VARIoT IoT vulnerabilities database
| VAR-200909-0795 | CVE-2009-2805 | Apple Mac OS of CoreGraphics Integer overflow vulnerability |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Integer overflow in CoreGraphics in Apple Mac OS X 10.4.11 and 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JBIG2 stream in a PDF file, leading to a heap-based buffer overflow. Apple Mac OS X is prone to a heap-based buffer-overflow vulnerability that affects the CoreGraphics component.
Successfully exploiting this issue may allow attackers to execute arbitrary code within the context of the application. Failed exploit attempts will likely result in a denial-of-service condition.
The following versions are affected:
Mac OS X 10.4.11 and prior
Mac OS X Server 10.4.11 and prior
Mac OS X 10.5.8 and prior
Mac OS X Server 10.5.8 and prior
NOTE: This issue was previously covered in BID 36349 (Apple Mac OS X 2009-005 Multiple Security Vulnerabilities), but has been assigned its own record to better document it. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
For more information visit:
http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to
discuss how we can help you with our capabilities contact us at:
sales@secunia.com
----------------------------------------------------------------------
TITLE:
Apple Mac OS X Security Update Fixes Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA36701
VERIFY ADVISORY:
http://secunia.com/advisories/36701/
DESCRIPTION:
Apple has issued a security update for Mac OS X, which fixes multiple
vulnerabilities.
1) An error in Alias Manager when processing alias files can be
exploited to cause a buffer overflow and potentially execute
arbitrary code.
2) An error in Resource Manager when processing resource forks can be
exploited to corrupt memory and potentially execute arbitrary code.
3) Multiple vulnerabilities in ClamAV can be exploited to bypass
certain security restrictions, cause a DoS, and potentially
compromise a vulnerable system.
For more information:
SA34566
SA34612
4) An integer overflow error exists when processing ColorSync
profiles embedded in images.
5) An integer overflow error exists in CoreGraphics when processing
JBIG2 streams embedded in PDF files.
This is related to vulnerability #1 in:
SA36269
7) A NULL-pointer dereference error in CUPS can be exploited to cause
a crash.
For more information see vulnerability #4 in:
SA34481
8) An error in the CUPS USB backend can be exploited to cause a
heap-based buffer overflow and execute arbitrary code with escalated
privileges.
9) Multiple vulnerabilities in Adobe Flash Player can be exploited by
malicious people to bypass security features, gain knowledge of
sensitive information, or compromise a user's system.
For more information:
SA35948
10) Multiple errors exist in ImageIO when processing PixarFilm
encoded TIFF images. These can be exploited to trigger memory
corruptions and potentially execute arbitrary code via specially
crafted TIFF files.
11) An error exists in Launch Services when handling files having a
".fileloc" extension.
12) An error exists in Launch Services when handling exported
document types presented when an application is downloaded. This can
be exploited to associate a safe file extension with an unsafe
Uniform Type Identifier (UTI) and execute arbitrary code.
13) An error in MySQL can be exploited by malicious, local users to
bypass certain security restrictions.
For more information:
SA30134
14) Multiple vulnerabilities in PHP have an unknown impact or can
potentially be exploited by malicious people to disclose sensitive
information or cause a DoS (Denial of Service).
For more information:
SA34081
15) An error exists in Samba when handling error conditions. This can
be exploited by a user without a configured home directory to access
the contents of the file system by connecting to the Windows File
Sharing service.
16) Input passed in search requests containing non UTF-8 encoded data
to Wiki Server is not properly sanitised before being returned to the
user.
Security Update 2009-005 (Tiger PPC):
http://support.apple.com/downloads/DL931/en_US/SecUpd2009-005PPC.dmg
Security Update 2009-005 (Tiger Intel):
http://support.apple.com/downloads/DL932/en_US/SecUpd2009-005Intel.dmg
Security Update 2009-005 Server (Tiger Univ):
http://support.apple.com/downloads/DL933/en_US/SecUpdSrvr2009-005Univ.dmg
Security Update 2009-005 Server (Tiger PPC):
http://support.apple.com/downloads/DL934/en_US/SecUpdSrvr2009-005PPC.dmg
Mac OS X Server v10.6.1 Update:
http://support.apple.com/downloads/DL929/en_US/MacOSXServerUpd10.6.1.dmg
Security Update 2009-005 Server (Leopard):
http://support.apple.com/downloads/DL936/en_US/SecUpdSrvr2009-005.dmg
Security Update 2009-005 (Leopard):
http://support.apple.com/downloads/DL935/en_US/SecUpd2009-005.dmg
Mac OS X v10.6.1 Update:
http://support.apple.com/downloads/DL930/en_US/MacOSXUpd10.6.1.dmg
PROVIDED AND/OR DISCOVERED BY:
1, 2, 4, 8, 10-12, 16) Reported by the vendor.
5) The vendor credits Will Dormann of CERT/CC.
6) The vendor credits Will Drewry of Google.
15) The vendor credits J. David Hester of LCG Systems National
Institutes of Health.
ORIGINAL ADVISORY:
http://support.apple.com/kb/HT3864
http://support.apple.com/kb/HT3865
OTHER REFERENCES:
SA30134:
http://secunia.com/advisories/30134/
SA34081:
http://secunia.com/advisories/34081/
SA34481:
http://secunia.com/advisories/34481/
SA34566:
http://secunia.com/advisories/34566/
SA34612:
http://secunia.com/advisories/34612/
SA35948:
http://secunia.com/advisories/35948/
SA36269:
http://secunia.com/advisories/36269/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200909-0774 | CVE-2009-2809 | Apple Mac OS of ImageIO Vulnerable to arbitrary code execution |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
ImageIO in Apple Mac OS X 10.4.11 and 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PixarFilm encoded TIFF image, related to "multiple memory corruption issues.". Apple Mac OS X is prone to multiple memory-corruption vulnerabilities that affect the ImageIO component.
Successfully exploiting these issues may allow attackers to execute arbitrary code within the context of the application. Failed exploit attempts will likely result in a denial-of-service condition.
These issues affect the following:
Mac OS X 10.4.11 and prior
Mac OS X Server 10.4.11 and prior
Mac OS X 10.5.8 and prior
Mac OS X Server 10.5.8 and prior
NOTE: These issues were previously covered in BID 36349 (Apple Mac OS X 2009-005 Multiple Security Vulnerabilities), but have been assigned their own record to better document them. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
For more information visit:
http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to
discuss how we can help you with our capabilities contact us at:
sales@secunia.com
----------------------------------------------------------------------
TITLE:
Apple Mac OS X Security Update Fixes Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA36701
VERIFY ADVISORY:
http://secunia.com/advisories/36701/
DESCRIPTION:
Apple has issued a security update for Mac OS X, which fixes multiple
vulnerabilities.
1) An error in Alias Manager when processing alias files can be
exploited to cause a buffer overflow and potentially execute
arbitrary code.
2) An error in Resource Manager when processing resource forks can be
exploited to corrupt memory and potentially execute arbitrary code.
3) Multiple vulnerabilities in ClamAV can be exploited to bypass
certain security restrictions, cause a DoS, and potentially
compromise a vulnerable system.
For more information:
SA34566
SA34612
4) An integer overflow error exists when processing ColorSync
profiles embedded in images.
5) An integer overflow error exists in CoreGraphics when processing
JBIG2 streams embedded in PDF files. This can be exploited to cause a
heap-based buffer overflow and potentially execute arbitrary code via
a specially crafted PDF file.
6) An error in CoreGraphics can be exploited to cause a heap-based
buffer overflow potentially execute arbitrary code when drawing long
text strings.
This is related to vulnerability #1 in:
SA36269
7) A NULL-pointer dereference error in CUPS can be exploited to cause
a crash.
For more information see vulnerability #4 in:
SA34481
8) An error in the CUPS USB backend can be exploited to cause a
heap-based buffer overflow and execute arbitrary code with escalated
privileges.
9) Multiple vulnerabilities in Adobe Flash Player can be exploited by
malicious people to bypass security features, gain knowledge of
sensitive information, or compromise a user's system.
For more information:
SA35948
10) Multiple errors exist in ImageIO when processing PixarFilm
encoded TIFF images. These can be exploited to trigger memory
corruptions and potentially execute arbitrary code via specially
crafted TIFF files.
11) An error exists in Launch Services when handling files having a
".fileloc" extension.
12) An error exists in Launch Services when handling exported
document types presented when an application is downloaded. This can
be exploited to associate a safe file extension with an unsafe
Uniform Type Identifier (UTI) and execute arbitrary code.
13) An error in MySQL can be exploited by malicious, local users to
bypass certain security restrictions.
For more information:
SA30134
14) Multiple vulnerabilities in PHP have an unknown impact or can
potentially be exploited by malicious people to disclose sensitive
information or cause a DoS (Denial of Service).
For more information:
SA34081
15) An error exists in Samba when handling error conditions. This can
be exploited by a user without a configured home directory to access
the contents of the file system by connecting to the Windows File
Sharing service.
16) Input passed in search requests containing non UTF-8 encoded data
to Wiki Server is not properly sanitised before being returned to the
user.
Security Update 2009-005 (Tiger PPC):
http://support.apple.com/downloads/DL931/en_US/SecUpd2009-005PPC.dmg
Security Update 2009-005 (Tiger Intel):
http://support.apple.com/downloads/DL932/en_US/SecUpd2009-005Intel.dmg
Security Update 2009-005 Server (Tiger Univ):
http://support.apple.com/downloads/DL933/en_US/SecUpdSrvr2009-005Univ.dmg
Security Update 2009-005 Server (Tiger PPC):
http://support.apple.com/downloads/DL934/en_US/SecUpdSrvr2009-005PPC.dmg
Mac OS X Server v10.6.1 Update:
http://support.apple.com/downloads/DL929/en_US/MacOSXServerUpd10.6.1.dmg
Security Update 2009-005 Server (Leopard):
http://support.apple.com/downloads/DL936/en_US/SecUpdSrvr2009-005.dmg
Security Update 2009-005 (Leopard):
http://support.apple.com/downloads/DL935/en_US/SecUpd2009-005.dmg
Mac OS X v10.6.1 Update:
http://support.apple.com/downloads/DL930/en_US/MacOSXUpd10.6.1.dmg
PROVIDED AND/OR DISCOVERED BY:
1, 2, 4, 8, 10-12, 16) Reported by the vendor.
5) The vendor credits Will Dormann of CERT/CC.
6) The vendor credits Will Drewry of Google.
15) The vendor credits J. David Hester of LCG Systems National
Institutes of Health.
ORIGINAL ADVISORY:
http://support.apple.com/kb/HT3864
http://support.apple.com/kb/HT3865
OTHER REFERENCES:
SA30134:
http://secunia.com/advisories/30134/
SA34081:
http://secunia.com/advisories/34081/
SA34481:
http://secunia.com/advisories/34481/
SA34566:
http://secunia.com/advisories/34566/
SA34612:
http://secunia.com/advisories/34612/
SA35948:
http://secunia.com/advisories/35948/
SA36269:
http://secunia.com/advisories/36269/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200909-0768 | CVE-2009-2800 | Apple Mac OS X Alias Manager Buffer Overflow Vulnerability |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Buffer overflow in Alias Manager in Apple Mac OS X 10.4.11 and 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted alias file.
Successfully exploiting this issue may allow attackers to execute arbitrary code within the context of the application. Failed exploit attempts will likely result in a denial-of-service condition.
The following versions are affected:
Mac OS X 10.4.11 and prior
Mac OS X Server 10.4.11 and prior
Mac OS X 10.5.8 and prior
Mac OS X Server 10.5.8 and prior
NOTE: This issue was previously covered in BID 36349 (Apple Mac OS X 2009-005 Multiple Security Vulnerabilities), but has been assigned its own record to better document it. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
For more information visit:
http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to
discuss how we can help you with our capabilities contact us at:
sales@secunia.com
----------------------------------------------------------------------
TITLE:
Apple Mac OS X Security Update Fixes Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA36701
VERIFY ADVISORY:
http://secunia.com/advisories/36701/
DESCRIPTION:
Apple has issued a security update for Mac OS X, which fixes multiple
vulnerabilities.
2) An error in Resource Manager when processing resource forks can be
exploited to corrupt memory and potentially execute arbitrary code.
3) Multiple vulnerabilities in ClamAV can be exploited to bypass
certain security restrictions, cause a DoS, and potentially
compromise a vulnerable system.
For more information:
SA34566
SA34612
4) An integer overflow error exists when processing ColorSync
profiles embedded in images.
5) An integer overflow error exists in CoreGraphics when processing
JBIG2 streams embedded in PDF files.
6) An error in CoreGraphics can be exploited to cause a heap-based
buffer overflow potentially execute arbitrary code when drawing long
text strings.
This is related to vulnerability #1 in:
SA36269
7) A NULL-pointer dereference error in CUPS can be exploited to cause
a crash.
For more information see vulnerability #4 in:
SA34481
8) An error in the CUPS USB backend can be exploited to cause a
heap-based buffer overflow and execute arbitrary code with escalated
privileges.
9) Multiple vulnerabilities in Adobe Flash Player can be exploited by
malicious people to bypass security features, gain knowledge of
sensitive information, or compromise a user's system.
For more information:
SA35948
10) Multiple errors exist in ImageIO when processing PixarFilm
encoded TIFF images. These can be exploited to trigger memory
corruptions and potentially execute arbitrary code via specially
crafted TIFF files.
11) An error exists in Launch Services when handling files having a
".fileloc" extension.
12) An error exists in Launch Services when handling exported
document types presented when an application is downloaded. This can
be exploited to associate a safe file extension with an unsafe
Uniform Type Identifier (UTI) and execute arbitrary code.
13) An error in MySQL can be exploited by malicious, local users to
bypass certain security restrictions.
For more information:
SA30134
14) Multiple vulnerabilities in PHP have an unknown impact or can
potentially be exploited by malicious people to disclose sensitive
information or cause a DoS (Denial of Service).
For more information:
SA34081
15) An error exists in Samba when handling error conditions. This can
be exploited by a user without a configured home directory to access
the contents of the file system by connecting to the Windows File
Sharing service.
16) Input passed in search requests containing non UTF-8 encoded data
to Wiki Server is not properly sanitised before being returned to the
user.
Security Update 2009-005 (Tiger PPC):
http://support.apple.com/downloads/DL931/en_US/SecUpd2009-005PPC.dmg
Security Update 2009-005 (Tiger Intel):
http://support.apple.com/downloads/DL932/en_US/SecUpd2009-005Intel.dmg
Security Update 2009-005 Server (Tiger Univ):
http://support.apple.com/downloads/DL933/en_US/SecUpdSrvr2009-005Univ.dmg
Security Update 2009-005 Server (Tiger PPC):
http://support.apple.com/downloads/DL934/en_US/SecUpdSrvr2009-005PPC.dmg
Mac OS X Server v10.6.1 Update:
http://support.apple.com/downloads/DL929/en_US/MacOSXServerUpd10.6.1.dmg
Security Update 2009-005 Server (Leopard):
http://support.apple.com/downloads/DL936/en_US/SecUpdSrvr2009-005.dmg
Security Update 2009-005 (Leopard):
http://support.apple.com/downloads/DL935/en_US/SecUpd2009-005.dmg
Mac OS X v10.6.1 Update:
http://support.apple.com/downloads/DL930/en_US/MacOSXUpd10.6.1.dmg
PROVIDED AND/OR DISCOVERED BY:
1, 2, 4, 8, 10-12, 16) Reported by the vendor.
5) The vendor credits Will Dormann of CERT/CC.
6) The vendor credits Will Drewry of Google.
15) The vendor credits J. David Hester of LCG Systems National
Institutes of Health.
ORIGINAL ADVISORY:
http://support.apple.com/kb/HT3864
http://support.apple.com/kb/HT3865
OTHER REFERENCES:
SA30134:
http://secunia.com/advisories/30134/
SA34081:
http://secunia.com/advisories/34081/
SA34481:
http://secunia.com/advisories/34481/
SA34566:
http://secunia.com/advisories/34566/
SA34612:
http://secunia.com/advisories/34612/
SA35948:
http://secunia.com/advisories/35948/
SA36269:
http://secunia.com/advisories/36269/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200909-0763 | CVE-2009-2811 | Apple Mac OS of Launch Services Vulnerable to arbitrary code execution |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Incomplete blacklist vulnerability in Launch Services in Apple Mac OS X 10.5.8 allows user-assisted remote attackers to execute arbitrary code via a .fileloc file, which does not trigger a "potentially unsafe" warning message in the Quarantine feature. Apple Mac OS X is prone to a vulnerability that may allow attackers to bypass certain security warnings. The issue affects the Launch Services component.
Successfully exploiting this issue may allow attackers to bypass certain security warnings and trick a user into opening unsafe malicious files.
The following versions are affected:
Mac OS X 10.5.8 and prior
Mac OS X Server 10.5.8 and prior
NOTE: This issue was previously covered in BID 36349 (Apple Mac OS X 2009-005 Multiple Security Vulnerabilities), but has been assigned its own record to better document it. This update adds the .fileloc type to the category of content types that the system flags as unsafe in certain circumstances (such as when downloading from mail). Although this content type is not automatically opened, it may execute malicious payloads if opened manually. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
1) An error in Alias Manager when processing alias files can be
exploited to cause a buffer overflow and potentially execute
arbitrary code.
2) An error in Resource Manager when processing resource forks can be
exploited to corrupt memory and potentially execute arbitrary code.
3) Multiple vulnerabilities in ClamAV can be exploited to bypass
certain security restrictions, cause a DoS, and potentially
compromise a vulnerable system.
For more information:
SA34566
SA34612
4) An integer overflow error exists when processing ColorSync
profiles embedded in images. This can be exploited to cause a
heap-based buffer overflow and potentially execute arbitrary code via
a specially crafted image.
5) An integer overflow error exists in CoreGraphics when processing
JBIG2 streams embedded in PDF files. This can be exploited to cause a
heap-based buffer overflow and potentially execute arbitrary code via
a specially crafted PDF file.
6) An error in CoreGraphics can be exploited to cause a heap-based
buffer overflow potentially execute arbitrary code when drawing long
text strings.
This is related to vulnerability #1 in:
SA36269
7) A NULL-pointer dereference error in CUPS can be exploited to cause
a crash.
For more information see vulnerability #4 in:
SA34481
8) An error in the CUPS USB backend can be exploited to cause a
heap-based buffer overflow and execute arbitrary code with escalated
privileges.
9) Multiple vulnerabilities in Adobe Flash Player can be exploited by
malicious people to bypass security features, gain knowledge of
sensitive information, or compromise a user's system.
For more information:
SA35948
10) Multiple errors exist in ImageIO when processing PixarFilm
encoded TIFF images. These can be exploited to trigger memory
corruptions and potentially execute arbitrary code via specially
crafted TIFF files.
11) An error exists in Launch Services when handling files having a
".fileloc" extension.
12) An error exists in Launch Services when handling exported
document types presented when an application is downloaded. This can
be exploited to associate a safe file extension with an unsafe
Uniform Type Identifier (UTI) and execute arbitrary code.
For more information:
SA30134
14) Multiple vulnerabilities in PHP have an unknown impact or can
potentially be exploited by malicious people to disclose sensitive
information or cause a DoS (Denial of Service).
For more information:
SA34081
15) An error exists in Samba when handling error conditions. This can
be exploited by a user without a configured home directory to access
the contents of the file system by connecting to the Windows File
Sharing service.
16) Input passed in search requests containing non UTF-8 encoded data
to Wiki Server is not properly sanitised before being returned to the
user. This can be exploited to execute arbitrary HTML and script code
in a user's browser session in context of an affected site.
Security Update 2009-005 (Tiger PPC):
http://support.apple.com/downloads/DL931/en_US/SecUpd2009-005PPC.dmg
Security Update 2009-005 (Tiger Intel):
http://support.apple.com/downloads/DL932/en_US/SecUpd2009-005Intel.dmg
Security Update 2009-005 Server (Tiger Univ):
http://support.apple.com/downloads/DL933/en_US/SecUpdSrvr2009-005Univ.dmg
Security Update 2009-005 Server (Tiger PPC):
http://support.apple.com/downloads/DL934/en_US/SecUpdSrvr2009-005PPC.dmg
Mac OS X Server v10.6.1 Update:
http://support.apple.com/downloads/DL929/en_US/MacOSXServerUpd10.6.1.dmg
Security Update 2009-005 Server (Leopard):
http://support.apple.com/downloads/DL936/en_US/SecUpdSrvr2009-005.dmg
Security Update 2009-005 (Leopard):
http://support.apple.com/downloads/DL935/en_US/SecUpd2009-005.dmg
Mac OS X v10.6.1 Update:
http://support.apple.com/downloads/DL930/en_US/MacOSXUpd10.6.1.dmg
PROVIDED AND/OR DISCOVERED BY:
1, 2, 4, 8, 10-12, 16) Reported by the vendor.
5) The vendor credits Will Dormann of CERT/CC.
6) The vendor credits Will Drewry of Google.
15) The vendor credits J. David Hester of LCG Systems National
Institutes of Health.
ORIGINAL ADVISORY:
http://support.apple.com/kb/HT3864
http://support.apple.com/kb/HT3865
OTHER REFERENCES:
SA30134:
http://secunia.com/advisories/30134/
SA34081:
http://secunia.com/advisories/34081/
SA34481:
http://secunia.com/advisories/34481/
SA34566:
http://secunia.com/advisories/34566/
SA34612:
http://secunia.com/advisories/34612/
SA35948:
http://secunia.com/advisories/35948/
SA36269:
http://secunia.com/advisories/36269/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200909-0754 | CVE-2009-2807 | CUPS USB backend Local Heap Based Buffer Overflow Vulnerability |
CVSS V2: 7.2 CVSS V3: - Severity: HIGH |
Heap-based buffer overflow in the USB backend in CUPS in Apple Mac OS X 10.5.8 allows local users to gain privileges via unspecified vectors. CUPS (Common UNIX Printing System) is prone to a local heap-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.
Exploiting this issue will allow local attackers to execute arbitrary code with superuser privileges and completely compromise affected computers. Failed exploit attempts will result in a denial-of-service condition. Local users can gain privileges with the help of unknown vectors. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
For more information visit:
http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to
discuss how we can help you with our capabilities contact us at:
sales@secunia.com
----------------------------------------------------------------------
TITLE:
Apple Mac OS X Security Update Fixes Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA36701
VERIFY ADVISORY:
http://secunia.com/advisories/36701/
DESCRIPTION:
Apple has issued a security update for Mac OS X, which fixes multiple
vulnerabilities.
1) An error in Alias Manager when processing alias files can be
exploited to cause a buffer overflow and potentially execute
arbitrary code.
2) An error in Resource Manager when processing resource forks can be
exploited to corrupt memory and potentially execute arbitrary code.
3) Multiple vulnerabilities in ClamAV can be exploited to bypass
certain security restrictions, cause a DoS, and potentially
compromise a vulnerable system.
For more information:
SA34566
SA34612
4) An integer overflow error exists when processing ColorSync
profiles embedded in images. This can be exploited to cause a
heap-based buffer overflow and potentially execute arbitrary code via
a specially crafted image.
5) An integer overflow error exists in CoreGraphics when processing
JBIG2 streams embedded in PDF files. This can be exploited to cause a
heap-based buffer overflow and potentially execute arbitrary code via
a specially crafted PDF file.
6) An error in CoreGraphics can be exploited to cause a heap-based
buffer overflow potentially execute arbitrary code when drawing long
text strings.
This is related to vulnerability #1 in:
SA36269
7) A NULL-pointer dereference error in CUPS can be exploited to cause
a crash.
9) Multiple vulnerabilities in Adobe Flash Player can be exploited by
malicious people to bypass security features, gain knowledge of
sensitive information, or compromise a user's system.
For more information:
SA35948
10) Multiple errors exist in ImageIO when processing PixarFilm
encoded TIFF images. These can be exploited to trigger memory
corruptions and potentially execute arbitrary code via specially
crafted TIFF files.
11) An error exists in Launch Services when handling files having a
".fileloc" extension. This can be exploited to potentially execute
arbitrary code by tricking a user into opening a ".fileloc" file.
12) An error exists in Launch Services when handling exported
document types presented when an application is downloaded. This can
be exploited to associate a safe file extension with an unsafe
Uniform Type Identifier (UTI) and execute arbitrary code.
13) An error in MySQL can be exploited by malicious, local users to
bypass certain security restrictions.
For more information:
SA30134
14) Multiple vulnerabilities in PHP have an unknown impact or can
potentially be exploited by malicious people to disclose sensitive
information or cause a DoS (Denial of Service).
For more information:
SA34081
15) An error exists in Samba when handling error conditions. This can
be exploited by a user without a configured home directory to access
the contents of the file system by connecting to the Windows File
Sharing service.
16) Input passed in search requests containing non UTF-8 encoded data
to Wiki Server is not properly sanitised before being returned to the
user. This can be exploited to execute arbitrary HTML and script code
in a user's browser session in context of an affected site.
SOLUTION:
Update to Mac OS X v10.6.1 or apply Security Update 2009-005.
Security Update 2009-005 (Tiger PPC):
http://support.apple.com/downloads/DL931/en_US/SecUpd2009-005PPC.dmg
Security Update 2009-005 (Tiger Intel):
http://support.apple.com/downloads/DL932/en_US/SecUpd2009-005Intel.dmg
Security Update 2009-005 Server (Tiger Univ):
http://support.apple.com/downloads/DL933/en_US/SecUpdSrvr2009-005Univ.dmg
Security Update 2009-005 Server (Tiger PPC):
http://support.apple.com/downloads/DL934/en_US/SecUpdSrvr2009-005PPC.dmg
Mac OS X Server v10.6.1 Update:
http://support.apple.com/downloads/DL929/en_US/MacOSXServerUpd10.6.1.dmg
Security Update 2009-005 Server (Leopard):
http://support.apple.com/downloads/DL936/en_US/SecUpdSrvr2009-005.dmg
Security Update 2009-005 (Leopard):
http://support.apple.com/downloads/DL935/en_US/SecUpd2009-005.dmg
Mac OS X v10.6.1 Update:
http://support.apple.com/downloads/DL930/en_US/MacOSXUpd10.6.1.dmg
PROVIDED AND/OR DISCOVERED BY:
1, 2, 4, 8, 10-12, 16) Reported by the vendor.
5) The vendor credits Will Dormann of CERT/CC.
6) The vendor credits Will Drewry of Google.
15) The vendor credits J. David Hester of LCG Systems National
Institutes of Health.
ORIGINAL ADVISORY:
http://support.apple.com/kb/HT3864
http://support.apple.com/kb/HT3865
OTHER REFERENCES:
SA30134:
http://secunia.com/advisories/30134/
SA34081:
http://secunia.com/advisories/34081/
SA34481:
http://secunia.com/advisories/34481/
SA34566:
http://secunia.com/advisories/34566/
SA34612:
http://secunia.com/advisories/34612/
SA35948:
http://secunia.com/advisories/35948/
SA36269:
http://secunia.com/advisories/36269/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200909-0752 | CVE-2009-2814 | Apple Mac OS of Wiki Server Vulnerable to cross-site scripting |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Cross-site scripting (XSS) vulnerability in the Wiki Server in Apple Mac OS X 10.5.8 allows remote attackers to inject arbitrary web script or HTML via a search request containing data that does not use UTF-8 encoding.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
This issue affects Mac OS X Server 10.5.8 and prior.
NOTE: This issue was previously covered in BID 36349 (Apple Mac OS X 2009-005 Multiple Security Vulnerabilities), but has been assigned its own record to better document it. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
1) An error in Alias Manager when processing alias files can be
exploited to cause a buffer overflow and potentially execute
arbitrary code.
2) An error in Resource Manager when processing resource forks can be
exploited to corrupt memory and potentially execute arbitrary code.
3) Multiple vulnerabilities in ClamAV can be exploited to bypass
certain security restrictions, cause a DoS, and potentially
compromise a vulnerable system.
For more information:
SA34566
SA34612
4) An integer overflow error exists when processing ColorSync
profiles embedded in images. This can be exploited to cause a
heap-based buffer overflow and potentially execute arbitrary code via
a specially crafted image.
5) An integer overflow error exists in CoreGraphics when processing
JBIG2 streams embedded in PDF files. This can be exploited to cause a
heap-based buffer overflow and potentially execute arbitrary code via
a specially crafted PDF file.
6) An error in CoreGraphics can be exploited to cause a heap-based
buffer overflow potentially execute arbitrary code when drawing long
text strings.
This is related to vulnerability #1 in:
SA36269
7) A NULL-pointer dereference error in CUPS can be exploited to cause
a crash.
For more information see vulnerability #4 in:
SA34481
8) An error in the CUPS USB backend can be exploited to cause a
heap-based buffer overflow and execute arbitrary code with escalated
privileges.
9) Multiple vulnerabilities in Adobe Flash Player can be exploited by
malicious people to bypass security features, gain knowledge of
sensitive information, or compromise a user's system.
For more information:
SA35948
10) Multiple errors exist in ImageIO when processing PixarFilm
encoded TIFF images. These can be exploited to trigger memory
corruptions and potentially execute arbitrary code via specially
crafted TIFF files.
11) An error exists in Launch Services when handling files having a
".fileloc" extension.
12) An error exists in Launch Services when handling exported
document types presented when an application is downloaded. This can
be exploited to associate a safe file extension with an unsafe
Uniform Type Identifier (UTI) and execute arbitrary code.
13) An error in MySQL can be exploited by malicious, local users to
bypass certain security restrictions.
For more information:
SA30134
14) Multiple vulnerabilities in PHP have an unknown impact or can
potentially be exploited by malicious people to disclose sensitive
information or cause a DoS (Denial of Service).
For more information:
SA34081
15) An error exists in Samba when handling error conditions. This can
be exploited by a user without a configured home directory to access
the contents of the file system by connecting to the Windows File
Sharing service.
16) Input passed in search requests containing non UTF-8 encoded data
to Wiki Server is not properly sanitised before being returned to the
user.
Security Update 2009-005 (Tiger PPC):
http://support.apple.com/downloads/DL931/en_US/SecUpd2009-005PPC.dmg
Security Update 2009-005 (Tiger Intel):
http://support.apple.com/downloads/DL932/en_US/SecUpd2009-005Intel.dmg
Security Update 2009-005 Server (Tiger Univ):
http://support.apple.com/downloads/DL933/en_US/SecUpdSrvr2009-005Univ.dmg
Security Update 2009-005 Server (Tiger PPC):
http://support.apple.com/downloads/DL934/en_US/SecUpdSrvr2009-005PPC.dmg
Mac OS X Server v10.6.1 Update:
http://support.apple.com/downloads/DL929/en_US/MacOSXServerUpd10.6.1.dmg
Security Update 2009-005 Server (Leopard):
http://support.apple.com/downloads/DL936/en_US/SecUpdSrvr2009-005.dmg
Security Update 2009-005 (Leopard):
http://support.apple.com/downloads/DL935/en_US/SecUpd2009-005.dmg
Mac OS X v10.6.1 Update:
http://support.apple.com/downloads/DL930/en_US/MacOSXUpd10.6.1.dmg
PROVIDED AND/OR DISCOVERED BY:
1, 2, 4, 8, 10-12, 16) Reported by the vendor.
5) The vendor credits Will Dormann of CERT/CC.
6) The vendor credits Will Drewry of Google.
15) The vendor credits J. David Hester of LCG Systems National
Institutes of Health.
ORIGINAL ADVISORY:
http://support.apple.com/kb/HT3864
http://support.apple.com/kb/HT3865
OTHER REFERENCES:
SA30134:
http://secunia.com/advisories/30134/
SA34081:
http://secunia.com/advisories/34081/
SA34481:
http://secunia.com/advisories/34481/
SA34566:
http://secunia.com/advisories/34566/
SA34612:
http://secunia.com/advisories/34612/
SA35948:
http://secunia.com/advisories/35948/
SA36269:
http://secunia.com/advisories/36269/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200909-0747 | CVE-2009-2803 | Apple Mac OS of CarbonCore Vulnerable to arbitrary code execution |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
CarbonCore in Apple Mac OS X 10.4.11 and 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a file with a crafted resource fork. Apple Mac OS X is prone to a memory-corruption vulnerability that affects the CarbonCore component.
Successfully exploiting this issue may allow attackers to execute arbitrary code within the context of the application. Failed exploit attempts will likely result in a denial-of-service condition.
This issue affects the following:
Mac OS X 10.4.11 and prior
Mac OS X Server 10.4.11 and prior
Mac OS X 10.5.8 and prior
Mac OS X Server 10.5.8 and prior
NOTE: This issue was previously covered in BID 36349 (Apple Mac OS X 2009-005 Multiple Security Vulnerabilities), but has been assigned its own record to better document it. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
For more information visit:
http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to
discuss how we can help you with our capabilities contact us at:
sales@secunia.com
----------------------------------------------------------------------
TITLE:
Apple Mac OS X Security Update Fixes Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA36701
VERIFY ADVISORY:
http://secunia.com/advisories/36701/
DESCRIPTION:
Apple has issued a security update for Mac OS X, which fixes multiple
vulnerabilities.
1) An error in Alias Manager when processing alias files can be
exploited to cause a buffer overflow and potentially execute
arbitrary code.
3) Multiple vulnerabilities in ClamAV can be exploited to bypass
certain security restrictions, cause a DoS, and potentially
compromise a vulnerable system.
For more information:
SA34566
SA34612
4) An integer overflow error exists when processing ColorSync
profiles embedded in images.
5) An integer overflow error exists in CoreGraphics when processing
JBIG2 streams embedded in PDF files. This can be exploited to cause a
heap-based buffer overflow and potentially execute arbitrary code via
a specially crafted PDF file.
6) An error in CoreGraphics can be exploited to cause a heap-based
buffer overflow potentially execute arbitrary code when drawing long
text strings.
This is related to vulnerability #1 in:
SA36269
7) A NULL-pointer dereference error in CUPS can be exploited to cause
a crash.
For more information see vulnerability #4 in:
SA34481
8) An error in the CUPS USB backend can be exploited to cause a
heap-based buffer overflow and execute arbitrary code with escalated
privileges.
9) Multiple vulnerabilities in Adobe Flash Player can be exploited by
malicious people to bypass security features, gain knowledge of
sensitive information, or compromise a user's system.
For more information:
SA35948
10) Multiple errors exist in ImageIO when processing PixarFilm
encoded TIFF images. These can be exploited to trigger memory
corruptions and potentially execute arbitrary code via specially
crafted TIFF files.
11) An error exists in Launch Services when handling files having a
".fileloc" extension.
12) An error exists in Launch Services when handling exported
document types presented when an application is downloaded. This can
be exploited to associate a safe file extension with an unsafe
Uniform Type Identifier (UTI) and execute arbitrary code.
13) An error in MySQL can be exploited by malicious, local users to
bypass certain security restrictions.
For more information:
SA30134
14) Multiple vulnerabilities in PHP have an unknown impact or can
potentially be exploited by malicious people to disclose sensitive
information or cause a DoS (Denial of Service).
For more information:
SA34081
15) An error exists in Samba when handling error conditions. This can
be exploited by a user without a configured home directory to access
the contents of the file system by connecting to the Windows File
Sharing service.
16) Input passed in search requests containing non UTF-8 encoded data
to Wiki Server is not properly sanitised before being returned to the
user.
Security Update 2009-005 (Tiger PPC):
http://support.apple.com/downloads/DL931/en_US/SecUpd2009-005PPC.dmg
Security Update 2009-005 (Tiger Intel):
http://support.apple.com/downloads/DL932/en_US/SecUpd2009-005Intel.dmg
Security Update 2009-005 Server (Tiger Univ):
http://support.apple.com/downloads/DL933/en_US/SecUpdSrvr2009-005Univ.dmg
Security Update 2009-005 Server (Tiger PPC):
http://support.apple.com/downloads/DL934/en_US/SecUpdSrvr2009-005PPC.dmg
Mac OS X Server v10.6.1 Update:
http://support.apple.com/downloads/DL929/en_US/MacOSXServerUpd10.6.1.dmg
Security Update 2009-005 Server (Leopard):
http://support.apple.com/downloads/DL936/en_US/SecUpdSrvr2009-005.dmg
Security Update 2009-005 (Leopard):
http://support.apple.com/downloads/DL935/en_US/SecUpd2009-005.dmg
Mac OS X v10.6.1 Update:
http://support.apple.com/downloads/DL930/en_US/MacOSXUpd10.6.1.dmg
PROVIDED AND/OR DISCOVERED BY:
1, 2, 4, 8, 10-12, 16) Reported by the vendor.
5) The vendor credits Will Dormann of CERT/CC.
6) The vendor credits Will Drewry of Google.
15) The vendor credits J. David Hester of LCG Systems National
Institutes of Health.
ORIGINAL ADVISORY:
http://support.apple.com/kb/HT3864
http://support.apple.com/kb/HT3865
OTHER REFERENCES:
SA30134:
http://secunia.com/advisories/30134/
SA34081:
http://secunia.com/advisories/34081/
SA34481:
http://secunia.com/advisories/34481/
SA34566:
http://secunia.com/advisories/34566/
SA34612:
http://secunia.com/advisories/34612/
SA35948:
http://secunia.com/advisories/35948/
SA36269:
http://secunia.com/advisories/36269/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200909-0745 | CVE-2009-2812 | Apple Mac OS of Launch Services Vulnerable to arbitrary code execution |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Launch Services in Apple Mac OS X 10.5.8 does not properly recognize an unsafe Uniform Type Identifier (UTI) in an exported document type in a downloaded application, which allows remote attackers to trigger the automatic opening of a file, and execute arbitrary code, via a crafted web site. Apple Mac OS X is prone to a remote code-execution vulnerability that affects the Launch Services component.
Successful exploits may allow attackers to execute arbitrary code with the privileges of the currently logged-in user.
The following versions are affected:
Mac OS X 10.5.8 and prior
Mac OS X Server 10.5.8 and prior
NOTE: This issue was previously covered in BID 36349 (Apple Mac OS X 2009-005 Multiple Security Vulnerabilities), but has been assigned its own record to better document it. Visiting a malicious website may cause unsafe file types to open automatically. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
1) An error in Alias Manager when processing alias files can be
exploited to cause a buffer overflow and potentially execute
arbitrary code.
2) An error in Resource Manager when processing resource forks can be
exploited to corrupt memory and potentially execute arbitrary code.
3) Multiple vulnerabilities in ClamAV can be exploited to bypass
certain security restrictions, cause a DoS, and potentially
compromise a vulnerable system.
For more information:
SA34566
SA34612
4) An integer overflow error exists when processing ColorSync
profiles embedded in images. This can be exploited to cause a
heap-based buffer overflow and potentially execute arbitrary code via
a specially crafted image.
5) An integer overflow error exists in CoreGraphics when processing
JBIG2 streams embedded in PDF files. This can be exploited to cause a
heap-based buffer overflow and potentially execute arbitrary code via
a specially crafted PDF file.
6) An error in CoreGraphics can be exploited to cause a heap-based
buffer overflow potentially execute arbitrary code when drawing long
text strings.
This is related to vulnerability #1 in:
SA36269
7) A NULL-pointer dereference error in CUPS can be exploited to cause
a crash.
For more information see vulnerability #4 in:
SA34481
8) An error in the CUPS USB backend can be exploited to cause a
heap-based buffer overflow and execute arbitrary code with escalated
privileges.
9) Multiple vulnerabilities in Adobe Flash Player can be exploited by
malicious people to bypass security features, gain knowledge of
sensitive information, or compromise a user's system.
For more information:
SA35948
10) Multiple errors exist in ImageIO when processing PixarFilm
encoded TIFF images. These can be exploited to trigger memory
corruptions and potentially execute arbitrary code via specially
crafted TIFF files.
11) An error exists in Launch Services when handling files having a
".fileloc" extension.
12) An error exists in Launch Services when handling exported
document types presented when an application is downloaded.
13) An error in MySQL can be exploited by malicious, local users to
bypass certain security restrictions.
For more information:
SA30134
14) Multiple vulnerabilities in PHP have an unknown impact or can
potentially be exploited by malicious people to disclose sensitive
information or cause a DoS (Denial of Service).
For more information:
SA34081
15) An error exists in Samba when handling error conditions. This can
be exploited by a user without a configured home directory to access
the contents of the file system by connecting to the Windows File
Sharing service.
16) Input passed in search requests containing non UTF-8 encoded data
to Wiki Server is not properly sanitised before being returned to the
user. This can be exploited to execute arbitrary HTML and script code
in a user's browser session in context of an affected site.
Security Update 2009-005 (Tiger PPC):
http://support.apple.com/downloads/DL931/en_US/SecUpd2009-005PPC.dmg
Security Update 2009-005 (Tiger Intel):
http://support.apple.com/downloads/DL932/en_US/SecUpd2009-005Intel.dmg
Security Update 2009-005 Server (Tiger Univ):
http://support.apple.com/downloads/DL933/en_US/SecUpdSrvr2009-005Univ.dmg
Security Update 2009-005 Server (Tiger PPC):
http://support.apple.com/downloads/DL934/en_US/SecUpdSrvr2009-005PPC.dmg
Mac OS X Server v10.6.1 Update:
http://support.apple.com/downloads/DL929/en_US/MacOSXServerUpd10.6.1.dmg
Security Update 2009-005 Server (Leopard):
http://support.apple.com/downloads/DL936/en_US/SecUpdSrvr2009-005.dmg
Security Update 2009-005 (Leopard):
http://support.apple.com/downloads/DL935/en_US/SecUpd2009-005.dmg
Mac OS X v10.6.1 Update:
http://support.apple.com/downloads/DL930/en_US/MacOSXUpd10.6.1.dmg
PROVIDED AND/OR DISCOVERED BY:
1, 2, 4, 8, 10-12, 16) Reported by the vendor.
5) The vendor credits Will Dormann of CERT/CC.
6) The vendor credits Will Drewry of Google.
15) The vendor credits J. David Hester of LCG Systems National
Institutes of Health.
ORIGINAL ADVISORY:
http://support.apple.com/kb/HT3864
http://support.apple.com/kb/HT3865
OTHER REFERENCES:
SA30134:
http://secunia.com/advisories/30134/
SA34081:
http://secunia.com/advisories/34081/
SA34481:
http://secunia.com/advisories/34481/
SA34566:
http://secunia.com/advisories/34566/
SA34612:
http://secunia.com/advisories/34612/
SA35948:
http://secunia.com/advisories/35948/
SA36269:
http://secunia.com/advisories/36269/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201004-0011 | CVE-2009-4777 | GIF File Processing Denial of Service Vulnerability in Multiple JP1 Products |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Unspecified vulnerability in multiple versions of Hitachi JP1/Automatic Job Management System 2 - View, JP1/Integrated Management - View, and JP1/Cm2/SNMP System Observer, allows remote attackers to cause a denial of service ("abnormal" termination) via vectors related to the display of an "invalid GIF file.". Hitachi JP1 / Cm2 / Hierarchical is a middleware platform software. Hitachi JP1 / Automatic Job Management System 2-View, JP1 / Integrated Management-View, and multiple versions of JP1 / Cm2 / SNMP System Observer have unknown vulnerabilities. Remote attackers can trigger rejection by displaying "Invalid GIF file". Service (& ldquo; Exception & rdquo; Termination). Multiple Hitachi products are prone to a denial-of-service vulnerability caused by an unspecified error.
Attackers can exploit this issue to terminate the affected applications, causing a denial-of-service condition.
Affected products include the following:
JP1/Automatic Job Management System 2 - View
JP1/Integrated Management - View
JP1/Cm2/SNMP System Observer
For the full list of affected products, please see the referenced vendor advisory. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
SOLUTION:
Update to a fixed version. Please see the vendor's advisory for
details.
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS09-016/index.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200909-0490 | CVE-2009-3169 | Hitachi JP1/File Transmission Server/FTP Multiple Unspecified Vulnerabilities |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Multiple unspecified vulnerabilities in Hitachi JP1/File Transmission Server/FTP before 09-00 allow remote attackers to execute arbitrary code via unknown attack vectors.
Very few technical details are currently available. We will update this BID as more information emerges.
An attacker can leverage these issues to execute arbitrary commands within the context of the vulnerable application and compromise the computer. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
For more information visit:
http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to
discuss how we can help you with our capabilities contact us at:
sales@secunia.com
----------------------------------------------------------------------
TITLE:
Hitachi JP1/File Transmission Server/FTP Unspecified Vulnerabilities
SECUNIA ADVISORY ID:
SA36645
VERIFY ADVISORY:
http://secunia.com/advisories/36645/
DESCRIPTION:
Some vulnerabilities have been reported in Hitachi JP1/File
Transmission Server/FTP, which can be exploited by malicious people
to compromise a vulnerable system.
SOLUTION:
Update to a fixed version. Please see the vendor's advisory for
details.
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
Hitachi:
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS09-015/index.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201004-0010 | CVE-2009-4776 | Multiple Hitachi products vulnerable to buffer overflow |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Buffer overflow in Hitachi Cosminexus V4 through V8, Processing Kit for XML, and Developer's Kit for Java, as used in products such as uCosminexus, Electronic Form Workflow, Groupmax, and IBM XL C/C++ Enterprise Edition 7 and 8, allows remote attackers to have an unknown impact via vectors related to the use of GIF image processing APIs by a Java application, and a different issue from CVE-2007-3794. For several Hitachi products, GIF A buffer overflow vulnerability exists due to a flaw in handling images.The details may be affected by a third party. Multiple Hitachi products, including Cosminexus, Processing Kit for XML, and Hitachi Developer's Kit for Java, are prone to a buffer-overflow vulnerability because the software fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.
Attackers can execute arbitrary code in the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
For more information visit:
http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to
discuss how we can help you with our capabilities contact us at:
sales@secunia.com
----------------------------------------------------------------------
TITLE:
Hitachi Products GIF Processing Buffer Overflow Vulnerability
SECUNIA ADVISORY ID:
SA36622
VERIFY ADVISORY:
http://secunia.com/advisories/36622/
DESCRIPTION:
A vulnerability has been reported in multiple Hitachi products, which
can be exploited by malicious people to potentially compromise a
vulnerable system.
Please see the vendor's advisory for a full list of affected
products.
SOLUTION:
Update to a fixed version. See vendor advisory for details.
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
Hitachi:
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS09-014/index.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200909-0364 | CVE-2009-2795 | Apple iPhone OS Recovery mode component buffer overflow vulnerability |
CVSS V2: 7.2 CVSS V3: - Severity: HIGH |
Heap-based buffer overflow in the Recovery Mode component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, allows local users to bypass the passcode requirement and access arbitrary data via vectors related to "command parsing.". Apple iPhone and iPod touch are prone to a heap-based buffer-overflow vulnerability.
An attacker can exploit this issue to bypass the required passcode and gain access to sensitive information.
This issue affects the following products:
iPhone OS 1.0 through 3.0.1
iPhone OS for iPod touch 1.1 through 3.0
This issue was previously covered in BID 36326 (Apple iPhone prior to 3.1 and iPod touch Prior to 3.1.1 Multiple Vulnerabilities) but has been given its own record to better document it. Disclosing sensitive information or completely hacking a user's system. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
For more information visit:
http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to
discuss how we can help you with our capabilities contact us at:
sales@secunia.com
----------------------------------------------------------------------
TITLE:
Apple iPhone / iPod touch Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA36677
VERIFY ADVISORY:
http://secunia.com/advisories/36677/
DESCRIPTION:
Some vulnerabilities, security issues, and weaknesses have been
reported in Apple iPhone and iPod touch, which can be exploited by
malicious people with physical access to the device to bypass certain
security restrictions or disclose sensitive information, and by
malicious people to disclose sensitive information, conduct
cross-site scripting and spoofing attacks, cause a DoS (Denial of
Service), or to compromise a user's system.
1) An error in CoreAudio when processing sample size table entries
of AAC and MP3 files can be exploited to cause a heap-based buffer
overflow and potentially execute arbitrary code.
2) An error in Exchange Support exists due to the "Require Passcode"
setting not being affected by the "Maximum inactivity time lock"
setting. This may lead to a time window, regardless of the Maximum
inactivity time lock" setting, in which a person with physical access
to the device is able to use the Exchange services.
3) A security issue exists in MobileMail due to deleted mails being
accessible via Spotlight search.
4) An unspecified error exists in the Recovery Mode command parsing.
This can be exploited by a person with physical access to a device to
cause a heap-based buffer overflow and e.g. gain access to a locked
device.
5) A NULL pointer dereference error within the handling of SMS
arrival notifications can be exploited to cause a service
interruption.
6) An error in the handling of passwords in UIKit can be exploited by
a person with physical access to a device to disclose a password.
7) Safari includes the user name and password in the "Referer"
header, which can lead to the exposure of sensitive information.
8) Two vulnerabilities in WebKit can be exploited by malicious people
to conduct cross-site scripting attacks or potentially compromise a
user's system.
For more information:
SA35758
9) A vulnerability in WebKit can be exploited by malicious people to
conduct spoofing attacks.
PROVIDED AND/OR DISCOVERED BY:
1) Tobias Klein, trapkit.de
The vendor credits:
2) Allan Steven, Robert Duran, Jeff Beckham of PepsiCo, Joshua
Levitsky, Michael Breton of Intel Corporation, Mike Karban of Edward
Jones, and Steve Moriarty of Agilent Technologies
3) Clickwise Software and Tony Kavadias
5) Charlie Miller of Independent Security Evaluators and Collin
Mulliner of Technical University Berlin
6) Abraham Vegh
7) James A. T. Rice of Jump Networks Ltd
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT3860
Tobias Klein:
http://trapkit.de/advisories/TKADV2009-007.txt
OTHER REFERENCES:
SA35758:
http://secunia.com/advisories/35758/
SA36269:
http://secunia.com/advisories/36269/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200909-0365 | CVE-2009-2796 | Apple iPhone OS of UIKit Information disclosure vulnerability in components |
CVSS V2: 2.1 CVSS V3: - Severity: LOW |
The UIKit component in Apple iPhone OS 3.0, and iPhone OS 3.0.1 for iPod touch, allows physically proximate attackers to discover a password by watching a user undo deletions of characters in the password. Apple iPhone and iPod touch are prone to an information-disclosure vulnerability in the UIKit component.
Successful exploits may allow attackers with physical access to an affected device to obtain password data. Information harvested may aid in launching further attacks.
This issue was previously covered in BID 36326 (Apple iPhone prior to 3.1 and iPod touch Prior to 3.1.1 Multiple Vulnerabilities) but has been given its own record to better document it.
This issue affects the following:
iPhone OS 1.0 through 3.0.1
iPhone OS for iPod touch 1.1 through 3.0. lead to intrusion into the user's system. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
For more information visit:
http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to
discuss how we can help you with our capabilities contact us at:
sales@secunia.com
----------------------------------------------------------------------
TITLE:
Apple iPhone / iPod touch Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA36677
VERIFY ADVISORY:
http://secunia.com/advisories/36677/
DESCRIPTION:
Some vulnerabilities, security issues, and weaknesses have been
reported in Apple iPhone and iPod touch, which can be exploited by
malicious people with physical access to the device to bypass certain
security restrictions or disclose sensitive information, and by
malicious people to disclose sensitive information, conduct
cross-site scripting and spoofing attacks, cause a DoS (Denial of
Service), or to compromise a user's system.
1) An error in CoreAudio when processing sample size table entries
of AAC and MP3 files can be exploited to cause a heap-based buffer
overflow and potentially execute arbitrary code.
2) An error in Exchange Support exists due to the "Require Passcode"
setting not being affected by the "Maximum inactivity time lock"
setting. This may lead to a time window, regardless of the Maximum
inactivity time lock" setting, in which a person with physical access
to the device is able to use the Exchange services.
3) A security issue exists in MobileMail due to deleted mails being
accessible via Spotlight search.
4) An unspecified error exists in the Recovery Mode command parsing.
This can be exploited by a person with physical access to a device to
cause a heap-based buffer overflow and e.g. gain access to a locked
device.
5) A NULL pointer dereference error within the handling of SMS
arrival notifications can be exploited to cause a service
interruption.
7) Safari includes the user name and password in the "Referer"
header, which can lead to the exposure of sensitive information.
8) Two vulnerabilities in WebKit can be exploited by malicious people
to conduct cross-site scripting attacks or potentially compromise a
user's system.
For more information:
SA35758
9) A vulnerability in WebKit can be exploited by malicious people to
conduct spoofing attacks.
PROVIDED AND/OR DISCOVERED BY:
1) Tobias Klein, trapkit.de
The vendor credits:
2) Allan Steven, Robert Duran, Jeff Beckham of PepsiCo, Joshua
Levitsky, Michael Breton of Intel Corporation, Mike Karban of Edward
Jones, and Steve Moriarty of Agilent Technologies
3) Clickwise Software and Tony Kavadias
5) Charlie Miller of Independent Security Evaluators and Collin
Mulliner of Technical University Berlin
6) Abraham Vegh
7) James A. T. Rice of Jump Networks Ltd
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT3860
Tobias Klein:
http://trapkit.de/advisories/TKADV2009-007.txt
OTHER REFERENCES:
SA35758:
http://secunia.com/advisories/35758/
SA36269:
http://secunia.com/advisories/36269/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200909-0323 | CVE-2009-2799 | Apple QuickTime of H.264 Video file processing heap-based buffer overflow vulnerability |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Heap-based buffer overflow in Apple QuickTime before 7.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted H.264 movie file. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists during the parsing of samples from a malformed MOV file utilizing the H.264 codec. While parsing data to render the stream, the application will mistrust a length that is used to initialize a heap chunk that was allocated in a header. If the length is larger than the size of the chunk allocated, then a memory corruption will occur leading to code execution under the context of the currently logged in user.
These issues arise when the application handles specially crafted H.264, MPEG-4, and FlashPix video files. Successful exploits may allow attackers to execute arbitrary code in the context of the currently logged-in user; failed exploit attempts will cause denial-of-service conditions.
Versions prior to QuickTime 7.6.4 are vulnerable on Windows 7, Vista, XP, and Mac OS X platforms. Apple QuickTime is a very popular multimedia player. ZDI-09-063: Apple QuickTime H.264 Nal Unit Length Heap Overflow
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-09-063
September 10, 2009
-- CVE ID:
CVE-2009-2799
-- Affected Vendors:
Apple
-- Affected Products:
Apple Quicktime
-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by Digital Vaccine protection filter ID 8435.
-- Vendor Response:
Apple has issued an update to correct this vulnerability. More
details can be found at:
http://support.apple.com/kb/HT3859
-- Disclosure Timeline:
2009-07-28 - Vulnerability reported to vendor
2009-09-10 - Coordinated public release of advisory
-- Credit:
This vulnerability was discovered by:
* Anonymous
* Damian Put
-- About the Zero Day Initiative (ZDI):
Established by TippingPoint, The Zero Day Initiative (ZDI) represents
a best-of-breed model for rewarding security researchers for responsibly
disclosing discovered vulnerabilities.
Researchers interested in getting paid for their security research
through the ZDI can find more information and sign-up at:
http://www.zerodayinitiative.com
The ZDI is unique in how the acquired vulnerability information is
used. TippingPoint does not re-sell the vulnerability details or any
exploit code. Instead, upon notifying the affected product vendor,
TippingPoint provides its customers with zero day protection through
its intrusion prevention technology. Explicit details regarding the
specifics of the vulnerability are not exposed to any parties until
an official vendor patch is publicly available. Furthermore, with the
altruistic aim of helping to secure a broader user base, TippingPoint
provides this vulnerability information confidentially to security
vendors (including competitors) who have a vulnerability protection or
mitigation product.
Our vulnerability disclosure policy is available online at:
http://www.zerodayinitiative.com/advisories/disclosure_policy/
| VAR-200909-0322 | CVE-2009-2798 | Apple QuickTime of FlashPix Heap-based buffer overflow vulnerability in file handling |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Heap-based buffer overflow in Apple QuickTime before 7.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FlashPix file. Apple QuickTime Is FlashPix Arbitrary code is executed or service operation is interrupted due to incomplete processing (DoS) There is a vulnerability that becomes a condition.Arbitrary code is executed by a third party or service operation is interrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists during the parsing of malformed FlashPix (.fpx) files. While parsing the SectorShift and cSectFat fields from the header, the application will multiply 2 user-controlled 32-bit values and utilize this for an allocation. If the result of the multiplication is greater than 32bits, the application will allocate an undersized heap chunk.
These issues arise when the application handles specially crafted H.264, MPEG-4, and FlashPix video files.
Versions prior to QuickTime 7.6.4 are vulnerable on Windows 7, Vista, XP, and Mac OS X platforms. Apple QuickTime is a very popular multimedia player. ZDI-09-064: Apple QuickTime FlashPix Sector Size Overflow Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-09-064
September 10, 2009
-- CVE ID:
CVE-2009-2798
-- Affected Vendors:
Apple
-- Affected Products:
Apple Quicktime
-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by Digital Vaccine protection filter ID 8414.
-- Vendor Response:
Apple has issued an update to correct this vulnerability. More
details can be found at:
http://support.apple.com/kb/HT3859
-- Disclosure Timeline:
2009-07-28 - Vulnerability reported to vendor
2009-09-10 - Coordinated public release of advisory
-- Credit:
This vulnerability was discovered by:
* Damian Put
-- About the Zero Day Initiative (ZDI):
Established by TippingPoint, The Zero Day Initiative (ZDI) represents
a best-of-breed model for rewarding security researchers for responsibly
disclosing discovered vulnerabilities.
Researchers interested in getting paid for their security research
through the ZDI can find more information and sign-up at:
http://www.zerodayinitiative.com
The ZDI is unique in how the acquired vulnerability information is
used. TippingPoint does not re-sell the vulnerability details or any
exploit code. Instead, upon notifying the affected product vendor,
TippingPoint provides its customers with zero day protection through
its intrusion prevention technology. Explicit details regarding the
specifics of the vulnerability are not exposed to any parties until
an official vendor patch is publicly available. Furthermore, with the
altruistic aim of helping to secure a broader user base, TippingPoint
provides this vulnerability information confidentially to security
vendors (including competitors) who have a vulnerability protection or
mitigation product.
Our vulnerability disclosure policy is available online at:
http://www.zerodayinitiative.com/advisories/disclosure_policy/
| VAR-200909-0363 | CVE-2009-2794 | Apple iPhone OS of Exchange In support components Microsoft Exchange Vulnerability that can bypass restrictions |
CVSS V2: 4.6 CVSS V3: - Severity: MEDIUM |
The Exchange Support component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, does not properly implement the "Maximum inactivity time lock" functionality, which allows local users to bypass intended Microsoft Exchange restrictions by choosing a large Require Passcode time value. Apple iPhone and iPod touch are prone to a security-bypass vulnerability.
Successfully exploiting these issues may allow attackers to bypass security restrictions, which may aid in further attacks.
This issue was previously covered in BID 36326 (Apple iPhone prior to 3.1 and iPod touch Prior to 3.1.1 Multiple Vulnerabilities) but has been given its own record to better document it.
This issue affects the following:
iPhone OS 1.0 through 3.0.1
iPhone OS for iPod touch 1.1 through 3.0. iPhone OS allows communication through services provided by Microsoft Exchange Server. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
For more information visit:
http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to
discuss how we can help you with our capabilities contact us at:
sales@secunia.com
----------------------------------------------------------------------
TITLE:
Apple iPhone / iPod touch Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA36677
VERIFY ADVISORY:
http://secunia.com/advisories/36677/
DESCRIPTION:
Some vulnerabilities, security issues, and weaknesses have been
reported in Apple iPhone and iPod touch, which can be exploited by
malicious people with physical access to the device to bypass certain
security restrictions or disclose sensitive information, and by
malicious people to disclose sensitive information, conduct
cross-site scripting and spoofing attacks, cause a DoS (Denial of
Service), or to compromise a user's system.
1) An error in CoreAudio when processing sample size table entries
of AAC and MP3 files can be exploited to cause a heap-based buffer
overflow and potentially execute arbitrary code. This may lead to a time window, regardless of the Maximum
inactivity time lock" setting, in which a person with physical access
to the device is able to use the Exchange services.
3) A security issue exists in MobileMail due to deleted mails being
accessible via Spotlight search. This can be exploited by malicious
people with physical access to the device to disclose potentially
sensitive information.
4) An unspecified error exists in the Recovery Mode command parsing.
This can be exploited by a person with physical access to a device to
cause a heap-based buffer overflow and e.g. gain access to a locked
device.
5) A NULL pointer dereference error within the handling of SMS
arrival notifications can be exploited to cause a service
interruption.
6) An error in the handling of passwords in UIKit can be exploited by
a person with physical access to a device to disclose a password.
7) Safari includes the user name and password in the "Referer"
header, which can lead to the exposure of sensitive information.
8) Two vulnerabilities in WebKit can be exploited by malicious people
to conduct cross-site scripting attacks or potentially compromise a
user's system.
For more information:
SA35758
9) A vulnerability in WebKit can be exploited by malicious people to
conduct spoofing attacks.
PROVIDED AND/OR DISCOVERED BY:
1) Tobias Klein, trapkit.de
The vendor credits:
2) Allan Steven, Robert Duran, Jeff Beckham of PepsiCo, Joshua
Levitsky, Michael Breton of Intel Corporation, Mike Karban of Edward
Jones, and Steve Moriarty of Agilent Technologies
3) Clickwise Software and Tony Kavadias
5) Charlie Miller of Independent Security Evaluators and Collin
Mulliner of Technical University Berlin
6) Abraham Vegh
7) James A. T. Rice of Jump Networks Ltd
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT3860
Tobias Klein:
http://trapkit.de/advisories/TKADV2009-007.txt
OTHER REFERENCES:
SA35758:
http://secunia.com/advisories/35758/
SA36269:
http://secunia.com/advisories/36269/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200909-0309 | CVE-2009-2205 | Mac OS X for Java of Java Web Start Command launcher buffer overflow vulnerability |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Stack-based buffer overflow in the Java Web Start command launcher in Java for Mac OS X 10.5 before Update 5 allows attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. Java 1.4 is prone to a denial-of-service vulnerability
| VAR-200909-0308 | CVE-2009-2203 | Apple QuickTime Vulnerable to buffer overflow |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Buffer overflow in Apple QuickTime before 7.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG-4 video file.
These issues arise when the application handles specially crafted H.264, MPEG-4, and FlashPix video files.
Versions prior to QuickTime 7.6.4 are vulnerable on Windows 7, Vista, XP, and Mac OS X platforms. Apple QuickTime is a very popular multimedia player. There is a buffer overflow vulnerability in QuickTime versions before 7.6.4 when processing MPEG-4 video files
| VAR-200909-0320 | CVE-2009-2815 | Apple iPhone OS of Telephony Service disruption in components (DoS) Vulnerabilities |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
The Telephony component in Apple iPhone OS before 3.1 does not properly handle SMS arrival notifications, which allows remote attackers to cause a denial of service (NULL pointer dereference and service interruption) via a crafted SMS message. Apple iPhone is prone to a NULL-pointer dereference vulnerability.
Successful exploits may allow attackers to cause the affected service to become unresponsive.
This issue affects iPhone OS 1.0 through 3.0.1.
This issue was previously covered in BID 36326 (Apple iPhone prior to 3.1 and iPod touch Prior to 3.1.1 Multiple Vulnerabilities) but has been given its own record to better document it. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
For more information visit:
http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to
discuss how we can help you with our capabilities contact us at:
sales@secunia.com
----------------------------------------------------------------------
TITLE:
Apple iPhone / iPod touch Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA36677
VERIFY ADVISORY:
http://secunia.com/advisories/36677/
DESCRIPTION:
Some vulnerabilities, security issues, and weaknesses have been
reported in Apple iPhone and iPod touch, which can be exploited by
malicious people with physical access to the device to bypass certain
security restrictions or disclose sensitive information, and by
malicious people to disclose sensitive information, conduct
cross-site scripting and spoofing attacks, cause a DoS (Denial of
Service), or to compromise a user's system.
1) An error in CoreAudio when processing sample size table entries
of AAC and MP3 files can be exploited to cause a heap-based buffer
overflow and potentially execute arbitrary code.
2) An error in Exchange Support exists due to the "Require Passcode"
setting not being affected by the "Maximum inactivity time lock"
setting. This may lead to a time window, regardless of the Maximum
inactivity time lock" setting, in which a person with physical access
to the device is able to use the Exchange services.
3) A security issue exists in MobileMail due to deleted mails being
accessible via Spotlight search. This can be exploited by malicious
people with physical access to the device to disclose potentially
sensitive information.
4) An unspecified error exists in the Recovery Mode command parsing.
This can be exploited by a person with physical access to a device to
cause a heap-based buffer overflow and e.g. gain access to a locked
device.
6) An error in the handling of passwords in UIKit can be exploited by
a person with physical access to a device to disclose a password.
7) Safari includes the user name and password in the "Referer"
header, which can lead to the exposure of sensitive information.
8) Two vulnerabilities in WebKit can be exploited by malicious people
to conduct cross-site scripting attacks or potentially compromise a
user's system.
For more information:
SA35758
9) A vulnerability in WebKit can be exploited by malicious people to
conduct spoofing attacks.
PROVIDED AND/OR DISCOVERED BY:
1) Tobias Klein, trapkit.de
The vendor credits:
2) Allan Steven, Robert Duran, Jeff Beckham of PepsiCo, Joshua
Levitsky, Michael Breton of Intel Corporation, Mike Karban of Edward
Jones, and Steve Moriarty of Agilent Technologies
3) Clickwise Software and Tony Kavadias
5) Charlie Miller of Independent Security Evaluators and Collin
Mulliner of Technical University Berlin
6) Abraham Vegh
7) James A. T. Rice of Jump Networks Ltd
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT3860
Tobias Klein:
http://trapkit.de/advisories/TKADV2009-007.txt
OTHER REFERENCES:
SA35758:
http://secunia.com/advisories/35758/
SA36269:
http://secunia.com/advisories/36269/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200909-0307 | CVE-2009-2202 | Apple QuickTime Vulnerabilities in arbitrary code execution |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Apple QuickTime before 7.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted H.264 movie file.
These issues arise when the application handles specially crafted H.264, MPEG-4, and FlashPix video files. Successful exploits may allow attackers to execute arbitrary code in the context of the currently logged-in user; failed exploit attempts will cause denial-of-service conditions.
Versions prior to QuickTime 7.6.4 are vulnerable on Windows 7, Vista, XP, and Mac OS X platforms. Apple QuickTime is a very popular multimedia player. QuickTime versions before 7.6.4 have a memory corruption vulnerability when processing H.264 movie files