VARIoT IoT vulnerabilities database
| VAR-200805-0594 | CVE-2008-1034 | Apple Help Viewer vulnerable to buffer overflow |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Integer underflow in Help Viewer in Apple Mac OS X before 10.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted help:topic URL that triggers a buffer overflow.
Attackers can leverage this issue to execute arbitrary code with the privileges of the affected application. Successful exploits will compromise the application and possibly the underlying computer. Failed attacks will likely cause denial-of-service conditions.
NOTE: This issue was previously covered in BID 29412 (Apple Mac OS X 2008-003 Multiple Security Vulnerabilities) but has been given its own record to better document the vulnerability.
The security update addresses a total of 19 new vulnerabilities that affect the AFP Server, AppKit, Apple Pixlet Video, ATS, CFNetwork, CoreFoundation, CoreGraphics, CoreTypes, CUPS, Help Viewer, iCal, International Components for Unicode, Image Capture, ImageIO, Kernel, Mail, Single Sign-On, and Wiki Server components of Mac OS X.
I. Further
details are available in the US-CERT Vulnerability Notes Database.
II.
III. These and other updates are available via Software Update or
via Apple Downloads.
IV. Please send
email to <cert@cert.org> with "TA08-150A Feedback VU#566875" in the
subject.
_________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
_________________________________________________________________
Produced 2008 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
May 29 2008: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBSD8M8XIHljM+H4irAQL8gggAhPXOm6pPXxrZpjiJYHmlhwCCIclyj9vo
Yvs/cicI8vJ3vB4xkUd51/iFoze6D3mFnSxwVAgrixysdkaCxBUyWqmRumEDTXfx
403FR2yIFpSFr7+9VXXWpmq6E0aHVjrKPOArq5uysuIPOHiEbKUisT2gBXUlPrtN
RjUg/w/9/IEryPxv/nVzHMcLDde2OLyoo+tiSCOqJK/sC/VUM/d1zkdIDOfu0zom
vmqM10hDyA7VR2rgkKvSbqXOWHua0t4eHaNMP0h3N51yLmFhMHxBGj9zWXj9dpHI
DcQ9gnQKm7YocOfLC4IPV0BWuPoAkNOEAPeRapPgmJ60icjOpn/MTQ==
=QvSr
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
Secunia Network Software Inspector 2.0 (NSI) - Public Beta
The Public Beta has ended. Thanks to all that participated.
1) An error in AFP server allows connected users or guests to access
files and directories that are not within a shared directory.
2) Some vulnerabilities in Apache can be exploited by malicious
people to conduct cross-site scripting attacks or to cause a DoS
(Denial of Service). TextEdit).
4) Multiple unspecified errors exist in the processing of Pixlet
video files.
5) An unspecified error exists in Apple Type Services when processing
embedded fonts in PDF files. This can be exploited to cause a memory
corruption when a PDF file containing a specially crafted embedded
font is printed.
Successful exploitation may allow execution of arbitrary code.
6) An error in Safari's SSL client certificate handling can lead to
an information disclosure of the first client certificate found in
the keychain when a web server issues a client certificate request.
7) An integer overflow exists in CoreFoundation when handling CFData
objects. This can be exploited to cause a heap-based buffer overflow
if an application calls "CFDataReplaceBytes" with an invalid "length"
argument.
8) An error due to an uninitialised variable in CoreGraphics can
potentially be exploited to execute arbitrary code when a specially
crafted PDF is opened.
9) A weakness is caused due to users not being warned before opening
certain potentially unsafe content types.
10) An error when printing to password-protected printers with debug
logging enabled may lead to the disclosure of sensitive information.
11) Some vulnerabilities in Adobe Flash Player can be exploited by
malicious people to bypass certain security restrictions, conduct
cross-site scripting attacks, or to potentially compromise a user's
system.
Successful exploitation may allow execution of arbitrary code.
13) A conversion error exists in ICU when handling certain character
encodings. This can potentially be exploited bypass content filters
and may lead to cross-site scripting and disclosure of sensitive
information.
14) Input passed to unspecified parameters in Image Capture's
embedded web server is not properly sanitised before being used. This
can be exploited to disclose the content of local files via directory
traversal attacks.
15) An error in the handling of temporary files in Image Capture can
be exploited by malicious, local users to manipulate files with the
privilege of a user running Image Capture.
16) A boundary error in the BMP and GIF image decoding engine in
ImageIO can be exploited to disclose content in memory.
17) Some vulnerabilities in ImageIO can be exploited by malicious
people to cause a DoS (Denial of Service).
The vulnerabilities are caused due to the use of vulnerable libpng
code.
For more information:
SA27093
SA27130
18) An integer overflow error in ImageIO within the processing of
JPEG2000 images can be exploited to cause a heap-based buffer
overflow when a specially crafted JPEG2000 image is viewed.
Successful exploitation of this vulnerability may allow execution of
arbitrary code.
19) An error in Mail is caused due to an uninitialised variable and
can lead to disclosure of sensitive information and potentially
execution of arbitrary code when mail is sent through an SMTP server
over IPv6.
20) A vulnerability in Mongrel can be exploited by malicious people
to disclose sensitive information.
For more information:
SA28323
21) The sso_util command-line tool requires that passwords be passed
to it in its arguments, which can be exploited by malicious, local
users to disclose the passwords.
22) An error in Wiki Server can be exploited to determine valid local
user names when nonexistent blogs are accessed.
ORIGINAL ADVISORY:
http://support.apple.com/kb/HT1897
OTHER REFERENCES:
SA18008:
http://secunia.com/advisories/18008/
SA18307:
http://secunia.com/advisories/18307/
SA26273:
http://secunia.com/advisories/26273/
SA26636:
http://secunia.com/advisories/26636/
SA27093:
http://secunia.com/advisories/27093/
SA27130:
http://secunia.com/advisories/27130/
SA28081:
http://secunia.com/advisories/28081/
SA28083:
http://secunia.com/advisories/28083/
SA28323:
http://secunia.com/advisories/28323/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200805-0595 | CVE-2008-1028 | Apple Mac OS X of AppKit Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Unspecified vulnerability in AppKit in Apple Mac OS X before 10.5 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document file, as demonstrated by opening the document with TextEdit.
The security update addresses a total of 19 new vulnerabilities that affect the AFP Server, AppKit, Apple Pixlet Video, ATS, CFNetwork, CoreFoundation, CoreGraphics, CoreTypes, CUPS, Help Viewer, iCal, International Components for Unicode, Image Capture, ImageIO, Kernel, Mail, Single Sign-On, and Wiki Server components of Mac OS X. Apple Mac OS X is prone to a remote code-execution vulnerability that occurs in AppKit.
An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the affected application.
This issue affects Mac OS X 10.4.11 and Mac OS X Server 10.4.11.
I. Further
details are available in the US-CERT Vulnerability Notes Database.
II.
III. These and other updates are available via Software Update or
via Apple Downloads.
IV. Please send
email to <cert@cert.org> with "TA08-150A Feedback VU#566875" in the
subject.
_________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
_________________________________________________________________
Produced 2008 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
May 29 2008: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBSD8M8XIHljM+H4irAQL8gggAhPXOm6pPXxrZpjiJYHmlhwCCIclyj9vo
Yvs/cicI8vJ3vB4xkUd51/iFoze6D3mFnSxwVAgrixysdkaCxBUyWqmRumEDTXfx
403FR2yIFpSFr7+9VXXWpmq6E0aHVjrKPOArq5uysuIPOHiEbKUisT2gBXUlPrtN
RjUg/w/9/IEryPxv/nVzHMcLDde2OLyoo+tiSCOqJK/sC/VUM/d1zkdIDOfu0zom
vmqM10hDyA7VR2rgkKvSbqXOWHua0t4eHaNMP0h3N51yLmFhMHxBGj9zWXj9dpHI
DcQ9gnQKm7YocOfLC4IPV0BWuPoAkNOEAPeRapPgmJ60icjOpn/MTQ==
=QvSr
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
Secunia Network Software Inspector 2.0 (NSI) - Public Beta
The Public Beta has ended. Thanks to all that participated.
1) An error in AFP server allows connected users or guests to access
files and directories that are not within a shared directory.
2) Some vulnerabilities in Apache can be exploited by malicious
people to conduct cross-site scripting attacks or to cause a DoS
(Denial of Service). TextEdit).
4) Multiple unspecified errors exist in the processing of Pixlet
video files. These can be exploited to cause memory corruption and
potentially allow for execution of arbitrary code when a user opens a
specially crafted movie file.
5) An unspecified error exists in Apple Type Services when processing
embedded fonts in PDF files. This can be exploited to cause a memory
corruption when a PDF file containing a specially crafted embedded
font is printed.
Successful exploitation may allow execution of arbitrary code.
6) An error in Safari's SSL client certificate handling can lead to
an information disclosure of the first client certificate found in
the keychain when a web server issues a client certificate request.
7) An integer overflow exists in CoreFoundation when handling CFData
objects. This can be exploited to cause a heap-based buffer overflow
if an application calls "CFDataReplaceBytes" with an invalid "length"
argument.
8) An error due to an uninitialised variable in CoreGraphics can
potentially be exploited to execute arbitrary code when a specially
crafted PDF is opened.
9) A weakness is caused due to users not being warned before opening
certain potentially unsafe content types.
10) An error when printing to password-protected printers with debug
logging enabled may lead to the disclosure of sensitive information.
11) Some vulnerabilities in Adobe Flash Player can be exploited by
malicious people to bypass certain security restrictions, conduct
cross-site scripting attacks, or to potentially compromise a user's
system.
For more information:
SA28083
12) An integer underflow error in Help Viewer when handling
help:topic URLs can be exploited to cause a buffer overflow when a
specially crafted help:topic URL is accessed.
Successful exploitation may allow execution of arbitrary code.
13) A conversion error exists in ICU when handling certain character
encodings. This can potentially be exploited bypass content filters
and may lead to cross-site scripting and disclosure of sensitive
information.
14) Input passed to unspecified parameters in Image Capture's
embedded web server is not properly sanitised before being used. This
can be exploited to disclose the content of local files via directory
traversal attacks.
15) An error in the handling of temporary files in Image Capture can
be exploited by malicious, local users to manipulate files with the
privilege of a user running Image Capture.
16) A boundary error in the BMP and GIF image decoding engine in
ImageIO can be exploited to disclose content in memory.
17) Some vulnerabilities in ImageIO can be exploited by malicious
people to cause a DoS (Denial of Service).
The vulnerabilities are caused due to the use of vulnerable libpng
code.
For more information:
SA27093
SA27130
18) An integer overflow error in ImageIO within the processing of
JPEG2000 images can be exploited to cause a heap-based buffer
overflow when a specially crafted JPEG2000 image is viewed.
Successful exploitation of this vulnerability may allow execution of
arbitrary code.
19) An error in Mail is caused due to an uninitialised variable and
can lead to disclosure of sensitive information and potentially
execution of arbitrary code when mail is sent through an SMTP server
over IPv6.
20) A vulnerability in Mongrel can be exploited by malicious people
to disclose sensitive information.
For more information:
SA28323
21) The sso_util command-line tool requires that passwords be passed
to it in its arguments, which can be exploited by malicious, local
users to disclose the passwords.
22) An error in Wiki Server can be exploited to determine valid local
user names when nonexistent blogs are accessed.
ORIGINAL ADVISORY:
http://support.apple.com/kb/HT1897
OTHER REFERENCES:
SA18008:
http://secunia.com/advisories/18008/
SA18307:
http://secunia.com/advisories/18307/
SA26273:
http://secunia.com/advisories/26273/
SA26636:
http://secunia.com/advisories/26636/
SA27093:
http://secunia.com/advisories/27093/
SA27130:
http://secunia.com/advisories/27130/
SA28081:
http://secunia.com/advisories/28081/
SA28083:
http://secunia.com/advisories/28083/
SA28323:
http://secunia.com/advisories/28323/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200805-0589 | CVE-2008-1033 | Apple Mac OS X of CUPS Information disclosure vulnerability |
CVSS V2: 2.1 CVSS V3: - Severity: LOW |
The scheduler in CUPS in Apple Mac OS X 10.5 before 10.5.3, when debug logging is enabled and a printer requires a password, allows attackers to obtain sensitive information (credentials) by reading the log data, related to "authentication environment variables.". ( Authentication information ) There is a vulnerability that gets acquired.Authentication information may be obtained by reading log data.
The security update addresses a total of 19 new vulnerabilities that affect the AFP Server, AppKit, Apple Pixlet Video, ATS, CFNetwork, CoreFoundation, CoreGraphics, CoreTypes, CUPS, Help Viewer, iCal, International Components for Unicode, Image Capture, ImageIO, Kernel, Mail, Single Sign-On, and Wiki Server components of Mac OS X. This issue may be triggered when printing to a password-protected printer while debug logging is enabled.
Attackers can exploit this issue to harvest sensitive information that can aid in further attacks.
This issue affects Mac OS X 10.5 - 10.5.2 and Mac OS X Server 10.5 - 10.5.2.
NOTE: This issue was previously covered in BID 29412 (Apple Mac OS X 2008-003 Multiple Security Vulnerabilities) but has been given its own record to better document the vulnerability.
I. Further
details are available in the US-CERT Vulnerability Notes Database.
II.
III. These and other updates are available via Software Update or
via Apple Downloads.
IV. Please send
email to <cert@cert.org> with "TA08-150A Feedback VU#566875" in the
subject.
_________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
_________________________________________________________________
Produced 2008 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
May 29 2008: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBSD8M8XIHljM+H4irAQL8gggAhPXOm6pPXxrZpjiJYHmlhwCCIclyj9vo
Yvs/cicI8vJ3vB4xkUd51/iFoze6D3mFnSxwVAgrixysdkaCxBUyWqmRumEDTXfx
403FR2yIFpSFr7+9VXXWpmq6E0aHVjrKPOArq5uysuIPOHiEbKUisT2gBXUlPrtN
RjUg/w/9/IEryPxv/nVzHMcLDde2OLyoo+tiSCOqJK/sC/VUM/d1zkdIDOfu0zom
vmqM10hDyA7VR2rgkKvSbqXOWHua0t4eHaNMP0h3N51yLmFhMHxBGj9zWXj9dpHI
DcQ9gnQKm7YocOfLC4IPV0BWuPoAkNOEAPeRapPgmJ60icjOpn/MTQ==
=QvSr
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
Secunia Network Software Inspector 2.0 (NSI) - Public Beta
The Public Beta has ended. Thanks to all that participated.
1) An error in AFP server allows connected users or guests to access
files and directories that are not within a shared directory.
2) Some vulnerabilities in Apache can be exploited by malicious
people to conduct cross-site scripting attacks or to cause a DoS
(Denial of Service).
3) An unspecified error in AppKit can potentially be exploited to
execute arbitrary code when a user opens a specially crafted document
file with an editor that uses AppKit (e.g. TextEdit).
4) Multiple unspecified errors exist in the processing of Pixlet
video files. These can be exploited to cause memory corruption and
potentially allow for execution of arbitrary code when a user opens a
specially crafted movie file.
5) An unspecified error exists in Apple Type Services when processing
embedded fonts in PDF files. This can be exploited to cause a memory
corruption when a PDF file containing a specially crafted embedded
font is printed.
Successful exploitation may allow execution of arbitrary code.
6) An error in Safari's SSL client certificate handling can lead to
an information disclosure of the first client certificate found in
the keychain when a web server issues a client certificate request.
7) An integer overflow exists in CoreFoundation when handling CFData
objects. This can be exploited to cause a heap-based buffer overflow
if an application calls "CFDataReplaceBytes" with an invalid "length"
argument.
8) An error due to an uninitialised variable in CoreGraphics can
potentially be exploited to execute arbitrary code when a specially
crafted PDF is opened.
9) A weakness is caused due to users not being warned before opening
certain potentially unsafe content types.
11) Some vulnerabilities in Adobe Flash Player can be exploited by
malicious people to bypass certain security restrictions, conduct
cross-site scripting attacks, or to potentially compromise a user's
system.
For more information:
SA28083
12) An integer underflow error in Help Viewer when handling
help:topic URLs can be exploited to cause a buffer overflow when a
specially crafted help:topic URL is accessed.
Successful exploitation may allow execution of arbitrary code.
13) A conversion error exists in ICU when handling certain character
encodings. This can potentially be exploited bypass content filters
and may lead to cross-site scripting and disclosure of sensitive
information.
14) Input passed to unspecified parameters in Image Capture's
embedded web server is not properly sanitised before being used. This
can be exploited to disclose the content of local files via directory
traversal attacks.
15) An error in the handling of temporary files in Image Capture can
be exploited by malicious, local users to manipulate files with the
privilege of a user running Image Capture.
16) A boundary error in the BMP and GIF image decoding engine in
ImageIO can be exploited to disclose content in memory.
17) Some vulnerabilities in ImageIO can be exploited by malicious
people to cause a DoS (Denial of Service).
The vulnerabilities are caused due to the use of vulnerable libpng
code.
For more information:
SA27093
SA27130
18) An integer overflow error in ImageIO within the processing of
JPEG2000 images can be exploited to cause a heap-based buffer
overflow when a specially crafted JPEG2000 image is viewed.
Successful exploitation of this vulnerability may allow execution of
arbitrary code.
19) An error in Mail is caused due to an uninitialised variable and
can lead to disclosure of sensitive information and potentially
execution of arbitrary code when mail is sent through an SMTP server
over IPv6.
20) A vulnerability in Mongrel can be exploited by malicious people
to disclose sensitive information.
For more information:
SA28323
21) The sso_util command-line tool requires that passwords be passed
to it in its arguments, which can be exploited by malicious, local
users to disclose the passwords.
22) An error in Wiki Server can be exploited to determine valid local
user names when nonexistent blogs are accessed.
ORIGINAL ADVISORY:
http://support.apple.com/kb/HT1897
OTHER REFERENCES:
SA18008:
http://secunia.com/advisories/18008/
SA18307:
http://secunia.com/advisories/18307/
SA26273:
http://secunia.com/advisories/26273/
SA26636:
http://secunia.com/advisories/26636/
SA27093:
http://secunia.com/advisories/27093/
SA27130:
http://secunia.com/advisories/27130/
SA28081:
http://secunia.com/advisories/28081/
SA28083:
http://secunia.com/advisories/28083/
SA28323:
http://secunia.com/advisories/28323/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200805-0591 | CVE-2008-1577 | Apple Mac OS X of Pixlet Vulnerability in arbitrary code execution in codec |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Unspecified vulnerability in the Pixlet codec in Apple Pixlet Video in Apple Mac OS X before 10.5.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file, related to "multiple memory corruption issues.".
The security update addresses a total of 19 new vulnerabilities that affect the AFP Server, AppKit, Apple Pixlet Video, ATS, CFNetwork, CoreFoundation, CoreGraphics, CoreTypes, CUPS, Help Viewer, iCal, International Components for Unicode, Image Capture, ImageIO, Kernel, Mail, Single Sign-On, and Wiki Server components of Mac OS X. Apple Mac OS X is prone to multiple memory-corruption vulnerabilities that occur in Apple Pixlet Video.
An attacker can exploit these issues to execute arbitrary code with the privileges of the user running the affected application.
These issues affect Mac OS X 10.4.11, Mac OS X Server 10.4.11, Mac OS X 10.5 - 10.5.2, and Mac OS X Server 10.5 - 10.5.2.
NOTE: These issues were previously covered in BID 29412 (Apple Mac OS X 2008-003 Multiple Security Vulnerabilities) but have been given this record to better document them. This vulnerability is related to \"multiple A memory corruption problem\" is related.
I. Further
details are available in the US-CERT Vulnerability Notes Database.
II.
III. These and other updates are available via Software Update or
via Apple Downloads.
IV. Please send
email to <cert@cert.org> with "TA08-150A Feedback VU#566875" in the
subject.
_________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
_________________________________________________________________
Produced 2008 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
May 29 2008: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBSD8M8XIHljM+H4irAQL8gggAhPXOm6pPXxrZpjiJYHmlhwCCIclyj9vo
Yvs/cicI8vJ3vB4xkUd51/iFoze6D3mFnSxwVAgrixysdkaCxBUyWqmRumEDTXfx
403FR2yIFpSFr7+9VXXWpmq6E0aHVjrKPOArq5uysuIPOHiEbKUisT2gBXUlPrtN
RjUg/w/9/IEryPxv/nVzHMcLDde2OLyoo+tiSCOqJK/sC/VUM/d1zkdIDOfu0zom
vmqM10hDyA7VR2rgkKvSbqXOWHua0t4eHaNMP0h3N51yLmFhMHxBGj9zWXj9dpHI
DcQ9gnQKm7YocOfLC4IPV0BWuPoAkNOEAPeRapPgmJ60icjOpn/MTQ==
=QvSr
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
Secunia Network Software Inspector 2.0 (NSI) - Public Beta
The Public Beta has ended. Thanks to all that participated.
1) An error in AFP server allows connected users or guests to access
files and directories that are not within a shared directory.
2) Some vulnerabilities in Apache can be exploited by malicious
people to conduct cross-site scripting attacks or to cause a DoS
(Denial of Service).
3) An unspecified error in AppKit can potentially be exploited to
execute arbitrary code when a user opens a specially crafted document
file with an editor that uses AppKit (e.g. TextEdit).
4) Multiple unspecified errors exist in the processing of Pixlet
video files.
5) An unspecified error exists in Apple Type Services when processing
embedded fonts in PDF files. This can be exploited to cause a memory
corruption when a PDF file containing a specially crafted embedded
font is printed.
Successful exploitation may allow execution of arbitrary code.
6) An error in Safari's SSL client certificate handling can lead to
an information disclosure of the first client certificate found in
the keychain when a web server issues a client certificate request.
7) An integer overflow exists in CoreFoundation when handling CFData
objects. This can be exploited to cause a heap-based buffer overflow
if an application calls "CFDataReplaceBytes" with an invalid "length"
argument.
8) An error due to an uninitialised variable in CoreGraphics can
potentially be exploited to execute arbitrary code when a specially
crafted PDF is opened.
9) A weakness is caused due to users not being warned before opening
certain potentially unsafe content types.
10) An error when printing to password-protected printers with debug
logging enabled may lead to the disclosure of sensitive information.
11) Some vulnerabilities in Adobe Flash Player can be exploited by
malicious people to bypass certain security restrictions, conduct
cross-site scripting attacks, or to potentially compromise a user's
system.
For more information:
SA28083
12) An integer underflow error in Help Viewer when handling
help:topic URLs can be exploited to cause a buffer overflow when a
specially crafted help:topic URL is accessed.
Successful exploitation may allow execution of arbitrary code.
13) A conversion error exists in ICU when handling certain character
encodings. This can potentially be exploited bypass content filters
and may lead to cross-site scripting and disclosure of sensitive
information.
14) Input passed to unspecified parameters in Image Capture's
embedded web server is not properly sanitised before being used. This
can be exploited to disclose the content of local files via directory
traversal attacks.
15) An error in the handling of temporary files in Image Capture can
be exploited by malicious, local users to manipulate files with the
privilege of a user running Image Capture.
16) A boundary error in the BMP and GIF image decoding engine in
ImageIO can be exploited to disclose content in memory.
17) Some vulnerabilities in ImageIO can be exploited by malicious
people to cause a DoS (Denial of Service).
The vulnerabilities are caused due to the use of vulnerable libpng
code.
For more information:
SA27093
SA27130
18) An integer overflow error in ImageIO within the processing of
JPEG2000 images can be exploited to cause a heap-based buffer
overflow when a specially crafted JPEG2000 image is viewed.
Successful exploitation of this vulnerability may allow execution of
arbitrary code.
19) An error in Mail is caused due to an uninitialised variable and
can lead to disclosure of sensitive information and potentially
execution of arbitrary code when mail is sent through an SMTP server
over IPv6.
20) A vulnerability in Mongrel can be exploited by malicious people
to disclose sensitive information.
For more information:
SA28323
21) The sso_util command-line tool requires that passwords be passed
to it in its arguments, which can be exploited by malicious, local
users to disclose the passwords.
22) An error in Wiki Server can be exploited to determine valid local
user names when nonexistent blogs are accessed.
ORIGINAL ADVISORY:
http://support.apple.com/kb/HT1897
OTHER REFERENCES:
SA18008:
http://secunia.com/advisories/18008/
SA18307:
http://secunia.com/advisories/18307/
SA26273:
http://secunia.com/advisories/26273/
SA26636:
http://secunia.com/advisories/26636/
SA27093:
http://secunia.com/advisories/27093/
SA27130:
http://secunia.com/advisories/27130/
SA28081:
http://secunia.com/advisories/28081/
SA28083:
http://secunia.com/advisories/28083/
SA28323:
http://secunia.com/advisories/28323/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200805-0587 | CVE-2008-1031 | Apple Mac OS X of CoreGraphics Vulnerability in arbitrary code execution |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
CoreGraphics in Apple Mac OS X before 10.5.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document, related to an uninitialized variable.
The security update addresses a total of 19 new vulnerabilities that affect the AFP Server, AppKit, Apple Pixlet Video, ATS, CFNetwork, CoreFoundation, CoreGraphics, CoreTypes, CUPS, Help Viewer, iCal, International Components for Unicode, Image Capture, ImageIO, Kernel, Mail, Single Sign-On, and Wiki Server components of Mac OS X. Apple Mac OS X is prone to a remote code-execution vulnerability affecting CoreGraphics.
Successful exploits will allow the attacker to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.
This issue affects Mac OS X 10.4.11, Mac OS X Server 10.4.11, Mac OS X 10.5 - 10.5.2, and Mac OS X Server 10.5 - 10.5.2.
NOTE: This issue was previously covered in BID 29412 (Apple Mac OS X 2008-003 Multiple Security Vulnerabilities) but has been given its own record to better document the vulnerability. There is an uninitialized variable vulnerability when oreGraphics handles PDF files.
I. Further
details are available in the US-CERT Vulnerability Notes Database.
II.
III. These and other updates are available via Software Update or
via Apple Downloads.
IV. Please send
email to <cert@cert.org> with "TA08-150A Feedback VU#566875" in the
subject.
_________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
_________________________________________________________________
Produced 2008 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
May 29 2008: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBSD8M8XIHljM+H4irAQL8gggAhPXOm6pPXxrZpjiJYHmlhwCCIclyj9vo
Yvs/cicI8vJ3vB4xkUd51/iFoze6D3mFnSxwVAgrixysdkaCxBUyWqmRumEDTXfx
403FR2yIFpSFr7+9VXXWpmq6E0aHVjrKPOArq5uysuIPOHiEbKUisT2gBXUlPrtN
RjUg/w/9/IEryPxv/nVzHMcLDde2OLyoo+tiSCOqJK/sC/VUM/d1zkdIDOfu0zom
vmqM10hDyA7VR2rgkKvSbqXOWHua0t4eHaNMP0h3N51yLmFhMHxBGj9zWXj9dpHI
DcQ9gnQKm7YocOfLC4IPV0BWuPoAkNOEAPeRapPgmJ60icjOpn/MTQ==
=QvSr
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
Secunia Network Software Inspector 2.0 (NSI) - Public Beta
The Public Beta has ended. Thanks to all that participated.
1) An error in AFP server allows connected users or guests to access
files and directories that are not within a shared directory.
2) Some vulnerabilities in Apache can be exploited by malicious
people to conduct cross-site scripting attacks or to cause a DoS
(Denial of Service).
3) An unspecified error in AppKit can potentially be exploited to
execute arbitrary code when a user opens a specially crafted document
file with an editor that uses AppKit (e.g. TextEdit).
4) Multiple unspecified errors exist in the processing of Pixlet
video files. These can be exploited to cause memory corruption and
potentially allow for execution of arbitrary code when a user opens a
specially crafted movie file.
5) An unspecified error exists in Apple Type Services when processing
embedded fonts in PDF files. This can be exploited to cause a memory
corruption when a PDF file containing a specially crafted embedded
font is printed.
6) An error in Safari's SSL client certificate handling can lead to
an information disclosure of the first client certificate found in
the keychain when a web server issues a client certificate request.
7) An integer overflow exists in CoreFoundation when handling CFData
objects. This can be exploited to cause a heap-based buffer overflow
if an application calls "CFDataReplaceBytes" with an invalid "length"
argument.
8) An error due to an uninitialised variable in CoreGraphics can
potentially be exploited to execute arbitrary code when a specially
crafted PDF is opened.
9) A weakness is caused due to users not being warned before opening
certain potentially unsafe content types.
10) An error when printing to password-protected printers with debug
logging enabled may lead to the disclosure of sensitive information.
11) Some vulnerabilities in Adobe Flash Player can be exploited by
malicious people to bypass certain security restrictions, conduct
cross-site scripting attacks, or to potentially compromise a user's
system.
For more information:
SA28083
12) An integer underflow error in Help Viewer when handling
help:topic URLs can be exploited to cause a buffer overflow when a
specially crafted help:topic URL is accessed.
13) A conversion error exists in ICU when handling certain character
encodings. This can potentially be exploited bypass content filters
and may lead to cross-site scripting and disclosure of sensitive
information.
14) Input passed to unspecified parameters in Image Capture's
embedded web server is not properly sanitised before being used. This
can be exploited to disclose the content of local files via directory
traversal attacks.
15) An error in the handling of temporary files in Image Capture can
be exploited by malicious, local users to manipulate files with the
privilege of a user running Image Capture.
16) A boundary error in the BMP and GIF image decoding engine in
ImageIO can be exploited to disclose content in memory.
17) Some vulnerabilities in ImageIO can be exploited by malicious
people to cause a DoS (Denial of Service).
The vulnerabilities are caused due to the use of vulnerable libpng
code.
For more information:
SA27093
SA27130
18) An integer overflow error in ImageIO within the processing of
JPEG2000 images can be exploited to cause a heap-based buffer
overflow when a specially crafted JPEG2000 image is viewed.
19) An error in Mail is caused due to an uninitialised variable and
can lead to disclosure of sensitive information and potentially
execution of arbitrary code when mail is sent through an SMTP server
over IPv6.
20) A vulnerability in Mongrel can be exploited by malicious people
to disclose sensitive information.
For more information:
SA28323
21) The sso_util command-line tool requires that passwords be passed
to it in its arguments, which can be exploited by malicious, local
users to disclose the passwords.
22) An error in Wiki Server can be exploited to determine valid local
user names when nonexistent blogs are accessed.
ORIGINAL ADVISORY:
http://support.apple.com/kb/HT1897
OTHER REFERENCES:
SA18008:
http://secunia.com/advisories/18008/
SA18307:
http://secunia.com/advisories/18307/
SA26273:
http://secunia.com/advisories/26273/
SA26636:
http://secunia.com/advisories/26636/
SA27093:
http://secunia.com/advisories/27093/
SA27130:
http://secunia.com/advisories/27130/
SA28081:
http://secunia.com/advisories/28081/
SA28083:
http://secunia.com/advisories/28083/
SA28323:
http://secunia.com/advisories/28323/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200805-0590 | CVE-2008-1580 | Apple Mac OS X of Safari of CFNetwork In Web Vulnerability that leaks important information to the site |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
CFNetwork in Safari in Apple Mac OS X before 10.5.3 automatically sends an SSL client certificate in response to a web server's certificate request, which allows remote web sites to obtain sensitive information (Subject data) from personally identifiable certificates, and use arbitrary certificates to track user activities across domains, a related issue to CVE-2007-4879. Web A vulnerability that leaks to the site exists.Malicious Web Your site may receive important information and track user behavior across domains. Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2008-003 and Mac OS X/Mac OS X Server 10.5.3.
The security update addresses a total of 19 new vulnerabilities that affect the AFP Server, AppKit, Apple Pixlet Video, ATS, CFNetwork, CoreFoundation, CoreGraphics, CoreTypes, CUPS, Help Viewer, iCal, International Components for Unicode, Image Capture, ImageIO, Kernel, Mail, Single Sign-On, and Wiki Server components of Mac OS X.
NOTE: This BID is being retired; the following individual records have been created to better document the issues:
29480 Apple Mac OS X CoreGraphics PDF Handling Code Execution Vulnerability
29481 Apple Mac OS X CoreTypes Unsafe Content Warning Weakness
29483 Apple Mac OS X Help Viewer 'help:topic' URI Buffer Overflow Vulnerability
29484 Apple Mac OS X CUPS Debug Logging Information Disclosure Vulnerability
29486 Apple Mac OS X iCal '.ics' File Handling Remote Code Execution Vulnerability
29487 Apple Mac OS X AppKit Malformed File Remote Code Execution Vulnerability
29488 Apple Mac OS X International Components for Unicode Information Disclosure Vulnerability
29489 Apple Mac OS X Pixlet Video Multiple Unspecified Memory Corruption Vulnerabilities
29490 Apple Mac OS X AFP Server File Sharing Unauthorized File Access Vulnerability
29491 Apple Mac OS X CoreFoundation CFData Object Handling Code Execution Vulnerability
29492 Apple Mac OS X Apple Type Services PDF Handling Code Execution Vulnerability
29493 Apple Mac OS X CFNetwork SSL Client Certificate Handling Information Disclosure Vulnerability
29500 Apple Mac OS X Mail Memory Corruption Vulnerability
29501 Apple Mac OS X Image Capture Webserver Directory Traversal Vulnerability
29511 Apple Mac OS X Wiki Server User Name Enumeration Weakness
29513 Apple Mac OS X ImageIO BMP/GIF Image Information Disclosure Vulnerability
29514 Apple Mac OS X ImageIO JPEG2000 Handling Remote Code Execution Vulnerability
29520 Apple Mac OS X Single Sign-On 'sso_util' Local Information Disclosure Vulnerability
29521 Apple Mac OS X Image Capture Local Arbitrary File Overwrite Vulnerability.
An attacker could leverage this vulnerability to obtain potentially sensitive information that may aid in further attacks.
I. Further
details are available in the US-CERT Vulnerability Notes Database.
II.
III. These and other updates are available via Software Update or
via Apple Downloads.
IV. Please send
email to <cert@cert.org> with "TA08-150A Feedback VU#566875" in the
subject.
_________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
_________________________________________________________________
Produced 2008 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
May 29 2008: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBSD8M8XIHljM+H4irAQL8gggAhPXOm6pPXxrZpjiJYHmlhwCCIclyj9vo
Yvs/cicI8vJ3vB4xkUd51/iFoze6D3mFnSxwVAgrixysdkaCxBUyWqmRumEDTXfx
403FR2yIFpSFr7+9VXXWpmq6E0aHVjrKPOArq5uysuIPOHiEbKUisT2gBXUlPrtN
RjUg/w/9/IEryPxv/nVzHMcLDde2OLyoo+tiSCOqJK/sC/VUM/d1zkdIDOfu0zom
vmqM10hDyA7VR2rgkKvSbqXOWHua0t4eHaNMP0h3N51yLmFhMHxBGj9zWXj9dpHI
DcQ9gnQKm7YocOfLC4IPV0BWuPoAkNOEAPeRapPgmJ60icjOpn/MTQ==
=QvSr
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
Secunia Network Software Inspector 2.0 (NSI) - Public Beta
The Public Beta has ended. Thanks to all that participated.
1) An error in AFP server allows connected users or guests to access
files and directories that are not within a shared directory.
2) Some vulnerabilities in Apache can be exploited by malicious
people to conduct cross-site scripting attacks or to cause a DoS
(Denial of Service).
3) An unspecified error in AppKit can potentially be exploited to
execute arbitrary code when a user opens a specially crafted document
file with an editor that uses AppKit (e.g. TextEdit).
4) Multiple unspecified errors exist in the processing of Pixlet
video files. These can be exploited to cause memory corruption and
potentially allow for execution of arbitrary code when a user opens a
specially crafted movie file.
5) An unspecified error exists in Apple Type Services when processing
embedded fonts in PDF files. This can be exploited to cause a memory
corruption when a PDF file containing a specially crafted embedded
font is printed.
Successful exploitation may allow execution of arbitrary code.
7) An integer overflow exists in CoreFoundation when handling CFData
objects. This can be exploited to cause a heap-based buffer overflow
if an application calls "CFDataReplaceBytes" with an invalid "length"
argument.
8) An error due to an uninitialised variable in CoreGraphics can
potentially be exploited to execute arbitrary code when a specially
crafted PDF is opened.
9) A weakness is caused due to users not being warned before opening
certain potentially unsafe content types.
10) An error when printing to password-protected printers with debug
logging enabled may lead to the disclosure of sensitive information.
11) Some vulnerabilities in Adobe Flash Player can be exploited by
malicious people to bypass certain security restrictions, conduct
cross-site scripting attacks, or to potentially compromise a user's
system.
For more information:
SA28083
12) An integer underflow error in Help Viewer when handling
help:topic URLs can be exploited to cause a buffer overflow when a
specially crafted help:topic URL is accessed.
Successful exploitation may allow execution of arbitrary code.
13) A conversion error exists in ICU when handling certain character
encodings. This can potentially be exploited bypass content filters
and may lead to cross-site scripting and disclosure of sensitive
information.
14) Input passed to unspecified parameters in Image Capture's
embedded web server is not properly sanitised before being used. This
can be exploited to disclose the content of local files via directory
traversal attacks.
15) An error in the handling of temporary files in Image Capture can
be exploited by malicious, local users to manipulate files with the
privilege of a user running Image Capture.
16) A boundary error in the BMP and GIF image decoding engine in
ImageIO can be exploited to disclose content in memory.
17) Some vulnerabilities in ImageIO can be exploited by malicious
people to cause a DoS (Denial of Service).
The vulnerabilities are caused due to the use of vulnerable libpng
code.
For more information:
SA27093
SA27130
18) An integer overflow error in ImageIO within the processing of
JPEG2000 images can be exploited to cause a heap-based buffer
overflow when a specially crafted JPEG2000 image is viewed.
Successful exploitation of this vulnerability may allow execution of
arbitrary code.
19) An error in Mail is caused due to an uninitialised variable and
can lead to disclosure of sensitive information and potentially
execution of arbitrary code when mail is sent through an SMTP server
over IPv6.
For more information:
SA28323
21) The sso_util command-line tool requires that passwords be passed
to it in its arguments, which can be exploited by malicious, local
users to disclose the passwords.
22) An error in Wiki Server can be exploited to determine valid local
user names when nonexistent blogs are accessed.
ORIGINAL ADVISORY:
http://support.apple.com/kb/HT1897
OTHER REFERENCES:
SA18008:
http://secunia.com/advisories/18008/
SA18307:
http://secunia.com/advisories/18307/
SA26273:
http://secunia.com/advisories/26273/
SA26636:
http://secunia.com/advisories/26636/
SA27093:
http://secunia.com/advisories/27093/
SA27130:
http://secunia.com/advisories/27130/
SA28081:
http://secunia.com/advisories/28081/
SA28083:
http://secunia.com/advisories/28083/
SA28323:
http://secunia.com/advisories/28323/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200805-0588 | CVE-2008-1574 | Apple Mac OS X of ImageIO Vulnerable to buffer overflow |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Integer overflow in ImageIO in Apple Mac OS X before 10.5.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG2000 image that triggers a heap-based buffer overflow.
The security update addresses a total of 19 new vulnerabilities that affect the AFP Server, AppKit, Apple Pixlet Video, ATS, CFNetwork, CoreFoundation, CoreGraphics, CoreTypes, CUPS, Help Viewer, iCal, International Components for Unicode, Image Capture, ImageIO, Kernel, Mail, Single Sign-On, and Wiki Server components of Mac OS X.
Successful exploits will allow an attacker to run arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.
This issue affects Mac OS X 10.4.11, Mac OS X Server 10.4.11, Mac OS X 10.5 - 10.5.2, and Mac OS X Server 10.5 - 10.5.2.
NOTE: This issue was previously covered in BID 29412 (Apple Mac OS X 2008-003 Multiple Security Vulnerabilities) but has been given its own record to better document the vulnerability.
I. Further
details are available in the US-CERT Vulnerability Notes Database.
II.
III. These and other updates are available via Software Update or
via Apple Downloads.
IV. Please send
email to <cert@cert.org> with "TA08-150A Feedback VU#566875" in the
subject.
_________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
_________________________________________________________________
Produced 2008 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
May 29 2008: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBSD8M8XIHljM+H4irAQL8gggAhPXOm6pPXxrZpjiJYHmlhwCCIclyj9vo
Yvs/cicI8vJ3vB4xkUd51/iFoze6D3mFnSxwVAgrixysdkaCxBUyWqmRumEDTXfx
403FR2yIFpSFr7+9VXXWpmq6E0aHVjrKPOArq5uysuIPOHiEbKUisT2gBXUlPrtN
RjUg/w/9/IEryPxv/nVzHMcLDde2OLyoo+tiSCOqJK/sC/VUM/d1zkdIDOfu0zom
vmqM10hDyA7VR2rgkKvSbqXOWHua0t4eHaNMP0h3N51yLmFhMHxBGj9zWXj9dpHI
DcQ9gnQKm7YocOfLC4IPV0BWuPoAkNOEAPeRapPgmJ60icjOpn/MTQ==
=QvSr
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
Secunia Network Software Inspector 2.0 (NSI) - Public Beta
The Public Beta has ended. Thanks to all that participated.
1) An error in AFP server allows connected users or guests to access
files and directories that are not within a shared directory.
2) Some vulnerabilities in Apache can be exploited by malicious
people to conduct cross-site scripting attacks or to cause a DoS
(Denial of Service).
3) An unspecified error in AppKit can potentially be exploited to
execute arbitrary code when a user opens a specially crafted document
file with an editor that uses AppKit (e.g. TextEdit).
4) Multiple unspecified errors exist in the processing of Pixlet
video files. These can be exploited to cause memory corruption and
potentially allow for execution of arbitrary code when a user opens a
specially crafted movie file.
5) An unspecified error exists in Apple Type Services when processing
embedded fonts in PDF files. This can be exploited to cause a memory
corruption when a PDF file containing a specially crafted embedded
font is printed.
6) An error in Safari's SSL client certificate handling can lead to
an information disclosure of the first client certificate found in
the keychain when a web server issues a client certificate request.
7) An integer overflow exists in CoreFoundation when handling CFData
objects. This can be exploited to cause a heap-based buffer overflow
if an application calls "CFDataReplaceBytes" with an invalid "length"
argument.
8) An error due to an uninitialised variable in CoreGraphics can
potentially be exploited to execute arbitrary code when a specially
crafted PDF is opened.
9) A weakness is caused due to users not being warned before opening
certain potentially unsafe content types.
10) An error when printing to password-protected printers with debug
logging enabled may lead to the disclosure of sensitive information.
11) Some vulnerabilities in Adobe Flash Player can be exploited by
malicious people to bypass certain security restrictions, conduct
cross-site scripting attacks, or to potentially compromise a user's
system.
For more information:
SA28083
12) An integer underflow error in Help Viewer when handling
help:topic URLs can be exploited to cause a buffer overflow when a
specially crafted help:topic URL is accessed.
13) A conversion error exists in ICU when handling certain character
encodings. This can potentially be exploited bypass content filters
and may lead to cross-site scripting and disclosure of sensitive
information.
14) Input passed to unspecified parameters in Image Capture's
embedded web server is not properly sanitised before being used. This
can be exploited to disclose the content of local files via directory
traversal attacks.
15) An error in the handling of temporary files in Image Capture can
be exploited by malicious, local users to manipulate files with the
privilege of a user running Image Capture.
16) A boundary error in the BMP and GIF image decoding engine in
ImageIO can be exploited to disclose content in memory.
17) Some vulnerabilities in ImageIO can be exploited by malicious
people to cause a DoS (Denial of Service).
The vulnerabilities are caused due to the use of vulnerable libpng
code.
19) An error in Mail is caused due to an uninitialised variable and
can lead to disclosure of sensitive information and potentially
execution of arbitrary code when mail is sent through an SMTP server
over IPv6.
20) A vulnerability in Mongrel can be exploited by malicious people
to disclose sensitive information.
For more information:
SA28323
21) The sso_util command-line tool requires that passwords be passed
to it in its arguments, which can be exploited by malicious, local
users to disclose the passwords.
22) An error in Wiki Server can be exploited to determine valid local
user names when nonexistent blogs are accessed.
ORIGINAL ADVISORY:
http://support.apple.com/kb/HT1897
OTHER REFERENCES:
SA18008:
http://secunia.com/advisories/18008/
SA18307:
http://secunia.com/advisories/18307/
SA26273:
http://secunia.com/advisories/26273/
SA26636:
http://secunia.com/advisories/26636/
SA27093:
http://secunia.com/advisories/27093/
SA27130:
http://secunia.com/advisories/27130/
SA28081:
http://secunia.com/advisories/28081/
SA28083:
http://secunia.com/advisories/28083/
SA28323:
http://secunia.com/advisories/28323/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200805-0586 | CVE-2008-1027 | Apple Mac OS X of Apple Filing Protocol (AFP) Server Vulnerable to reading arbitrary files |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Apple Filing Protocol (AFP) Server in Apple Mac OS X before 10.5.3 does not verify that requested files and directories are inside shared folders, which allows remote attackers to read arbitrary files via unspecified AFP traffic. Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2008-003 and Mac OS X/Mac OS X Server 10.5.3.
The security update addresses a total of 19 new vulnerabilities that affect the AFP Server, AppKit, Apple Pixlet Video, ATS, CFNetwork, CoreFoundation, CoreGraphics, CoreTypes, CUPS, Help Viewer, iCal, International Components for Unicode, Image Capture, ImageIO, Kernel, Mail, Single Sign-On, and Wiki Server components of Mac OS X.
NOTE: This BID is being retired; the following individual records have been created to better document the issues:
29480 Apple Mac OS X CoreGraphics PDF Handling Code Execution Vulnerability
29481 Apple Mac OS X CoreTypes Unsafe Content Warning Weakness
29483 Apple Mac OS X Help Viewer 'help:topic' URI Buffer Overflow Vulnerability
29484 Apple Mac OS X CUPS Debug Logging Information Disclosure Vulnerability
29486 Apple Mac OS X iCal '.ics' File Handling Remote Code Execution Vulnerability
29487 Apple Mac OS X AppKit Malformed File Remote Code Execution Vulnerability
29488 Apple Mac OS X International Components for Unicode Information Disclosure Vulnerability
29489 Apple Mac OS X Pixlet Video Multiple Unspecified Memory Corruption Vulnerabilities
29490 Apple Mac OS X AFP Server File Sharing Unauthorized File Access Vulnerability
29491 Apple Mac OS X CoreFoundation CFData Object Handling Code Execution Vulnerability
29492 Apple Mac OS X Apple Type Services PDF Handling Code Execution Vulnerability
29493 Apple Mac OS X CFNetwork SSL Client Certificate Handling Information Disclosure Vulnerability
29500 Apple Mac OS X Mail Memory Corruption Vulnerability
29501 Apple Mac OS X Image Capture Webserver Directory Traversal Vulnerability
29511 Apple Mac OS X Wiki Server User Name Enumeration Weakness
29513 Apple Mac OS X ImageIO BMP/GIF Image Information Disclosure Vulnerability
29514 Apple Mac OS X ImageIO JPEG2000 Handling Remote Code Execution Vulnerability
29520 Apple Mac OS X Single Sign-On 'sso_util' Local Information Disclosure Vulnerability
29521 Apple Mac OS X Image Capture Local Arbitrary File Overwrite Vulnerability.
Successfully exploiting this issue will allow attackers to obtain potentially sensitive information that may lead to other attacks.
I. Further
details are available in the US-CERT Vulnerability Notes Database.
II.
III. These and other updates are available via Software Update or
via Apple Downloads.
IV. Please send
email to <cert@cert.org> with "TA08-150A Feedback VU#566875" in the
subject.
_________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
_________________________________________________________________
Produced 2008 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
May 29 2008: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBSD8M8XIHljM+H4irAQL8gggAhPXOm6pPXxrZpjiJYHmlhwCCIclyj9vo
Yvs/cicI8vJ3vB4xkUd51/iFoze6D3mFnSxwVAgrixysdkaCxBUyWqmRumEDTXfx
403FR2yIFpSFr7+9VXXWpmq6E0aHVjrKPOArq5uysuIPOHiEbKUisT2gBXUlPrtN
RjUg/w/9/IEryPxv/nVzHMcLDde2OLyoo+tiSCOqJK/sC/VUM/d1zkdIDOfu0zom
vmqM10hDyA7VR2rgkKvSbqXOWHua0t4eHaNMP0h3N51yLmFhMHxBGj9zWXj9dpHI
DcQ9gnQKm7YocOfLC4IPV0BWuPoAkNOEAPeRapPgmJ60icjOpn/MTQ==
=QvSr
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
Secunia Network Software Inspector 2.0 (NSI) - Public Beta
The Public Beta has ended. Thanks to all that participated.
2) Some vulnerabilities in Apache can be exploited by malicious
people to conduct cross-site scripting attacks or to cause a DoS
(Denial of Service).
3) An unspecified error in AppKit can potentially be exploited to
execute arbitrary code when a user opens a specially crafted document
file with an editor that uses AppKit (e.g. TextEdit).
4) Multiple unspecified errors exist in the processing of Pixlet
video files. These can be exploited to cause memory corruption and
potentially allow for execution of arbitrary code when a user opens a
specially crafted movie file.
5) An unspecified error exists in Apple Type Services when processing
embedded fonts in PDF files. This can be exploited to cause a memory
corruption when a PDF file containing a specially crafted embedded
font is printed.
Successful exploitation may allow execution of arbitrary code.
6) An error in Safari's SSL client certificate handling can lead to
an information disclosure of the first client certificate found in
the keychain when a web server issues a client certificate request.
7) An integer overflow exists in CoreFoundation when handling CFData
objects. This can be exploited to cause a heap-based buffer overflow
if an application calls "CFDataReplaceBytes" with an invalid "length"
argument.
8) An error due to an uninitialised variable in CoreGraphics can
potentially be exploited to execute arbitrary code when a specially
crafted PDF is opened.
9) A weakness is caused due to users not being warned before opening
certain potentially unsafe content types.
10) An error when printing to password-protected printers with debug
logging enabled may lead to the disclosure of sensitive information.
11) Some vulnerabilities in Adobe Flash Player can be exploited by
malicious people to bypass certain security restrictions, conduct
cross-site scripting attacks, or to potentially compromise a user's
system.
For more information:
SA28083
12) An integer underflow error in Help Viewer when handling
help:topic URLs can be exploited to cause a buffer overflow when a
specially crafted help:topic URL is accessed.
Successful exploitation may allow execution of arbitrary code.
13) A conversion error exists in ICU when handling certain character
encodings.
14) Input passed to unspecified parameters in Image Capture's
embedded web server is not properly sanitised before being used. This
can be exploited to disclose the content of local files via directory
traversal attacks.
15) An error in the handling of temporary files in Image Capture can
be exploited by malicious, local users to manipulate files with the
privilege of a user running Image Capture.
16) A boundary error in the BMP and GIF image decoding engine in
ImageIO can be exploited to disclose content in memory.
17) Some vulnerabilities in ImageIO can be exploited by malicious
people to cause a DoS (Denial of Service).
The vulnerabilities are caused due to the use of vulnerable libpng
code.
For more information:
SA27093
SA27130
18) An integer overflow error in ImageIO within the processing of
JPEG2000 images can be exploited to cause a heap-based buffer
overflow when a specially crafted JPEG2000 image is viewed.
Successful exploitation of this vulnerability may allow execution of
arbitrary code.
19) An error in Mail is caused due to an uninitialised variable and
can lead to disclosure of sensitive information and potentially
execution of arbitrary code when mail is sent through an SMTP server
over IPv6.
20) A vulnerability in Mongrel can be exploited by malicious people
to disclose sensitive information.
For more information:
SA28323
21) The sso_util command-line tool requires that passwords be passed
to it in its arguments, which can be exploited by malicious, local
users to disclose the passwords.
22) An error in Wiki Server can be exploited to determine valid local
user names when nonexistent blogs are accessed.
ORIGINAL ADVISORY:
http://support.apple.com/kb/HT1897
OTHER REFERENCES:
SA18008:
http://secunia.com/advisories/18008/
SA18307:
http://secunia.com/advisories/18307/
SA26273:
http://secunia.com/advisories/26273/
SA26636:
http://secunia.com/advisories/26636/
SA27093:
http://secunia.com/advisories/27093/
SA27130:
http://secunia.com/advisories/27130/
SA28081:
http://secunia.com/advisories/28081/
SA28083:
http://secunia.com/advisories/28083/
SA28323:
http://secunia.com/advisories/28323/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200805-0580 | CVE-2008-1576 | Apple Help Viewer vulnerable to buffer overflow |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Mail in Apple Mac OS X before 10.5, when an IPv6 SMTP server is used, does not properly initialize memory, which might allow remote attackers to execute arbitrary code or cause a denial of service (application crash), or obtain sensitive information (memory contents) in opportunistic circumstances, by sending an e-mail message. A vulnerability in the way Apple Help Viewer handles specially crafted URLs may allow an attacker to execute arbitrary code or cause a denial of service. Apple Mac OS X is prone to a memory-corruption vulnerability that affects the Mail application.
NOTE: This issue was previously covered in BID 29412 (Apple Mac OS X 2008-003 Multiple Security Vulnerabilities) but has been given its own record to better document the vulnerability.
This issue affects Mac OS X v10.4.11 and Mac OS X Server 10.4.11. Computers running Mac OS X v10.5 or later are not affected by this issue.
The security update addresses a total of 19 new vulnerabilities that affect the AFP Server, AppKit, Apple Pixlet Video, ATS, CFNetwork, CoreFoundation, CoreGraphics, CoreTypes, CUPS, Help Viewer, iCal, International Components for Unicode, Image Capture, ImageIO, Kernel, Mail, Single Sign-On, and Wiki Server components of Mac OS X. An uninitialized buffer vulnerability exists in Mail.
I. Further
details are available in the US-CERT Vulnerability Notes Database.
II.
III. These and other updates are available via Software Update or
via Apple Downloads.
IV. Please send
email to <cert@cert.org> with "TA08-150A Feedback VU#566875" in the
subject.
_________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
_________________________________________________________________
Produced 2008 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
May 29 2008: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBSD8M8XIHljM+H4irAQL8gggAhPXOm6pPXxrZpjiJYHmlhwCCIclyj9vo
Yvs/cicI8vJ3vB4xkUd51/iFoze6D3mFnSxwVAgrixysdkaCxBUyWqmRumEDTXfx
403FR2yIFpSFr7+9VXXWpmq6E0aHVjrKPOArq5uysuIPOHiEbKUisT2gBXUlPrtN
RjUg/w/9/IEryPxv/nVzHMcLDde2OLyoo+tiSCOqJK/sC/VUM/d1zkdIDOfu0zom
vmqM10hDyA7VR2rgkKvSbqXOWHua0t4eHaNMP0h3N51yLmFhMHxBGj9zWXj9dpHI
DcQ9gnQKm7YocOfLC4IPV0BWuPoAkNOEAPeRapPgmJ60icjOpn/MTQ==
=QvSr
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
Secunia Network Software Inspector 2.0 (NSI) - Public Beta
The Public Beta has ended. Thanks to all that participated.
1) An error in AFP server allows connected users or guests to access
files and directories that are not within a shared directory.
2) Some vulnerabilities in Apache can be exploited by malicious
people to conduct cross-site scripting attacks or to cause a DoS
(Denial of Service). TextEdit).
4) Multiple unspecified errors exist in the processing of Pixlet
video files.
5) An unspecified error exists in Apple Type Services when processing
embedded fonts in PDF files. This can be exploited to cause a memory
corruption when a PDF file containing a specially crafted embedded
font is printed.
Successful exploitation may allow execution of arbitrary code.
6) An error in Safari's SSL client certificate handling can lead to
an information disclosure of the first client certificate found in
the keychain when a web server issues a client certificate request.
7) An integer overflow exists in CoreFoundation when handling CFData
objects. This can be exploited to cause a heap-based buffer overflow
if an application calls "CFDataReplaceBytes" with an invalid "length"
argument.
8) An error due to an uninitialised variable in CoreGraphics can
potentially be exploited to execute arbitrary code when a specially
crafted PDF is opened.
9) A weakness is caused due to users not being warned before opening
certain potentially unsafe content types.
10) An error when printing to password-protected printers with debug
logging enabled may lead to the disclosure of sensitive information.
11) Some vulnerabilities in Adobe Flash Player can be exploited by
malicious people to bypass certain security restrictions, conduct
cross-site scripting attacks, or to potentially compromise a user's
system.
Successful exploitation may allow execution of arbitrary code.
13) A conversion error exists in ICU when handling certain character
encodings. This can potentially be exploited bypass content filters
and may lead to cross-site scripting and disclosure of sensitive
information.
14) Input passed to unspecified parameters in Image Capture's
embedded web server is not properly sanitised before being used. This
can be exploited to disclose the content of local files via directory
traversal attacks.
15) An error in the handling of temporary files in Image Capture can
be exploited by malicious, local users to manipulate files with the
privilege of a user running Image Capture.
16) A boundary error in the BMP and GIF image decoding engine in
ImageIO can be exploited to disclose content in memory.
17) Some vulnerabilities in ImageIO can be exploited by malicious
people to cause a DoS (Denial of Service).
The vulnerabilities are caused due to the use of vulnerable libpng
code.
For more information:
SA27093
SA27130
18) An integer overflow error in ImageIO within the processing of
JPEG2000 images can be exploited to cause a heap-based buffer
overflow when a specially crafted JPEG2000 image is viewed.
Successful exploitation of this vulnerability may allow execution of
arbitrary code.
20) A vulnerability in Mongrel can be exploited by malicious people
to disclose sensitive information.
For more information:
SA28323
21) The sso_util command-line tool requires that passwords be passed
to it in its arguments, which can be exploited by malicious, local
users to disclose the passwords.
22) An error in Wiki Server can be exploited to determine valid local
user names when nonexistent blogs are accessed.
ORIGINAL ADVISORY:
http://support.apple.com/kb/HT1897
OTHER REFERENCES:
SA18008:
http://secunia.com/advisories/18008/
SA18307:
http://secunia.com/advisories/18307/
SA26273:
http://secunia.com/advisories/26273/
SA26636:
http://secunia.com/advisories/26636/
SA27093:
http://secunia.com/advisories/27093/
SA27130:
http://secunia.com/advisories/27130/
SA28081:
http://secunia.com/advisories/28081/
SA28083:
http://secunia.com/advisories/28083/
SA28323:
http://secunia.com/advisories/28323/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200805-0579 | CVE-2008-1572 | Apple Mac OS X Image capture file overwrite vulnerability |
CVSS V2: 4.6 CVSS V3: - Severity: MEDIUM |
Image Capture in Apple Mac OS X before 10.5 does not properly use temporary files, which allows local users to overwrite arbitrary files, and display images that are being resized by this application.
A local attacker can exploit this issue to overwrite files with the privileges of another user running the affected application.
This issue affects Mac OS X 10.4.11 and Mac OS X Server 10.4.11.
NOTE: This issue was previously covered in BID 29412 (Apple Mac OS X 2008-003 Multiple Security Vulnerabilities) but has been given its own record to better document the vulnerability.
The security update addresses a total of 19 new vulnerabilities that affect the AFP Server, AppKit, Apple Pixlet Video, ATS, CFNetwork, CoreFoundation, CoreGraphics, CoreTypes, CUPS, Help Viewer, iCal, International Components for Unicode, Image Capture, ImageIO, Kernel, Mail, Single Sign-On, and Wiki Server components of Mac OS X.
I. Further
details are available in the US-CERT Vulnerability Notes Database.
II.
III. These and other updates are available via Software Update or
via Apple Downloads.
IV. Please send
email to <cert@cert.org> with "TA08-150A Feedback VU#566875" in the
subject.
_________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
_________________________________________________________________
Produced 2008 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
May 29 2008: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBSD8M8XIHljM+H4irAQL8gggAhPXOm6pPXxrZpjiJYHmlhwCCIclyj9vo
Yvs/cicI8vJ3vB4xkUd51/iFoze6D3mFnSxwVAgrixysdkaCxBUyWqmRumEDTXfx
403FR2yIFpSFr7+9VXXWpmq6E0aHVjrKPOArq5uysuIPOHiEbKUisT2gBXUlPrtN
RjUg/w/9/IEryPxv/nVzHMcLDde2OLyoo+tiSCOqJK/sC/VUM/d1zkdIDOfu0zom
vmqM10hDyA7VR2rgkKvSbqXOWHua0t4eHaNMP0h3N51yLmFhMHxBGj9zWXj9dpHI
DcQ9gnQKm7YocOfLC4IPV0BWuPoAkNOEAPeRapPgmJ60icjOpn/MTQ==
=QvSr
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
Secunia Network Software Inspector 2.0 (NSI) - Public Beta
The Public Beta has ended. Thanks to all that participated.
1) An error in AFP server allows connected users or guests to access
files and directories that are not within a shared directory.
2) Some vulnerabilities in Apache can be exploited by malicious
people to conduct cross-site scripting attacks or to cause a DoS
(Denial of Service).
3) An unspecified error in AppKit can potentially be exploited to
execute arbitrary code when a user opens a specially crafted document
file with an editor that uses AppKit (e.g. TextEdit).
4) Multiple unspecified errors exist in the processing of Pixlet
video files. These can be exploited to cause memory corruption and
potentially allow for execution of arbitrary code when a user opens a
specially crafted movie file.
5) An unspecified error exists in Apple Type Services when processing
embedded fonts in PDF files. This can be exploited to cause a memory
corruption when a PDF file containing a specially crafted embedded
font is printed.
Successful exploitation may allow execution of arbitrary code.
6) An error in Safari's SSL client certificate handling can lead to
an information disclosure of the first client certificate found in
the keychain when a web server issues a client certificate request.
7) An integer overflow exists in CoreFoundation when handling CFData
objects. This can be exploited to cause a heap-based buffer overflow
if an application calls "CFDataReplaceBytes" with an invalid "length"
argument.
8) An error due to an uninitialised variable in CoreGraphics can
potentially be exploited to execute arbitrary code when a specially
crafted PDF is opened.
9) A weakness is caused due to users not being warned before opening
certain potentially unsafe content types.
10) An error when printing to password-protected printers with debug
logging enabled may lead to the disclosure of sensitive information.
11) Some vulnerabilities in Adobe Flash Player can be exploited by
malicious people to bypass certain security restrictions, conduct
cross-site scripting attacks, or to potentially compromise a user's
system.
For more information:
SA28083
12) An integer underflow error in Help Viewer when handling
help:topic URLs can be exploited to cause a buffer overflow when a
specially crafted help:topic URL is accessed.
Successful exploitation may allow execution of arbitrary code.
13) A conversion error exists in ICU when handling certain character
encodings. This can potentially be exploited bypass content filters
and may lead to cross-site scripting and disclosure of sensitive
information.
14) Input passed to unspecified parameters in Image Capture's
embedded web server is not properly sanitised before being used. This
can be exploited to disclose the content of local files via directory
traversal attacks.
16) A boundary error in the BMP and GIF image decoding engine in
ImageIO can be exploited to disclose content in memory.
17) Some vulnerabilities in ImageIO can be exploited by malicious
people to cause a DoS (Denial of Service).
The vulnerabilities are caused due to the use of vulnerable libpng
code.
For more information:
SA27093
SA27130
18) An integer overflow error in ImageIO within the processing of
JPEG2000 images can be exploited to cause a heap-based buffer
overflow when a specially crafted JPEG2000 image is viewed.
Successful exploitation of this vulnerability may allow execution of
arbitrary code.
19) An error in Mail is caused due to an uninitialised variable and
can lead to disclosure of sensitive information and potentially
execution of arbitrary code when mail is sent through an SMTP server
over IPv6.
20) A vulnerability in Mongrel can be exploited by malicious people
to disclose sensitive information.
For more information:
SA28323
21) The sso_util command-line tool requires that passwords be passed
to it in its arguments, which can be exploited by malicious, local
users to disclose the passwords.
22) An error in Wiki Server can be exploited to determine valid local
user names when nonexistent blogs are accessed.
ORIGINAL ADVISORY:
http://support.apple.com/kb/HT1897
OTHER REFERENCES:
SA18008:
http://secunia.com/advisories/18008/
SA18307:
http://secunia.com/advisories/18307/
SA26273:
http://secunia.com/advisories/26273/
SA26636:
http://secunia.com/advisories/26636/
SA27093:
http://secunia.com/advisories/27093/
SA27130:
http://secunia.com/advisories/27130/
SA28081:
http://secunia.com/advisories/28081/
SA28083:
http://secunia.com/advisories/28083/
SA28323:
http://secunia.com/advisories/28323/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200805-0578 | CVE-2008-1575 | Apple Mac OS X of Apple Type Services (ATS) Vulnerability in arbitrary code execution on server |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Unspecified vulnerability in the Apple Type Services (ATS) server in Apple Mac OS X 10.5 before 10.5.3 allows user-assisted remote attackers to execute arbitrary code via a crafted embedded font in a PDF document, related to memory corruption that occurs during printing.
The security update addresses a total of 19 new vulnerabilities that affect the AFP Server, AppKit, Apple Pixlet Video, ATS, CFNetwork, CoreFoundation, CoreGraphics, CoreTypes, CUPS, Help Viewer, iCal, International Components for Unicode, Image Capture, ImageIO, Kernel, Mail, Single Sign-On, and Wiki Server components of Mac OS X.
Successful exploits will allow attackers to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.
This issue affects Mac OS X 10.5 - 10.5.2 and Mac OS X Server 10.5 - 10.5.2.
NOTE: This issue was previously covered in BID 29412 (Apple Mac OS X 2008-003 Multiple Security Vulnerabilities) but has been given its own record to better document the vulnerability. This vulnerability is related to the printing process. related to memory corruption.
I. Further
details are available in the US-CERT Vulnerability Notes Database.
II.
III. These and other updates are available via Software Update or
via Apple Downloads.
IV. Please send
email to <cert@cert.org> with "TA08-150A Feedback VU#566875" in the
subject.
_________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
_________________________________________________________________
Produced 2008 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
May 29 2008: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBSD8M8XIHljM+H4irAQL8gggAhPXOm6pPXxrZpjiJYHmlhwCCIclyj9vo
Yvs/cicI8vJ3vB4xkUd51/iFoze6D3mFnSxwVAgrixysdkaCxBUyWqmRumEDTXfx
403FR2yIFpSFr7+9VXXWpmq6E0aHVjrKPOArq5uysuIPOHiEbKUisT2gBXUlPrtN
RjUg/w/9/IEryPxv/nVzHMcLDde2OLyoo+tiSCOqJK/sC/VUM/d1zkdIDOfu0zom
vmqM10hDyA7VR2rgkKvSbqXOWHua0t4eHaNMP0h3N51yLmFhMHxBGj9zWXj9dpHI
DcQ9gnQKm7YocOfLC4IPV0BWuPoAkNOEAPeRapPgmJ60icjOpn/MTQ==
=QvSr
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
Secunia Network Software Inspector 2.0 (NSI) - Public Beta
The Public Beta has ended. Thanks to all that participated.
1) An error in AFP server allows connected users or guests to access
files and directories that are not within a shared directory.
2) Some vulnerabilities in Apache can be exploited by malicious
people to conduct cross-site scripting attacks or to cause a DoS
(Denial of Service).
3) An unspecified error in AppKit can potentially be exploited to
execute arbitrary code when a user opens a specially crafted document
file with an editor that uses AppKit (e.g. TextEdit).
4) Multiple unspecified errors exist in the processing of Pixlet
video files. These can be exploited to cause memory corruption and
potentially allow for execution of arbitrary code when a user opens a
specially crafted movie file. This can be exploited to cause a memory
corruption when a PDF file containing a specially crafted embedded
font is printed.
6) An error in Safari's SSL client certificate handling can lead to
an information disclosure of the first client certificate found in
the keychain when a web server issues a client certificate request.
7) An integer overflow exists in CoreFoundation when handling CFData
objects. This can be exploited to cause a heap-based buffer overflow
if an application calls "CFDataReplaceBytes" with an invalid "length"
argument.
8) An error due to an uninitialised variable in CoreGraphics can
potentially be exploited to execute arbitrary code when a specially
crafted PDF is opened.
9) A weakness is caused due to users not being warned before opening
certain potentially unsafe content types.
10) An error when printing to password-protected printers with debug
logging enabled may lead to the disclosure of sensitive information.
11) Some vulnerabilities in Adobe Flash Player can be exploited by
malicious people to bypass certain security restrictions, conduct
cross-site scripting attacks, or to potentially compromise a user's
system.
For more information:
SA28083
12) An integer underflow error in Help Viewer when handling
help:topic URLs can be exploited to cause a buffer overflow when a
specially crafted help:topic URL is accessed.
13) A conversion error exists in ICU when handling certain character
encodings. This can potentially be exploited bypass content filters
and may lead to cross-site scripting and disclosure of sensitive
information.
14) Input passed to unspecified parameters in Image Capture's
embedded web server is not properly sanitised before being used. This
can be exploited to disclose the content of local files via directory
traversal attacks.
15) An error in the handling of temporary files in Image Capture can
be exploited by malicious, local users to manipulate files with the
privilege of a user running Image Capture.
16) A boundary error in the BMP and GIF image decoding engine in
ImageIO can be exploited to disclose content in memory.
17) Some vulnerabilities in ImageIO can be exploited by malicious
people to cause a DoS (Denial of Service).
The vulnerabilities are caused due to the use of vulnerable libpng
code.
For more information:
SA27093
SA27130
18) An integer overflow error in ImageIO within the processing of
JPEG2000 images can be exploited to cause a heap-based buffer
overflow when a specially crafted JPEG2000 image is viewed.
19) An error in Mail is caused due to an uninitialised variable and
can lead to disclosure of sensitive information and potentially
execution of arbitrary code when mail is sent through an SMTP server
over IPv6.
20) A vulnerability in Mongrel can be exploited by malicious people
to disclose sensitive information.
For more information:
SA28323
21) The sso_util command-line tool requires that passwords be passed
to it in its arguments, which can be exploited by malicious, local
users to disclose the passwords.
22) An error in Wiki Server can be exploited to determine valid local
user names when nonexistent blogs are accessed.
ORIGINAL ADVISORY:
http://support.apple.com/kb/HT1897
OTHER REFERENCES:
SA18008:
http://secunia.com/advisories/18008/
SA18307:
http://secunia.com/advisories/18307/
SA26273:
http://secunia.com/advisories/26273/
SA26636:
http://secunia.com/advisories/26636/
SA27093:
http://secunia.com/advisories/27093/
SA27130:
http://secunia.com/advisories/27130/
SA28081:
http://secunia.com/advisories/28081/
SA28083:
http://secunia.com/advisories/28083/
SA28323:
http://secunia.com/advisories/28323/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200805-0576 | CVE-2008-1571 | Apple Mac OS X Embedded image capture Web Server traversal vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Directory traversal vulnerability in the embedded web server in Image Capture in Apple Mac OS X before 10.5 allows remote attackers to read arbitrary files via directory traversal sequences in the URI.
The security update addresses a total of 19 new vulnerabilities that affect the AFP Server, AppKit, Apple Pixlet Video, ATS, CFNetwork, CoreFoundation, CoreGraphics, CoreTypes, CUPS, Help Viewer, iCal, International Components for Unicode, Image Capture, ImageIO, Kernel, Mail, Single Sign-On, and Wiki Server components of Mac OS X. Apple's Image Capture is prone to a directory-traversal vulnerability because the application fails to properly sanitize user-supplied input.
An attacker can exploit this issue to gain access to arbitrary files in the context of the affected server. Information gathered may lead to other attacks.
This vulnerability affects Mac OS X 10.4.11 and Mac OS X Server 10.4.11.
NOTE: This issue was previously covered in BID 29412 (Apple Mac OS X 2008-003 Multiple Security Vulnerabilities) but has been given its own record to better document the vulnerability.
I. Further
details are available in the US-CERT Vulnerability Notes Database.
II.
III. These and other updates are available via Software Update or
via Apple Downloads.
IV. Please send
email to <cert@cert.org> with "TA08-150A Feedback VU#566875" in the
subject.
_________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
_________________________________________________________________
Produced 2008 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
May 29 2008: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBSD8M8XIHljM+H4irAQL8gggAhPXOm6pPXxrZpjiJYHmlhwCCIclyj9vo
Yvs/cicI8vJ3vB4xkUd51/iFoze6D3mFnSxwVAgrixysdkaCxBUyWqmRumEDTXfx
403FR2yIFpSFr7+9VXXWpmq6E0aHVjrKPOArq5uysuIPOHiEbKUisT2gBXUlPrtN
RjUg/w/9/IEryPxv/nVzHMcLDde2OLyoo+tiSCOqJK/sC/VUM/d1zkdIDOfu0zom
vmqM10hDyA7VR2rgkKvSbqXOWHua0t4eHaNMP0h3N51yLmFhMHxBGj9zWXj9dpHI
DcQ9gnQKm7YocOfLC4IPV0BWuPoAkNOEAPeRapPgmJ60icjOpn/MTQ==
=QvSr
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
Secunia Network Software Inspector 2.0 (NSI) - Public Beta
The Public Beta has ended. Thanks to all that participated.
1) An error in AFP server allows connected users or guests to access
files and directories that are not within a shared directory.
2) Some vulnerabilities in Apache can be exploited by malicious
people to conduct cross-site scripting attacks or to cause a DoS
(Denial of Service).
3) An unspecified error in AppKit can potentially be exploited to
execute arbitrary code when a user opens a specially crafted document
file with an editor that uses AppKit (e.g. TextEdit).
4) Multiple unspecified errors exist in the processing of Pixlet
video files. These can be exploited to cause memory corruption and
potentially allow for execution of arbitrary code when a user opens a
specially crafted movie file.
5) An unspecified error exists in Apple Type Services when processing
embedded fonts in PDF files. This can be exploited to cause a memory
corruption when a PDF file containing a specially crafted embedded
font is printed.
Successful exploitation may allow execution of arbitrary code.
6) An error in Safari's SSL client certificate handling can lead to
an information disclosure of the first client certificate found in
the keychain when a web server issues a client certificate request.
7) An integer overflow exists in CoreFoundation when handling CFData
objects. This can be exploited to cause a heap-based buffer overflow
if an application calls "CFDataReplaceBytes" with an invalid "length"
argument.
8) An error due to an uninitialised variable in CoreGraphics can
potentially be exploited to execute arbitrary code when a specially
crafted PDF is opened.
9) A weakness is caused due to users not being warned before opening
certain potentially unsafe content types.
10) An error when printing to password-protected printers with debug
logging enabled may lead to the disclosure of sensitive information.
11) Some vulnerabilities in Adobe Flash Player can be exploited by
malicious people to bypass certain security restrictions, conduct
cross-site scripting attacks, or to potentially compromise a user's
system.
For more information:
SA28083
12) An integer underflow error in Help Viewer when handling
help:topic URLs can be exploited to cause a buffer overflow when a
specially crafted help:topic URL is accessed.
Successful exploitation may allow execution of arbitrary code.
13) A conversion error exists in ICU when handling certain character
encodings. This can potentially be exploited bypass content filters
and may lead to cross-site scripting and disclosure of sensitive
information. This
can be exploited to disclose the content of local files via directory
traversal attacks.
15) An error in the handling of temporary files in Image Capture can
be exploited by malicious, local users to manipulate files with the
privilege of a user running Image Capture.
16) A boundary error in the BMP and GIF image decoding engine in
ImageIO can be exploited to disclose content in memory.
17) Some vulnerabilities in ImageIO can be exploited by malicious
people to cause a DoS (Denial of Service).
The vulnerabilities are caused due to the use of vulnerable libpng
code.
For more information:
SA27093
SA27130
18) An integer overflow error in ImageIO within the processing of
JPEG2000 images can be exploited to cause a heap-based buffer
overflow when a specially crafted JPEG2000 image is viewed.
Successful exploitation of this vulnerability may allow execution of
arbitrary code.
19) An error in Mail is caused due to an uninitialised variable and
can lead to disclosure of sensitive information and potentially
execution of arbitrary code when mail is sent through an SMTP server
over IPv6.
20) A vulnerability in Mongrel can be exploited by malicious people
to disclose sensitive information.
For more information:
SA28323
21) The sso_util command-line tool requires that passwords be passed
to it in its arguments, which can be exploited by malicious, local
users to disclose the passwords.
22) An error in Wiki Server can be exploited to determine valid local
user names when nonexistent blogs are accessed.
ORIGINAL ADVISORY:
http://support.apple.com/kb/HT1897
OTHER REFERENCES:
SA18008:
http://secunia.com/advisories/18008/
SA18307:
http://secunia.com/advisories/18307/
SA26273:
http://secunia.com/advisories/26273/
SA26636:
http://secunia.com/advisories/26636/
SA27093:
http://secunia.com/advisories/27093/
SA27130:
http://secunia.com/advisories/27130/
SA28081:
http://secunia.com/advisories/28081/
SA28083:
http://secunia.com/advisories/28083/
SA28323:
http://secunia.com/advisories/28323/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200805-0574 | CVE-2008-1579 | Apple Mac OS X of Wiki Server name disclosure vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Wiki Server in Apple Mac OS X 10.5 before 10.5.3 allows remote attackers to obtain sensitive information (user names) by reading the error message produced upon access to a nonexistent blog.
A successful exploit of this issue may aid in further attacks.
This issue affects Mac OS X Server 10.5 to 10.5.2.
The security update addresses a total of 19 new vulnerabilities that affect the AFP Server, AppKit, Apple Pixlet Video, ATS, CFNetwork, CoreFoundation, CoreGraphics, CoreTypes, CUPS, Help Viewer, iCal, International Components for Unicode, Image Capture, ImageIO, Kernel, Mail, Single Sign-On, and Wiki Server components of Mac OS X.
I. Further
details are available in the US-CERT Vulnerability Notes Database.
II.
III. These and other updates are available via Software Update or
via Apple Downloads.
IV. Please send
email to <cert@cert.org> with "TA08-150A Feedback VU#566875" in the
subject.
_________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
_________________________________________________________________
Produced 2008 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
May 29 2008: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBSD8M8XIHljM+H4irAQL8gggAhPXOm6pPXxrZpjiJYHmlhwCCIclyj9vo
Yvs/cicI8vJ3vB4xkUd51/iFoze6D3mFnSxwVAgrixysdkaCxBUyWqmRumEDTXfx
403FR2yIFpSFr7+9VXXWpmq6E0aHVjrKPOArq5uysuIPOHiEbKUisT2gBXUlPrtN
RjUg/w/9/IEryPxv/nVzHMcLDde2OLyoo+tiSCOqJK/sC/VUM/d1zkdIDOfu0zom
vmqM10hDyA7VR2rgkKvSbqXOWHua0t4eHaNMP0h3N51yLmFhMHxBGj9zWXj9dpHI
DcQ9gnQKm7YocOfLC4IPV0BWuPoAkNOEAPeRapPgmJ60icjOpn/MTQ==
=QvSr
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
Secunia Network Software Inspector 2.0 (NSI) - Public Beta
The Public Beta has ended. Thanks to all that participated.
1) An error in AFP server allows connected users or guests to access
files and directories that are not within a shared directory.
2) Some vulnerabilities in Apache can be exploited by malicious
people to conduct cross-site scripting attacks or to cause a DoS
(Denial of Service).
3) An unspecified error in AppKit can potentially be exploited to
execute arbitrary code when a user opens a specially crafted document
file with an editor that uses AppKit (e.g. TextEdit).
4) Multiple unspecified errors exist in the processing of Pixlet
video files. These can be exploited to cause memory corruption and
potentially allow for execution of arbitrary code when a user opens a
specially crafted movie file.
5) An unspecified error exists in Apple Type Services when processing
embedded fonts in PDF files. This can be exploited to cause a memory
corruption when a PDF file containing a specially crafted embedded
font is printed.
Successful exploitation may allow execution of arbitrary code.
6) An error in Safari's SSL client certificate handling can lead to
an information disclosure of the first client certificate found in
the keychain when a web server issues a client certificate request.
7) An integer overflow exists in CoreFoundation when handling CFData
objects. This can be exploited to cause a heap-based buffer overflow
if an application calls "CFDataReplaceBytes" with an invalid "length"
argument.
8) An error due to an uninitialised variable in CoreGraphics can
potentially be exploited to execute arbitrary code when a specially
crafted PDF is opened.
9) A weakness is caused due to users not being warned before opening
certain potentially unsafe content types.
10) An error when printing to password-protected printers with debug
logging enabled may lead to the disclosure of sensitive information.
11) Some vulnerabilities in Adobe Flash Player can be exploited by
malicious people to bypass certain security restrictions, conduct
cross-site scripting attacks, or to potentially compromise a user's
system.
For more information:
SA28083
12) An integer underflow error in Help Viewer when handling
help:topic URLs can be exploited to cause a buffer overflow when a
specially crafted help:topic URL is accessed.
Successful exploitation may allow execution of arbitrary code.
13) A conversion error exists in ICU when handling certain character
encodings. This can potentially be exploited bypass content filters
and may lead to cross-site scripting and disclosure of sensitive
information.
14) Input passed to unspecified parameters in Image Capture's
embedded web server is not properly sanitised before being used. This
can be exploited to disclose the content of local files via directory
traversal attacks.
15) An error in the handling of temporary files in Image Capture can
be exploited by malicious, local users to manipulate files with the
privilege of a user running Image Capture.
16) A boundary error in the BMP and GIF image decoding engine in
ImageIO can be exploited to disclose content in memory.
17) Some vulnerabilities in ImageIO can be exploited by malicious
people to cause a DoS (Denial of Service).
The vulnerabilities are caused due to the use of vulnerable libpng
code.
For more information:
SA27093
SA27130
18) An integer overflow error in ImageIO within the processing of
JPEG2000 images can be exploited to cause a heap-based buffer
overflow when a specially crafted JPEG2000 image is viewed.
Successful exploitation of this vulnerability may allow execution of
arbitrary code.
19) An error in Mail is caused due to an uninitialised variable and
can lead to disclosure of sensitive information and potentially
execution of arbitrary code when mail is sent through an SMTP server
over IPv6.
20) A vulnerability in Mongrel can be exploited by malicious people
to disclose sensitive information.
For more information:
SA28323
21) The sso_util command-line tool requires that passwords be passed
to it in its arguments, which can be exploited by malicious, local
users to disclose the passwords.
ORIGINAL ADVISORY:
http://support.apple.com/kb/HT1897
OTHER REFERENCES:
SA18008:
http://secunia.com/advisories/18008/
SA18307:
http://secunia.com/advisories/18307/
SA26273:
http://secunia.com/advisories/26273/
SA26636:
http://secunia.com/advisories/26636/
SA27093:
http://secunia.com/advisories/27093/
SA27130:
http://secunia.com/advisories/27130/
SA28081:
http://secunia.com/advisories/28081/
SA28083:
http://secunia.com/advisories/28083/
SA28323:
http://secunia.com/advisories/28323/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200805-0571 | CVE-2008-1578 | Apple Mac OS X of sso_util Password disclosure vulnerability |
CVSS V2: 2.1 CVSS V3: - Severity: LOW |
The sso_util program in Single Sign-On in Apple Mac OS X before 10.5.3 places passwords on the command line, which allows local users to obtain sensitive information by listing the process.
The security update addresses a total of 19 new vulnerabilities that affect the AFP Server, AppKit, Apple Pixlet Video, ATS, CFNetwork, CoreFoundation, CoreGraphics, CoreTypes, CUPS, Help Viewer, iCal, International Components for Unicode, Image Capture, ImageIO, Kernel, Mail, Single Sign-On, and Wiki Server components of Mac OS X.
Local attackers can leverage this issue to gain access to sensitive information that will aid in further attacks.
This issue affects Mac OS X 10.4.11, Mac OS X Server 10.4.11, Mac OS X 10.5 - 10.5.2, and Mac OS X Server 10.5 - 10.5.2. Leaked passwords include user, administrator, and KDC administrative passwords.
I. Further
details are available in the US-CERT Vulnerability Notes Database.
II.
III. These and other updates are available via Software Update or
via Apple Downloads.
IV. Please send
email to <cert@cert.org> with "TA08-150A Feedback VU#566875" in the
subject.
_________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
_________________________________________________________________
Produced 2008 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
May 29 2008: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBSD8M8XIHljM+H4irAQL8gggAhPXOm6pPXxrZpjiJYHmlhwCCIclyj9vo
Yvs/cicI8vJ3vB4xkUd51/iFoze6D3mFnSxwVAgrixysdkaCxBUyWqmRumEDTXfx
403FR2yIFpSFr7+9VXXWpmq6E0aHVjrKPOArq5uysuIPOHiEbKUisT2gBXUlPrtN
RjUg/w/9/IEryPxv/nVzHMcLDde2OLyoo+tiSCOqJK/sC/VUM/d1zkdIDOfu0zom
vmqM10hDyA7VR2rgkKvSbqXOWHua0t4eHaNMP0h3N51yLmFhMHxBGj9zWXj9dpHI
DcQ9gnQKm7YocOfLC4IPV0BWuPoAkNOEAPeRapPgmJ60icjOpn/MTQ==
=QvSr
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
Secunia Network Software Inspector 2.0 (NSI) - Public Beta
The Public Beta has ended. Thanks to all that participated.
1) An error in AFP server allows connected users or guests to access
files and directories that are not within a shared directory.
2) Some vulnerabilities in Apache can be exploited by malicious
people to conduct cross-site scripting attacks or to cause a DoS
(Denial of Service).
3) An unspecified error in AppKit can potentially be exploited to
execute arbitrary code when a user opens a specially crafted document
file with an editor that uses AppKit (e.g. TextEdit).
4) Multiple unspecified errors exist in the processing of Pixlet
video files. These can be exploited to cause memory corruption and
potentially allow for execution of arbitrary code when a user opens a
specially crafted movie file.
5) An unspecified error exists in Apple Type Services when processing
embedded fonts in PDF files. This can be exploited to cause a memory
corruption when a PDF file containing a specially crafted embedded
font is printed.
Successful exploitation may allow execution of arbitrary code.
6) An error in Safari's SSL client certificate handling can lead to
an information disclosure of the first client certificate found in
the keychain when a web server issues a client certificate request.
7) An integer overflow exists in CoreFoundation when handling CFData
objects. This can be exploited to cause a heap-based buffer overflow
if an application calls "CFDataReplaceBytes" with an invalid "length"
argument.
8) An error due to an uninitialised variable in CoreGraphics can
potentially be exploited to execute arbitrary code when a specially
crafted PDF is opened.
9) A weakness is caused due to users not being warned before opening
certain potentially unsafe content types.
10) An error when printing to password-protected printers with debug
logging enabled may lead to the disclosure of sensitive information.
11) Some vulnerabilities in Adobe Flash Player can be exploited by
malicious people to bypass certain security restrictions, conduct
cross-site scripting attacks, or to potentially compromise a user's
system.
For more information:
SA28083
12) An integer underflow error in Help Viewer when handling
help:topic URLs can be exploited to cause a buffer overflow when a
specially crafted help:topic URL is accessed.
Successful exploitation may allow execution of arbitrary code.
13) A conversion error exists in ICU when handling certain character
encodings. This can potentially be exploited bypass content filters
and may lead to cross-site scripting and disclosure of sensitive
information.
14) Input passed to unspecified parameters in Image Capture's
embedded web server is not properly sanitised before being used. This
can be exploited to disclose the content of local files via directory
traversal attacks.
15) An error in the handling of temporary files in Image Capture can
be exploited by malicious, local users to manipulate files with the
privilege of a user running Image Capture.
16) A boundary error in the BMP and GIF image decoding engine in
ImageIO can be exploited to disclose content in memory.
17) Some vulnerabilities in ImageIO can be exploited by malicious
people to cause a DoS (Denial of Service).
The vulnerabilities are caused due to the use of vulnerable libpng
code.
For more information:
SA27093
SA27130
18) An integer overflow error in ImageIO within the processing of
JPEG2000 images can be exploited to cause a heap-based buffer
overflow when a specially crafted JPEG2000 image is viewed.
Successful exploitation of this vulnerability may allow execution of
arbitrary code.
19) An error in Mail is caused due to an uninitialised variable and
can lead to disclosure of sensitive information and potentially
execution of arbitrary code when mail is sent through an SMTP server
over IPv6.
20) A vulnerability in Mongrel can be exploited by malicious people
to disclose sensitive information.
For more information:
SA28323
21) The sso_util command-line tool requires that passwords be passed
to it in its arguments, which can be exploited by malicious, local
users to disclose the passwords.
22) An error in Wiki Server can be exploited to determine valid local
user names when nonexistent blogs are accessed.
ORIGINAL ADVISORY:
http://support.apple.com/kb/HT1897
OTHER REFERENCES:
SA18008:
http://secunia.com/advisories/18008/
SA18307:
http://secunia.com/advisories/18307/
SA26273:
http://secunia.com/advisories/26273/
SA26636:
http://secunia.com/advisories/26636/
SA27093:
http://secunia.com/advisories/27093/
SA27130:
http://secunia.com/advisories/27130/
SA28081:
http://secunia.com/advisories/28081/
SA28083:
http://secunia.com/advisories/28083/
SA28323:
http://secunia.com/advisories/28323/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200805-0567 | CVE-2008-1032 | Apple Mac OS X of CoreTypes Vulnerable to arbitrary code execution |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.5.3 allows user-assisted remote attackers to execute arbitrary code via an (1) Automator, (2) Help, (3) Safari, or (4) Terminal content type for a downloadable object, which does not trigger a "potentially unsafe" warning message in (a) the Download Validation feature in Mac OS X 10.4 or (b) the Quarantine feature in Mac OS X 10.5.
The security update addresses a total of 19 new vulnerabilities that affect the AFP Server, AppKit, Apple Pixlet Video, ATS, CFNetwork, CoreFoundation, CoreGraphics, CoreTypes, CUPS, Help Viewer, iCal, International Components for Unicode, Image Capture, ImageIO, Kernel, Mail, Single Sign-On, and Wiki Server components of Mac OS X.
This issue can lead to a false sense of security, potentially aiding in network-based attacks.
This issue affects Mac OS X 10.4.11, Mac OS X Server 10.4.11, Mac OS X 10.5 - 10.5.2, and Mac OS X Server 10.5 - 10.5.2.
NOTE: This issue was previously covered in BID 29412 (Apple Mac OS X 2008-003 Multiple Security Vulnerabilities) but has been given its own record to better document the vulnerability. Although these content types are not automatically enabled, they can still lead to malicious payloads if they are manually enabled.
I. Further
details are available in the US-CERT Vulnerability Notes Database.
II.
III. These and other updates are available via Software Update or
via Apple Downloads.
IV. Please send
email to <cert@cert.org> with "TA08-150A Feedback VU#566875" in the
subject.
_________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
_________________________________________________________________
Produced 2008 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
May 29 2008: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBSD8M8XIHljM+H4irAQL8gggAhPXOm6pPXxrZpjiJYHmlhwCCIclyj9vo
Yvs/cicI8vJ3vB4xkUd51/iFoze6D3mFnSxwVAgrixysdkaCxBUyWqmRumEDTXfx
403FR2yIFpSFr7+9VXXWpmq6E0aHVjrKPOArq5uysuIPOHiEbKUisT2gBXUlPrtN
RjUg/w/9/IEryPxv/nVzHMcLDde2OLyoo+tiSCOqJK/sC/VUM/d1zkdIDOfu0zom
vmqM10hDyA7VR2rgkKvSbqXOWHua0t4eHaNMP0h3N51yLmFhMHxBGj9zWXj9dpHI
DcQ9gnQKm7YocOfLC4IPV0BWuPoAkNOEAPeRapPgmJ60icjOpn/MTQ==
=QvSr
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
Secunia Network Software Inspector 2.0 (NSI) - Public Beta
The Public Beta has ended. Thanks to all that participated.
1) An error in AFP server allows connected users or guests to access
files and directories that are not within a shared directory.
2) Some vulnerabilities in Apache can be exploited by malicious
people to conduct cross-site scripting attacks or to cause a DoS
(Denial of Service).
3) An unspecified error in AppKit can potentially be exploited to
execute arbitrary code when a user opens a specially crafted document
file with an editor that uses AppKit (e.g. TextEdit).
4) Multiple unspecified errors exist in the processing of Pixlet
video files. These can be exploited to cause memory corruption and
potentially allow for execution of arbitrary code when a user opens a
specially crafted movie file.
5) An unspecified error exists in Apple Type Services when processing
embedded fonts in PDF files. This can be exploited to cause a memory
corruption when a PDF file containing a specially crafted embedded
font is printed.
Successful exploitation may allow execution of arbitrary code.
6) An error in Safari's SSL client certificate handling can lead to
an information disclosure of the first client certificate found in
the keychain when a web server issues a client certificate request.
7) An integer overflow exists in CoreFoundation when handling CFData
objects. This can be exploited to cause a heap-based buffer overflow
if an application calls "CFDataReplaceBytes" with an invalid "length"
argument.
8) An error due to an uninitialised variable in CoreGraphics can
potentially be exploited to execute arbitrary code when a specially
crafted PDF is opened.
10) An error when printing to password-protected printers with debug
logging enabled may lead to the disclosure of sensitive information.
11) Some vulnerabilities in Adobe Flash Player can be exploited by
malicious people to bypass certain security restrictions, conduct
cross-site scripting attacks, or to potentially compromise a user's
system.
For more information:
SA28083
12) An integer underflow error in Help Viewer when handling
help:topic URLs can be exploited to cause a buffer overflow when a
specially crafted help:topic URL is accessed.
Successful exploitation may allow execution of arbitrary code.
13) A conversion error exists in ICU when handling certain character
encodings. This can potentially be exploited bypass content filters
and may lead to cross-site scripting and disclosure of sensitive
information.
14) Input passed to unspecified parameters in Image Capture's
embedded web server is not properly sanitised before being used. This
can be exploited to disclose the content of local files via directory
traversal attacks.
15) An error in the handling of temporary files in Image Capture can
be exploited by malicious, local users to manipulate files with the
privilege of a user running Image Capture.
16) A boundary error in the BMP and GIF image decoding engine in
ImageIO can be exploited to disclose content in memory.
17) Some vulnerabilities in ImageIO can be exploited by malicious
people to cause a DoS (Denial of Service).
The vulnerabilities are caused due to the use of vulnerable libpng
code.
For more information:
SA27093
SA27130
18) An integer overflow error in ImageIO within the processing of
JPEG2000 images can be exploited to cause a heap-based buffer
overflow when a specially crafted JPEG2000 image is viewed.
Successful exploitation of this vulnerability may allow execution of
arbitrary code.
19) An error in Mail is caused due to an uninitialised variable and
can lead to disclosure of sensitive information and potentially
execution of arbitrary code when mail is sent through an SMTP server
over IPv6.
20) A vulnerability in Mongrel can be exploited by malicious people
to disclose sensitive information.
For more information:
SA28323
21) The sso_util command-line tool requires that passwords be passed
to it in its arguments, which can be exploited by malicious, local
users to disclose the passwords.
22) An error in Wiki Server can be exploited to determine valid local
user names when nonexistent blogs are accessed.
ORIGINAL ADVISORY:
http://support.apple.com/kb/HT1897
OTHER REFERENCES:
SA18008:
http://secunia.com/advisories/18008/
SA18307:
http://secunia.com/advisories/18307/
SA26273:
http://secunia.com/advisories/26273/
SA26636:
http://secunia.com/advisories/26636/
SA27093:
http://secunia.com/advisories/27093/
SA27130:
http://secunia.com/advisories/27130/
SA28081:
http://secunia.com/advisories/28081/
SA28083:
http://secunia.com/advisories/28083/
SA28323:
http://secunia.com/advisories/28323/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200805-0565 | CVE-2008-1030 | Apple Mac OS X of CFData API Heap-based buffer overflow vulnerability |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Integer overflow in the CFDataReplaceBytes function in the CFData API in CoreFoundation in Apple Mac OS X before 10.5.3 allows context-dependent attackers to execute arbitrary code or cause a denial of service (crash) via an invalid length argument, which triggers a heap-based buffer overflow.
The security update addresses a total of 19 new vulnerabilities that affect the AFP Server, AppKit, Apple Pixlet Video, ATS, CFNetwork, CoreFoundation, CoreGraphics, CoreTypes, CUPS, Help Viewer, iCal, International Components for Unicode, Image Capture, ImageIO, Kernel, Mail, Single Sign-On, and Wiki Server components of Mac OS X. Apple Mac OS X is prone to a remote code-execution vulnerability affecting CoreFoundation.
Successful exploits will allow attackers to execute arbitrary code in the context of the affected component. Failed exploit attempts will likely result in denial-of-service conditions.
This issue affects Mac OS X 10.4.11, Mac OS X Server 10.4.11, Mac OS X 10.5 - 10.5.2, and Mac OS X Server 10.5 - 10.5.2.
NOTE: This issue was previously covered in BID 29412 (Apple Mac OS X 2008-003 Multiple Security Vulnerabilities) but has been given its own record to better document the vulnerability.
I. Further
details are available in the US-CERT Vulnerability Notes Database.
II.
III. These and other updates are available via Software Update or
via Apple Downloads.
IV. Please send
email to <cert@cert.org> with "TA08-150A Feedback VU#566875" in the
subject.
_________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
_________________________________________________________________
Produced 2008 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
May 29 2008: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBSD8M8XIHljM+H4irAQL8gggAhPXOm6pPXxrZpjiJYHmlhwCCIclyj9vo
Yvs/cicI8vJ3vB4xkUd51/iFoze6D3mFnSxwVAgrixysdkaCxBUyWqmRumEDTXfx
403FR2yIFpSFr7+9VXXWpmq6E0aHVjrKPOArq5uysuIPOHiEbKUisT2gBXUlPrtN
RjUg/w/9/IEryPxv/nVzHMcLDde2OLyoo+tiSCOqJK/sC/VUM/d1zkdIDOfu0zom
vmqM10hDyA7VR2rgkKvSbqXOWHua0t4eHaNMP0h3N51yLmFhMHxBGj9zWXj9dpHI
DcQ9gnQKm7YocOfLC4IPV0BWuPoAkNOEAPeRapPgmJ60icjOpn/MTQ==
=QvSr
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
Secunia Network Software Inspector 2.0 (NSI) - Public Beta
The Public Beta has ended. Thanks to all that participated.
1) An error in AFP server allows connected users or guests to access
files and directories that are not within a shared directory.
2) Some vulnerabilities in Apache can be exploited by malicious
people to conduct cross-site scripting attacks or to cause a DoS
(Denial of Service).
3) An unspecified error in AppKit can potentially be exploited to
execute arbitrary code when a user opens a specially crafted document
file with an editor that uses AppKit (e.g. TextEdit).
4) Multiple unspecified errors exist in the processing of Pixlet
video files. These can be exploited to cause memory corruption and
potentially allow for execution of arbitrary code when a user opens a
specially crafted movie file.
5) An unspecified error exists in Apple Type Services when processing
embedded fonts in PDF files. This can be exploited to cause a memory
corruption when a PDF file containing a specially crafted embedded
font is printed.
6) An error in Safari's SSL client certificate handling can lead to
an information disclosure of the first client certificate found in
the keychain when a web server issues a client certificate request.
7) An integer overflow exists in CoreFoundation when handling CFData
objects.
8) An error due to an uninitialised variable in CoreGraphics can
potentially be exploited to execute arbitrary code when a specially
crafted PDF is opened.
9) A weakness is caused due to users not being warned before opening
certain potentially unsafe content types.
10) An error when printing to password-protected printers with debug
logging enabled may lead to the disclosure of sensitive information.
11) Some vulnerabilities in Adobe Flash Player can be exploited by
malicious people to bypass certain security restrictions, conduct
cross-site scripting attacks, or to potentially compromise a user's
system.
For more information:
SA28083
12) An integer underflow error in Help Viewer when handling
help:topic URLs can be exploited to cause a buffer overflow when a
specially crafted help:topic URL is accessed.
13) A conversion error exists in ICU when handling certain character
encodings. This can potentially be exploited bypass content filters
and may lead to cross-site scripting and disclosure of sensitive
information.
14) Input passed to unspecified parameters in Image Capture's
embedded web server is not properly sanitised before being used. This
can be exploited to disclose the content of local files via directory
traversal attacks.
15) An error in the handling of temporary files in Image Capture can
be exploited by malicious, local users to manipulate files with the
privilege of a user running Image Capture.
16) A boundary error in the BMP and GIF image decoding engine in
ImageIO can be exploited to disclose content in memory.
17) Some vulnerabilities in ImageIO can be exploited by malicious
people to cause a DoS (Denial of Service).
The vulnerabilities are caused due to the use of vulnerable libpng
code.
For more information:
SA27093
SA27130
18) An integer overflow error in ImageIO within the processing of
JPEG2000 images can be exploited to cause a heap-based buffer
overflow when a specially crafted JPEG2000 image is viewed.
19) An error in Mail is caused due to an uninitialised variable and
can lead to disclosure of sensitive information and potentially
execution of arbitrary code when mail is sent through an SMTP server
over IPv6.
20) A vulnerability in Mongrel can be exploited by malicious people
to disclose sensitive information.
For more information:
SA28323
21) The sso_util command-line tool requires that passwords be passed
to it in its arguments, which can be exploited by malicious, local
users to disclose the passwords.
22) An error in Wiki Server can be exploited to determine valid local
user names when nonexistent blogs are accessed.
ORIGINAL ADVISORY:
http://support.apple.com/kb/HT1897
OTHER REFERENCES:
SA18008:
http://secunia.com/advisories/18008/
SA18307:
http://secunia.com/advisories/18307/
SA26273:
http://secunia.com/advisories/26273/
SA26636:
http://secunia.com/advisories/26636/
SA27093:
http://secunia.com/advisories/27093/
SA27130:
http://secunia.com/advisories/27130/
SA28081:
http://secunia.com/advisories/28081/
SA28083:
http://secunia.com/advisories/28083/
SA28323:
http://secunia.com/advisories/28323/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200805-0573 | CVE-2008-1573 | Apple Safari automatically executes downloaded files based on Internet Explorer zone settings |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
The BMP and GIF image decoding engine in ImageIO in Apple Mac OS X before 10.5.3 allows remote attackers to obtain sensitive information (memory contents) via a crafted (1) BMP or (2) GIF image, which causes an out-of-bounds read. Apple Safari automatically executes downloaded files based on Internet Explorer zone settings, which can allow a remote attacker to execute arbitrary code on a vulnerable system.
The security update addresses a total of 19 new vulnerabilities that affect the AFP Server, AppKit, Apple Pixlet Video, ATS, CFNetwork, CoreFoundation, CoreGraphics, CoreTypes, CUPS, Help Viewer, iCal, International Components for Unicode, Image Capture, ImageIO, Kernel, Mail, Single Sign-On, and Wiki Server components of Mac OS X. Apple Mac OS X is prone to an information-disclosure vulnerability that occurs in ImageIO.
An attacker can exploit this issue to obtain sensitive information that may lead to further attacks.
This issue affects Mac OS X 10.4.11, Mac OS X Server 10.4.11, Mac OS X 10.5 - 10.5.2, and Mac OS X Server 10.5 - 10.5.2.
NOTE: This issue was previously covered in BID 29412 (Apple Mac OS X 2008-003 Multiple Security Vulnerabilities) but has been given its own record to better document the vulnerability.
I. Further
details are available in the US-CERT Vulnerability Notes Database.
II.
III. These and other updates are available via Software Update or
via Apple Downloads.
IV. Please send
email to <cert@cert.org> with "TA08-150A Feedback VU#566875" in the
subject.
_________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
_________________________________________________________________
Produced 2008 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
May 29 2008: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBSD8M8XIHljM+H4irAQL8gggAhPXOm6pPXxrZpjiJYHmlhwCCIclyj9vo
Yvs/cicI8vJ3vB4xkUd51/iFoze6D3mFnSxwVAgrixysdkaCxBUyWqmRumEDTXfx
403FR2yIFpSFr7+9VXXWpmq6E0aHVjrKPOArq5uysuIPOHiEbKUisT2gBXUlPrtN
RjUg/w/9/IEryPxv/nVzHMcLDde2OLyoo+tiSCOqJK/sC/VUM/d1zkdIDOfu0zom
vmqM10hDyA7VR2rgkKvSbqXOWHua0t4eHaNMP0h3N51yLmFhMHxBGj9zWXj9dpHI
DcQ9gnQKm7YocOfLC4IPV0BWuPoAkNOEAPeRapPgmJ60icjOpn/MTQ==
=QvSr
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
Secunia Network Software Inspector 2.0 (NSI) - Public Beta
The Public Beta has ended. Thanks to all that participated.
1) An error in AFP server allows connected users or guests to access
files and directories that are not within a shared directory.
2) Some vulnerabilities in Apache can be exploited by malicious
people to conduct cross-site scripting attacks or to cause a DoS
(Denial of Service). TextEdit).
4) Multiple unspecified errors exist in the processing of Pixlet
video files.
5) An unspecified error exists in Apple Type Services when processing
embedded fonts in PDF files. This can be exploited to cause a memory
corruption when a PDF file containing a specially crafted embedded
font is printed.
Successful exploitation may allow execution of arbitrary code.
6) An error in Safari's SSL client certificate handling can lead to
an information disclosure of the first client certificate found in
the keychain when a web server issues a client certificate request.
7) An integer overflow exists in CoreFoundation when handling CFData
objects. This can be exploited to cause a heap-based buffer overflow
if an application calls "CFDataReplaceBytes" with an invalid "length"
argument.
8) An error due to an uninitialised variable in CoreGraphics can
potentially be exploited to execute arbitrary code when a specially
crafted PDF is opened.
9) A weakness is caused due to users not being warned before opening
certain potentially unsafe content types.
10) An error when printing to password-protected printers with debug
logging enabled may lead to the disclosure of sensitive information.
11) Some vulnerabilities in Adobe Flash Player can be exploited by
malicious people to bypass certain security restrictions, conduct
cross-site scripting attacks, or to potentially compromise a user's
system.
Successful exploitation may allow execution of arbitrary code.
13) A conversion error exists in ICU when handling certain character
encodings.
14) Input passed to unspecified parameters in Image Capture's
embedded web server is not properly sanitised before being used. This
can be exploited to disclose the content of local files via directory
traversal attacks.
15) An error in the handling of temporary files in Image Capture can
be exploited by malicious, local users to manipulate files with the
privilege of a user running Image Capture.
17) Some vulnerabilities in ImageIO can be exploited by malicious
people to cause a DoS (Denial of Service).
The vulnerabilities are caused due to the use of vulnerable libpng
code.
For more information:
SA27093
SA27130
18) An integer overflow error in ImageIO within the processing of
JPEG2000 images can be exploited to cause a heap-based buffer
overflow when a specially crafted JPEG2000 image is viewed.
Successful exploitation of this vulnerability may allow execution of
arbitrary code.
19) An error in Mail is caused due to an uninitialised variable and
can lead to disclosure of sensitive information and potentially
execution of arbitrary code when mail is sent through an SMTP server
over IPv6.
For more information:
SA28323
21) The sso_util command-line tool requires that passwords be passed
to it in its arguments, which can be exploited by malicious, local
users to disclose the passwords.
22) An error in Wiki Server can be exploited to determine valid local
user names when nonexistent blogs are accessed.
ORIGINAL ADVISORY:
http://support.apple.com/kb/HT1897
OTHER REFERENCES:
SA18008:
http://secunia.com/advisories/18008/
SA18307:
http://secunia.com/advisories/18307/
SA26273:
http://secunia.com/advisories/26273/
SA26636:
http://secunia.com/advisories/26636/
SA27093:
http://secunia.com/advisories/27093/
SA27130:
http://secunia.com/advisories/27130/
SA28081:
http://secunia.com/advisories/28081/
SA28083:
http://secunia.com/advisories/28083/
SA28323:
http://secunia.com/advisories/28323/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
The vulnerabilities are reported in Safari for Windows prior to
version 3.1.2.
SOLUTION:
Update to version 3.1.2.
http://www.apple.com/support/downloads/safari312forwindows.html
PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
1) Gynvael Coldwind, Hispasec
2) Will Dormann, CERT/CC
3) James Urquhart
CHANGELOG:
2008-06-20: Added link to US-CERT
| VAR-200805-0566 | CVE-2008-1036 | Apple Mac OS X of International Components for Unicode (ICU) Vulnerable to cross-site scripting |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
The International Components for Unicode (ICU) library in Apple Mac OS X before 10.5.3, Red Hat Enterprise Linux 5, and other operating systems omits some invalid character sequences during conversion of some character encodings, which might allow remote attackers to conduct cross-site scripting (XSS) attacks.
The security update addresses a total of 19 new vulnerabilities that affect the AFP Server, AppKit, Apple Pixlet Video, ATS, CFNetwork, CoreFoundation, CoreGraphics, CoreTypes, CUPS, Help Viewer, iCal, International Components for Unicode, Image Capture, ImageIO, Kernel, Mail, Single Sign-On, and Wiki Server components of Mac OS X. The International Components for Unicode (ICU) is prone to a vulnerability related to the handling of certain invalid character sequences.
An attacker may leverage this vulnerability to bypass content filters. This may lead to cross-site scripting attacks or the disclosure of sensitive information in some cases. Other attacks are also possible.
NOTE: This issue was previously covered in BID 29412 (Apple Mac OS X 2008-003 Multiple Security Vulnerabilities), but has been given its own record to better document the vulnerability.
I. Further
details are available in the US-CERT Vulnerability Notes Database.
II.
III. These and other updates are available via Software Update or
via Apple Downloads.
IV. Please send
email to <cert@cert.org> with "TA08-150A Feedback VU#566875" in the
subject.
_________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
_________________________________________________________________
Produced 2008 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
May 29 2008: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBSD8M8XIHljM+H4irAQL8gggAhPXOm6pPXxrZpjiJYHmlhwCCIclyj9vo
Yvs/cicI8vJ3vB4xkUd51/iFoze6D3mFnSxwVAgrixysdkaCxBUyWqmRumEDTXfx
403FR2yIFpSFr7+9VXXWpmq6E0aHVjrKPOArq5uysuIPOHiEbKUisT2gBXUlPrtN
RjUg/w/9/IEryPxv/nVzHMcLDde2OLyoo+tiSCOqJK/sC/VUM/d1zkdIDOfu0zom
vmqM10hDyA7VR2rgkKvSbqXOWHua0t4eHaNMP0h3N51yLmFhMHxBGj9zWXj9dpHI
DcQ9gnQKm7YocOfLC4IPV0BWuPoAkNOEAPeRapPgmJ60icjOpn/MTQ==
=QvSr
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
Secunia Network Software Inspector 2.0 (NSI) - Public Beta
The Public Beta has ended. Thanks to all that participated.
1) An error in AFP server allows connected users or guests to access
files and directories that are not within a shared directory.
2) Some vulnerabilities in Apache can be exploited by malicious
people to conduct cross-site scripting attacks or to cause a DoS
(Denial of Service).
3) An unspecified error in AppKit can potentially be exploited to
execute arbitrary code when a user opens a specially crafted document
file with an editor that uses AppKit (e.g. TextEdit).
4) Multiple unspecified errors exist in the processing of Pixlet
video files. These can be exploited to cause memory corruption and
potentially allow for execution of arbitrary code when a user opens a
specially crafted movie file.
5) An unspecified error exists in Apple Type Services when processing
embedded fonts in PDF files. This can be exploited to cause a memory
corruption when a PDF file containing a specially crafted embedded
font is printed.
Successful exploitation may allow execution of arbitrary code.
6) An error in Safari's SSL client certificate handling can lead to
an information disclosure of the first client certificate found in
the keychain when a web server issues a client certificate request.
7) An integer overflow exists in CoreFoundation when handling CFData
objects. This can be exploited to cause a heap-based buffer overflow
if an application calls "CFDataReplaceBytes" with an invalid "length"
argument.
8) An error due to an uninitialised variable in CoreGraphics can
potentially be exploited to execute arbitrary code when a specially
crafted PDF is opened.
9) A weakness is caused due to users not being warned before opening
certain potentially unsafe content types.
11) Some vulnerabilities in Adobe Flash Player can be exploited by
malicious people to bypass certain security restrictions, conduct
cross-site scripting attacks, or to potentially compromise a user's
system.
For more information:
SA28083
12) An integer underflow error in Help Viewer when handling
help:topic URLs can be exploited to cause a buffer overflow when a
specially crafted help:topic URL is accessed.
Successful exploitation may allow execution of arbitrary code.
14) Input passed to unspecified parameters in Image Capture's
embedded web server is not properly sanitised before being used. This
can be exploited to disclose the content of local files via directory
traversal attacks.
15) An error in the handling of temporary files in Image Capture can
be exploited by malicious, local users to manipulate files with the
privilege of a user running Image Capture.
16) A boundary error in the BMP and GIF image decoding engine in
ImageIO can be exploited to disclose content in memory.
17) Some vulnerabilities in ImageIO can be exploited by malicious
people to cause a DoS (Denial of Service).
The vulnerabilities are caused due to the use of vulnerable libpng
code.
For more information:
SA27093
SA27130
18) An integer overflow error in ImageIO within the processing of
JPEG2000 images can be exploited to cause a heap-based buffer
overflow when a specially crafted JPEG2000 image is viewed.
Successful exploitation of this vulnerability may allow execution of
arbitrary code.
19) An error in Mail is caused due to an uninitialised variable and
can lead to disclosure of sensitive information and potentially
execution of arbitrary code when mail is sent through an SMTP server
over IPv6.
For more information:
SA28323
21) The sso_util command-line tool requires that passwords be passed
to it in its arguments, which can be exploited by malicious, local
users to disclose the passwords.
22) An error in Wiki Server can be exploited to determine valid local
user names when nonexistent blogs are accessed.
ORIGINAL ADVISORY:
http://support.apple.com/kb/HT1897
OTHER REFERENCES:
SA18008:
http://secunia.com/advisories/18008/
SA18307:
http://secunia.com/advisories/18307/
SA26273:
http://secunia.com/advisories/26273/
SA26636:
http://secunia.com/advisories/26636/
SA27093:
http://secunia.com/advisories/27093/
SA27130:
http://secunia.com/advisories/27130/
SA28081:
http://secunia.com/advisories/28081/
SA28083:
http://secunia.com/advisories/28083/
SA28323:
http://secunia.com/advisories/28323/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. ===========================================================
Ubuntu Security Notice USN-747-1 March 26, 2009
icu vulnerability
CVE-2008-1036
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 7.10
Ubuntu 8.04 LTS
Ubuntu 8.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
libicu34 3.4.1a-1ubuntu1.6.06.2
Ubuntu 7.10:
libicu36 3.6-3ubuntu0.2
Ubuntu 8.04 LTS:
libicu38 3.8-6ubuntu0.1
Ubuntu 8.10:
libicu38 3.8.1-2ubuntu0.1
After a standard system upgrade you need to restart applications linked
against libicu, such as OpenOffice.org, to effect the necessary changes.
Details follow:
It was discovered that libicu did not correctly handle certain invalid
encoded data. If a user or automated system were tricked into processing
specially crafted data with applications linked against libicu, certain
content filters could be bypassed. ----------------------------------------------------------------------
Did you know? Our assessment and impact rating along with detailed
information such as exploit code availability, or if an updated patch
is released by the vendor, is not part of this mailing-list?
Click here to learn more about our commercial solutions:
http://secunia.com/advisories/business_solutions/
Click here to trial our solutions:
http://secunia.com/advisories/try_vi/
----------------------------------------------------------------------
TITLE:
Red Hat update for icu
SECUNIA ADVISORY ID:
SA34290
VERIFY ADVISORY:
http://secunia.com/advisories/34290/
DESCRIPTION:
Red Hat has issued an update for icu.
For more information:
SA34246
SOLUTION:
Updated packages are available via Red Hat Network. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1762-1 security@debian.org
http://www.debian.org/security/ Steffen Joeris
April 02, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : icu
Vulnerability : insufficient input sanitising
Problem type : remote
Debian-specific: no
CVE Id : CVE-2008-1036
It was discovered that icu, the internal components for Unicode, did
not properly sanitise invalid encoded data, which could lead to cross-
site scripting attacks.
For the stable distribution (lenny), this problem has been fixed in
version 3.8.1-3+lenny1.
For the oldstable distribution (etch), this problem has been fixed in
version 3.6-2etch2.
For the testing distribution (squeeze) and the unstable distribution
(sid), this problem has been fixed in version 4.0.1-1.
We recommend that you upgrade your icu packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Debian (oldstable)
- ------------------
Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/i/icu/icu_3.6-2etch2.diff.gz
Size/MD5 checksum: 14912 d15e89ba186f4003cf0fe25523bf5b68
http://security.debian.org/pool/updates/main/i/icu/icu_3.6-2etch2.dsc
Size/MD5 checksum: 600 be64e9d5a346866e9cb5c0f60243d2fe
http://security.debian.org/pool/updates/main/i/icu/icu_3.6.orig.tar.gz
Size/MD5 checksum: 9778863 0f1bda1992b4adca62da68a7ad79d830
Architecture independent packages:
http://security.debian.org/pool/updates/main/i/icu/icu-doc_3.6-2etch2_all.deb
Size/MD5 checksum: 3334030 c6e6fbd348c8d802746a890393a767a5
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch2_alpha.deb
Size/MD5 checksum: 5584350 c988d1810f2abe6aca3c530061343674
http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch2_alpha.deb
Size/MD5 checksum: 7009562 489c1341f1331b8664ec201d7b0896ac
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch2_amd64.deb
Size/MD5 checksum: 5444828 4cf4fecae90466c879a1b506da4b54da
http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch2_amd64.deb
Size/MD5 checksum: 6584058 b74be6476a73b13f397c742dd05a46ef
arm architecture (ARM)
http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch2_arm.deb
Size/MD5 checksum: 5455872 ffd9a4362bd56c95ac8c9e2d59b0f85b
http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch2_arm.deb
Size/MD5 checksum: 6625136 a64d8a5965f960b7a42f175465552d1b
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch2_i386.deb
Size/MD5 checksum: 6480730 bab51b594e5b159ec97c4d0a78e137d4
http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch2_i386.deb
Size/MD5 checksum: 5464844 6022ce1a314dc2ac9ba6a4e7c2364c0f
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch2_ia64.deb
Size/MD5 checksum: 7240032 54c98bff14b4d4b9106cbe4a0f37a790
http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch2_ia64.deb
Size/MD5 checksum: 5865936 dfe2b9a21d02b3f6d0328076e90884b9
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch2_mips.deb
Size/MD5 checksum: 5747772 6f7e94aa52df7e55632aded82da5be5b
http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch2_mips.deb
Size/MD5 checksum: 7032276 c873f62a11e599880d349171be6724b7
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch2_mipsel.deb
Size/MD5 checksum: 6767430 c34cfe617b2fa3b0ac265f445a77b151
http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch2_mipsel.deb
Size/MD5 checksum: 5462642 42cec53922ec7b565c314daca3480331
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch2_powerpc.deb
Size/MD5 checksum: 6889534 dbbcea68da2b4cde02734cf8af6a8bdd
http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch2_powerpc.deb
Size/MD5 checksum: 5748424 4af92234d22b585cdce7912733bc309e
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch2_s390.deb
Size/MD5 checksum: 6895200 637a01ea921657380bd42959e4bd5adf
http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch2_s390.deb
Size/MD5 checksum: 5777440 b1be81050b86652f9c1d943bc4887dc7
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch2_sparc.deb
Size/MD5 checksum: 6772296 b0bb6f8d327193d0e9055e8eb8f98a51
http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch2_sparc.deb
Size/MD5 checksum: 5671528 fa33dfa1c2278405708d23cd94be6919
Debian GNU/Linux 5.0 alias lenny
- --------------------------------
Debian (stable)
- ---------------
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/i/icu/icu_3.8.1-3+lenny1.dsc
Size/MD5 checksum: 1297 daaf6d8629a5cde19dcfed98bc9a84a9
http://security.debian.org/pool/updates/main/i/icu/icu_3.8.1.orig.tar.gz
Size/MD5 checksum: 10591204 ca52a1eb5050478f5f7d24e16ce01f57
http://security.debian.org/pool/updates/main/i/icu/icu_3.8.1-3+lenny1.diff.gz
Size/MD5 checksum: 20267 9c9d1d71c50f4deec44e95a9d5ea2530
Architecture independent packages:
http://security.debian.org/pool/updates/main/i/icu/icu-doc_3.8.1-3+lenny1_all.deb
Size/MD5 checksum: 3774790 1a1cd3c7fde641350322461af9f57a37
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny1_alpha.deb
Size/MD5 checksum: 7565948 02e495e8771842e904cf67a80de61b82
http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny1_alpha.deb
Size/MD5 checksum: 6065532 de58265aad775defadbb2a7b6af9d88d
http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny1_alpha.deb
Size/MD5 checksum: 2364976 a28a051462a4b40c1ca94b663145ce16
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/i/icu/lib32icu-dev_3.8.1-3+lenny1_amd64.deb
Size/MD5 checksum: 6062920 3a90fc0d97f43436e4cca417a662b0f8
http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny1_amd64.deb
Size/MD5 checksum: 7131010 c7bcc67bf7ebc77254f2b5b9f312f1bb
http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny1_amd64.deb
Size/MD5 checksum: 2401370 d54929d018b9c28224299bad4b3fd3a7
http://security.debian.org/pool/updates/main/i/icu/lib32icu38_3.8.1-3+lenny1_amd64.deb
Size/MD5 checksum: 5920040 bfbb1dd39f462c2737a114f40fc3b494
http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny1_amd64.deb
Size/MD5 checksum: 5932356 bcf6d7dab8a71f00e702384b97cf19a4
arm architecture (ARM)
http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny1_arm.deb
Size/MD5 checksum: 2286786 ce4bb8567f48cc3cf235368db8963544
http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny1_arm.deb
Size/MD5 checksum: 7183924 fbc8204644ef5e0fc74fc22f7d26034a
http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny1_arm.deb
Size/MD5 checksum: 5907872 93989d0a25c86c9e38e6317ca420fbc4
armel architecture (ARM EABI)
http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny1_armel.deb
Size/MD5 checksum: 1755700 89f87c26a0ce9a7f923a05d9b2555673
http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny1_armel.deb
Size/MD5 checksum: 7411842 70fc597eeb9c0e9e68d0137e0216f124
http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny1_armel.deb
Size/MD5 checksum: 5847710 08c26011ddb182edb57549e671d6cc61
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny1_hppa.deb
Size/MD5 checksum: 6377564 b8b8b1a62a0a02dd8469f7c172d92415
http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny1_hppa.deb
Size/MD5 checksum: 7663982 cae24c749162aa3f4a896ec5dbde678a
http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny1_hppa.deb
Size/MD5 checksum: 2357154 3ba097e27ead38178bbb8f804f13d77a
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny1_i386.deb
Size/MD5 checksum: 2278828 f9111677c4e7b9244bd643d748e2f18c
http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny1_i386.deb
Size/MD5 checksum: 5920016 7aecb5bc8fe15f0c1b5ef5c4419eab6a
http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny1_i386.deb
Size/MD5 checksum: 6991888 351e9f8d60f139c335bf7ea07235dc08
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny1_ia64.deb
Size/MD5 checksum: 6396240 7c56b1d5f54c9f6a4a2a6fc9698e4337
http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny1_ia64.deb
Size/MD5 checksum: 7825392 c99733de07fe43de5c0c1d923ebf93aa
http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny1_ia64.deb
Size/MD5 checksum: 2207992 757e5e5c49c66411cc7e1077808c7576
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny1_mips.deb
Size/MD5 checksum: 7599142 1d81608602f7b3a18dc8e3d03bf603ff
http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny1_mips.deb
Size/MD5 checksum: 6207630 d7bd482f6030f1ae4ff75c4735947b08
http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny1_mips.deb
Size/MD5 checksum: 2472538 2f7b6f0c8a5dfa6ce877b8305a6779b0
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny1_mipsel.deb
Size/MD5 checksum: 2405182 59d89f0a9a81429ec02f87debcb8e6a3
http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny1_mipsel.deb
Size/MD5 checksum: 5898892 94257031e244b5b52e9cbe8e37bb1f30
http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny1_mipsel.deb
Size/MD5 checksum: 7293408 f70b0c75989a5983f6921ee323b99c3c
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny1_powerpc.deb
Size/MD5 checksum: 6290800 bae34e705b5213d14a638350398a7d29
http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny1_powerpc.deb
Size/MD5 checksum: 7460598 8edd0cb02d62dfc5ce69c872e413ca39
http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny1_powerpc.deb
Size/MD5 checksum: 2376240 00fc0ad10f85fded7380fcaaccbe1514
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny1_s390.deb
Size/MD5 checksum: 7434356 de117fb929327d908c11ede36daa9166
http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny1_s390.deb
Size/MD5 checksum: 6269494 a17ae098f688e8a14bc79854013cada4
http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny1_s390.deb
Size/MD5 checksum: 2468406 d57fdf831571e1147f213051a50f8fdd
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny1_sparc.deb
Size/MD5 checksum: 6144646 e12966bb72793d7e6220eafd5ddb0c88
http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny1_sparc.deb
Size/MD5 checksum: 2133070 454335db0966dc15c78261ef1a8fdcfc
http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny1_sparc.deb
Size/MD5 checksum: 7302732 432d9fdee1502bf363d1db33ee6519ab
These files will probably be moved into the stable distribution on
its next update
| VAR-200805-0386 | No CVE | BT Home Hub Administrator Password Disclosure Vulnerability |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
BT Home Hub is a wireless Internet router for home use. The latest firmware version of BT Home Hub adds a new security feature that allows the default administrator password to be changed from admin to the serial number of the router, but as long as the MDAP multicast request is sent to the network where the router is located, the Home Hub sequence can be obtained. number. To exploit this vulnerability, an attacker must join the LAN where the Home Hub is located via ethernet or Wi-Fi. There are two ways to hack into the BT Home Hub Wi-Fi network: - arp playback injection and weak IV cracking - guess the Home Hub's default WEP key list by SSID violence.
Exploiting this issue can allow an unauthenticated remote attacker to harvest the administrator password of the device. This can facilitate the complete compromise of the device and may aid in launching further attacks on computers routed through the device.
This issue affects Home Hub firmware 6.2.6.E
| VAR-200807-0235 | CVE-2008-3249 | Lenovo System Update Vulnerability to install arbitrary packages on the client |
CVSS V2: 5.1 CVSS V3: - Severity: MEDIUM |
The client in Lenovo System Update before 3.14 does not properly validate the certificate when establishing an SSL connection, which allows remote attackers to install arbitrary packages via an SSL certificate whose X.509 headers match a public certificate used by IBM. Lenovo System Update is prone to a security-bypass vulnerability because the application fails to properly check SSL certificates.
Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks by impersonating trusted servers, which can lead to the installation of arbitrary software on an affected computer. This may result in a complete compromise of the computer.
This issue affects Lenovo System Update 3 (Version 3.13.0005, Build date 2008-1-3); other versions may also be vulnerable. Lenovo System Update is a set of system automatic update tools from Lenovo in China, which includes device driver updates, Windows system patch updates, etc. Lenovo's System Update service allows downloading and installing arbitrary update executables from fake servers. After the SSL negotiation is successful, the client will continue to download the XML file, which contains the path name, size and related SHA-1 hash to the EXE file. If the software version displayed in the XML file is higher than the version of the installed software, the EXE file will be downloaded, the SHA-1 hash will be calculated and compared with the hash defined in the XML file, and if it matches, it will be administrator Permission to execute executable programs. To exploit this vulnerability, the attacker must create a self-signed SSL certificate that contains the X.509 header values (issuer, common name, organization, etc.) of the public SSL certificate used by the SystemUpdate server (download.boulder.ibm.com) , the attacker would also modify the XML configuration file of the targeted software package so that the version number, file size, and SHA-1 hash match the malicious EXE file. When SystemUpdate tries to connect to the server, the attacker can accept the connection through techniques such as DNS spoofing and ARP redirection. Wireless networks are especially at risk because impersonation of access points can simplify attacks. Once SystemUpdate connects to TCP port 443, the fake server negotiates an SSL session with an attacker-created SSL certificate, then sends malicious XML and EXE files when SystemUpdate requests the targeted software package. ----------------------------------------------------------------------
Secunia Network Software Inspector 2.0 (NSI) - Public Beta
The Public Beta has ended. Thanks to all that participated.
Learn more:
http://secunia.com/network_software_inspector_2/
----------------------------------------------------------------------
TITLE:
ThinkVantage System Update Missing SSL Certificate Chain Verification
SECUNIA ADVISORY ID:
SA30379
VERIFY ADVISORY:
http://secunia.com/advisories/30379/
CRITICAL:
Less critical
IMPACT:
Spoofing
WHERE:
>From remote
SOFTWARE:
ThinkVantage System Update 3.x
http://secunia.com/product/15450/
DESCRIPTION:
Derek Callaway has reported a security issue in ThinkVantage System
Update, which can be exploited by malicious people to conduct
spoofing attacks.
Successful exploitation allows e.g. downloading and executing
malicious programs, but requires that the application connects to a
malicious update server providing a specially crafted X.509
certificate (e.g. via DNS poisoning). Other versions
may also be affected.
http://www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=lenovo&lndocid=MIGR-66956
PROVIDED AND/OR DISCOVERED BY:
Derek Callaway, Security Objectives
ORIGINAL ADVISORY:
SECOBJADV-2008-01:
http://www.security-objectives.com/advisories/SECOBJADV-2008-01.txt
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------