, Mac OS X Server 10.4.11, Mac OS X 10.5 - 10.5.2, and Mac OS X Server 10.5 - 10.5.2.
NOTE: This issue was previously covered in BID 29412 (Apple Mac OS X 2008-003 Multiple Security Vulnerabilities) but has been given its own record to better document the vulnerability.
I. Further
details are available in the US-CERT Vulnerability Notes Database.
II.
III. These and other updates are available via Software Update or
via Apple Downloads.
IV. Please send
email to <cert@cert.org> with "TA08-150A Feedback VU#566875" in the
subject.
_________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
_________________________________________________________________
Produced 2008 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
May 29 2008: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBSD8M8XIHljM+H4irAQL8gggAhPXOm6pPXxrZpjiJYHmlhwCCIclyj9vo
Yvs/cicI8vJ3vB4xkUd51/iFoze6D3mFnSxwVAgrixysdkaCxBUyWqmRumEDTXfx
403FR2yIFpSFr7+9VXXWpmq6E0aHVjrKPOArq5uysuIPOHiEbKUisT2gBXUlPrtN
RjUg/w/9/IEryPxv/nVzHMcLDde2OLyoo+tiSCOqJK/sC/VUM/d1zkdIDOfu0zom
vmqM10hDyA7VR2rgkKvSbqXOWHua0t4eHaNMP0h3N51yLmFhMHxBGj9zWXj9dpHI
DcQ9gnQKm7YocOfLC4IPV0BWuPoAkNOEAPeRapPgmJ60icjOpn/MTQ==
=QvSr
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
Secunia Network Software Inspector 2.0 (NSI) - Public Beta
The Public Beta has ended. Thanks to all that participated.
1) An error in AFP server allows connected users or guests to access
files and directories that are not within a shared directory.
2) Some vulnerabilities in Apache can be exploited by malicious
people to conduct cross-site scripting attacks or to cause a DoS
(Denial of Service).
3) An unspecified error in AppKit can potentially be exploited to
execute arbitrary code when a user opens a specially crafted document
file with an editor that uses AppKit (e.g. TextEdit).
4) Multiple unspecified errors exist in the processing of Pixlet
video files. These can be exploited to cause memory corruption and
potentially allow for execution of arbitrary code when a user opens a
specially crafted movie file.
5) An unspecified error exists in Apple Type Services when processing
embedded fonts in PDF files. This can be exploited to cause a memory
corruption when a PDF file containing a specially crafted embedded
font is printed.
6) An error in Safari's SSL client certificate handling can lead to
an information disclosure of the first client certificate found in
the keychain when a web server issues a client certificate request.
7) An integer overflow exists in CoreFoundation when handling CFData
objects.
8) An error due to an uninitialised variable in CoreGraphics can
potentially be exploited to execute arbitrary code when a specially
crafted PDF is opened.
9) A weakness is caused due to users not being warned before opening
certain potentially unsafe content types.
10) An error when printing to password-protected printers with debug
logging enabled may lead to the disclosure of sensitive information.
11) Some vulnerabilities in Adobe Flash Player can be exploited by
malicious people to bypass certain security restrictions, conduct
cross-site scripting attacks, or to potentially compromise a user's
system.
For more information:
SA28083
12) An integer underflow error in Help Viewer when handling
help:topic URLs can be exploited to cause a buffer overflow when a
specially crafted help:topic URL is accessed.
13) A conversion error exists in ICU when handling certain character
encodings. This can potentially be exploited bypass content filters
and may lead to cross-site scripting and disclosure of sensitive
information.
14) Input passed to unspecified parameters in Image Capture's
embedded web server is not properly sanitised before being used. This
can be exploited to disclose the content of local files via directory
traversal attacks.
15) An error in the handling of temporary files in Image Capture can
be exploited by malicious, local users to manipulate files with the
privilege of a user running Image Capture.
16) A boundary error in the BMP and GIF image decoding engine in
ImageIO can be exploited to disclose content in memory.
17) Some vulnerabilities in ImageIO can be exploited by malicious
people to cause a DoS (Denial of Service).
The vulnerabilities are caused due to the use of vulnerable libpng
code.
For more information:
SA27093
SA27130
18) An integer overflow error in ImageIO within the processing of
JPEG2000 images can be exploited to cause a heap-based buffer
overflow when a specially crafted JPEG2000 image is viewed.
19) An error in Mail is caused due to an uninitialised variable and
can lead to disclosure of sensitive information and potentially
execution of arbitrary code when mail is sent through an SMTP server
over IPv6.
20) A vulnerability in Mongrel can be exploited by malicious people
to disclose sensitive information.
For more information:
SA28323
21) The sso_util command-line tool requires that passwords be passed
to it in its arguments, which can be exploited by malicious, local
users to disclose the passwords.
22) An error in Wiki Server can be exploited to determine valid local
user names when nonexistent blogs are accessed.
ORIGINAL ADVISORY:
http://support.apple.com/kb/HT1897
OTHER REFERENCES:
SA18008:
http://secunia.com/advisories/18008/
SA18307:
http://secunia.com/advisories/18307/
SA26273:
http://secunia.com/advisories/26273/
SA26636:
http://secunia.com/advisories/26636/
SA27093:
http://secunia.com/advisories/27093/
SA27130:
http://secunia.com/advisories/27130/
SA28081:
http://secunia.com/advisories/28081/
SA28083:
http://secunia.com/advisories/28083/
SA28323:
http://secunia.com/advisories/28323/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200805-0573 | CVE-2008-1573 | Apple Safari automatically executes downloaded files based on Internet Explorer zone settings |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
The BMP and GIF image decoding engine in ImageIO in Apple Mac OS X before 10.5.3 allows remote attackers to obtain sensitive information (memory contents) via a crafted (1) BMP or (2) GIF image, which causes an out-of-bounds read. Apple Safari automatically executes downloaded files based on Internet Explorer zone settings, which can allow a remote attacker to execute arbitrary code on a vulnerable system.
The security update addresses a total of 19 new vulnerabilities that affect the AFP Server, AppKit, Apple Pixlet Video, ATS, CFNetwork, CoreFoundation, CoreGraphics, CoreTypes, CUPS, Help Viewer, iCal, International Components for Unicode, Image Capture, ImageIO, Kernel, Mail, Single Sign-On, and Wiki Server components of Mac OS X. Apple Mac OS X is prone to an information-disclosure vulnerability that occurs in ImageIO.
An attacker can exploit this issue to obtain sensitive information that may lead to further attacks.
This issue affects Mac OS X 10.4.11, Mac OS X Server 10.4.11, Mac OS X 10.5 - 10.5.2, and Mac OS X Server 10.5 - 10.5.2.
NOTE: This issue was previously covered in BID 29412 (Apple Mac OS X 2008-003 Multiple Security Vulnerabilities) but has been given its own record to better document the vulnerability.
I. Further
details are available in the US-CERT Vulnerability Notes Database.
II.
III. These and other updates are available via Software Update or
via Apple Downloads.
IV. Please send
email to <cert@cert.org> with "TA08-150A Feedback VU#566875" in the
subject.
_________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
_________________________________________________________________
Produced 2008 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
May 29 2008: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBSD8M8XIHljM+H4irAQL8gggAhPXOm6pPXxrZpjiJYHmlhwCCIclyj9vo
Yvs/cicI8vJ3vB4xkUd51/iFoze6D3mFnSxwVAgrixysdkaCxBUyWqmRumEDTXfx
403FR2yIFpSFr7+9VXXWpmq6E0aHVjrKPOArq5uysuIPOHiEbKUisT2gBXUlPrtN
RjUg/w/9/IEryPxv/nVzHMcLDde2OLyoo+tiSCOqJK/sC/VUM/d1zkdIDOfu0zom
vmqM10hDyA7VR2rgkKvSbqXOWHua0t4eHaNMP0h3N51yLmFhMHxBGj9zWXj9dpHI
DcQ9gnQKm7YocOfLC4IPV0BWuPoAkNOEAPeRapPgmJ60icjOpn/MTQ==
=QvSr
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
Secunia Network Software Inspector 2.0 (NSI) - Public Beta
The Public Beta has ended. Thanks to all that participated.
1) An error in AFP server allows connected users or guests to access
files and directories that are not within a shared directory.
2) Some vulnerabilities in Apache can be exploited by malicious
people to conduct cross-site scripting attacks or to cause a DoS
(Denial of Service). TextEdit).
4) Multiple unspecified errors exist in the processing of Pixlet
video files.
5) An unspecified error exists in Apple Type Services when processing
embedded fonts in PDF files. This can be exploited to cause a memory
corruption when a PDF file containing a specially crafted embedded
font is printed.
Successful exploitation may allow execution of arbitrary code.
6) An error in Safari's SSL client certificate handling can lead to
an information disclosure of the first client certificate found in
the keychain when a web server issues a client certificate request.
7) An integer overflow exists in CoreFoundation when handling CFData
objects. This can be exploited to cause a heap-based buffer overflow
if an application calls "CFDataReplaceBytes" with an invalid "length"
argument.
8) An error due to an uninitialised variable in CoreGraphics can
potentially be exploited to execute arbitrary code when a specially
crafted PDF is opened.
9) A weakness is caused due to users not being warned before opening
certain potentially unsafe content types.
10) An error when printing to password-protected printers with debug
logging enabled may lead to the disclosure of sensitive information.
11) Some vulnerabilities in Adobe Flash Player can be exploited by
malicious people to bypass certain security restrictions, conduct
cross-site scripting attacks, or to potentially compromise a user's
system.
Successful exploitation may allow execution of arbitrary code.
13) A conversion error exists in ICU when handling certain character
encodings.
14) Input passed to unspecified parameters in Image Capture's
embedded web server is not properly sanitised before being used. This
can be exploited to disclose the content of local files via directory
traversal attacks.
15) An error in the handling of temporary files in Image Capture can
be exploited by malicious, local users to manipulate files with the
privilege of a user running Image Capture.
17) Some vulnerabilities in ImageIO can be exploited by malicious
people to cause a DoS (Denial of Service).
The vulnerabilities are caused due to the use of vulnerable libpng
code.
For more information:
SA27093
SA27130
18) An integer overflow error in ImageIO within the processing of
JPEG2000 images can be exploited to cause a heap-based buffer
overflow when a specially crafted JPEG2000 image is viewed.
Successful exploitation of this vulnerability may allow execution of
arbitrary code.
19) An error in Mail is caused due to an uninitialised variable and
can lead to disclosure of sensitive information and potentially
execution of arbitrary code when mail is sent through an SMTP server
over IPv6.
For more information:
SA28323
21) The sso_util command-line tool requires that passwords be passed
to it in its arguments, which can be exploited by malicious, local
users to disclose the passwords.
22) An error in Wiki Server can be exploited to determine valid local
user names when nonexistent blogs are accessed.
ORIGINAL ADVISORY:
http://support.apple.com/kb/HT1897
OTHER REFERENCES:
SA18008:
http://secunia.com/advisories/18008/
SA18307:
http://secunia.com/advisories/18307/
SA26273:
http://secunia.com/advisories/26273/
SA26636:
http://secunia.com/advisories/26636/
SA27093:
http://secunia.com/advisories/27093/
SA27130:
http://secunia.com/advisories/27130/
SA28081:
http://secunia.com/advisories/28081/
SA28083:
http://secunia.com/advisories/28083/
SA28323:
http://secunia.com/advisories/28323/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
The vulnerabilities are reported in Safari for Windows prior to
version 3.1.2.
SOLUTION:
Update to version 3.1.2.
http://www.apple.com/support/downloads/safari312forwindows.html
PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
1) Gynvael Coldwind, Hispasec
2) Will Dormann, CERT/CC
3) James Urquhart
CHANGELOG:
2008-06-20: Added link to US-CERT