VARIoT IoT vulnerabilities database

Quartz Composer Screen Saver in Mac OS X 10.4.2 allows local users to access links from the RSS Visualizer even when a password is required. Multiple security vulnerabilities are reported to affect Apple Mac OS X; updates are available. Apache is prone to five vulnerabilities ranging from buffer overflows to access validation vulnerabilities. The CVE Mitre candidate IDs CAN-2005-1344, CAN-2004-0942, CAN-2004-0885, CAN-2004-1083, and CAN-2004-1084 are assigned to these issues. Appkit is prone to three vulnerabilities. Two of these could result in arbitrary code execution, the third could permit the creation of local accounts. The CVE Mitre candidate IDs CAN-2005-2501, CAN-2005-2502, and CAN-2005-2503 are assigned to these issues. Bluetooth is prone to a vulnerability regarding authentication bypass. The CVE Mitre candidate ID CAN-2005-2504 is assigned to this issue. CoreFoundation is prone to two vulnerabilities, one resulting in a buffer overflow, the other a denial-of-service vulnerability. The CVE Mitre candidate IDs CAN-2005-2505 and CAN-2005-2506 are assigned to these issues. CUPS is prone to two vulnerabilities resulting in a denial of service until the service can be restarted. The CVE Mitre candidate IDs CAN-2005-2525 and CAN-2005-2526 are assigned to these issues. Directory Services is prone to three vulnerabilities. These issues vary from buffer overflow, unauthorized account creation and deletion, and privilege escalation. The CVE Mitre candidate IDs CAN-2005-2507, CAN-2005-2508 and CAN-2005-2519 are assigned to these issues. HItoolbox is prone to a vulnerability that could result in information disclosure. The CVE Mitre candidate ID CAN-2005-2513 is assigned to this issue. Kerberos is prone to five vulnerabilities that may result in a buffer overflow, execution of arbitrary code, and root compromise. The CVE Mitre candidate IDs CAN-2004-1189, CAN-2005-1174, CAN-2005-1175, CAN-2005-1689, and CAN-2005-2511 are assigned to these issues. loginwindow is prone to a vulnerability that could permit a user to gain access to other logged-in accounts. The CVE Mitre candidate ID CAN-2005-2509 is assigned to this issue. Mail is prone to a vulnerability regarding the loss of privacy when remote images are loaded into HTML email. The CVE Mitre candidate ID CAN-2005-2512 is assigned to this issue. MySQL is prone to three vulnerabilities that include arbitrary code execution by remote authenticated users. The CVE Mitre candidate IDs CAN-2005-0709, CAN-2005-0710, and CAN-2005-0711 are assigned to these issues. OpenSSL is prone to two vulnerabilities resulting in denial of service. The CVE Mitre candidate IDs CAN-2004-0079 and CAN-2004-0112 are assigned to these issues. ping is prone to a vulnerability that could allow local privilege escalation and arbitrary code execution. The CVE Mitre candidate ID CAN-2005-2514 is assigned to this issue. QuartzComposerScreenSaver is prone to a vulnerability that could allow users to open pages while the RSS Visualizer screen is locked. The CVE Mitre candidate ID CAN-2005-2515 is assigned to this issue. Safari is prone to two vulnerabilities that could result in arbitrary command execution or have information submitted to an incorrect site. The CVE Mitre candidate IDs CAN-2005-2516 and CAN-2005-2517 are assigned to these issues. SecurityInterface is prone to a vulnerability that could expose recently used passwords. The CVE Mitre candidate ID CAN-2005-2520 is assigned to this issue. servermgrd is prone to a buffer-overflow vulnerability that could ultimately lead to the execution of arbitrary code. The CVE Mitre candidate ID CAN-2005-2518 is assigned to this issue. servermgr_ipfilter is prone to a vulnerability regarding firewall settings not always being written to the Active Rules. The CVE Mitre candidate ID CAN-2005-2510 is assigned to this issue. SquirrelMail is prone to two vulnerabilities including a cross-site scripting issue. The CVE Mitre candidate IDs CAN-2005-1769 and CAN-2005-2095 are assigned to these issues. traceroute is prone to a vulnerability that could result in arbitrary code execution and privilege escalation. The CVE Mitre candidate ID CAN-2005-2521 is assigned to this issue. WebKit is affected by a vulnerability that could result in code execution regarding a malformed PDF file. The CVE Mitre candidate ID CAN-2005-2522 is assigned to this issue. Weblog Server is prone to multiple cross-site scripting vulnerabilities. The CVE Mitre candidate ID CAN-2005-2523 is assigned to this issue. X11 is prone to a vulnerability that could result in arbitrary code execution. The CVE Mitre candidate ID CAN-2005-0605 is assigned to this issue. zlib is prone to two denial-of-service vulnerabilities that may ultimately lead to arbitrary code execution. The CVE Mitre candidate IDs CAN-2005-2096 and CAN-2005-1849 are assigned to these issues. These vulnerabilities will be separated into individual BIDs upon further analysis of the issues

Multiple cross-site scripting (XSS) vulnerabilities in Weblog Server in Mac OS X 10.4 to 10.4.2 allow remote attackers to inject arbitrary web script or HTML via unknown vectors. Multiple security vulnerabilities are reported to affect Apple Mac OS X; updates are available. Apache is prone to five vulnerabilities ranging from buffer overflows to access validation vulnerabilities. The CVE Mitre candidate IDs CAN-2005-1344, CAN-2004-0942, CAN-2004-0885, CAN-2004-1083, and CAN-2004-1084 are assigned to these issues. Appkit is prone to three vulnerabilities. Two of these could result in arbitrary code execution, the third could permit the creation of local accounts. The CVE Mitre candidate IDs CAN-2005-2501, CAN-2005-2502, and CAN-2005-2503 are assigned to these issues. Bluetooth is prone to a vulnerability regarding authentication bypass. The CVE Mitre candidate ID CAN-2005-2504 is assigned to this issue. CoreFoundation is prone to two vulnerabilities, one resulting in a buffer overflow, the other a denial-of-service vulnerability. The CVE Mitre candidate IDs CAN-2005-2505 and CAN-2005-2506 are assigned to these issues. CUPS is prone to two vulnerabilities resulting in a denial of service until the service can be restarted. The CVE Mitre candidate IDs CAN-2005-2525 and CAN-2005-2526 are assigned to these issues. Directory Services is prone to three vulnerabilities. These issues vary from buffer overflow, unauthorized account creation and deletion, and privilege escalation. The CVE Mitre candidate IDs CAN-2005-2507, CAN-2005-2508 and CAN-2005-2519 are assigned to these issues. HItoolbox is prone to a vulnerability that could result in information disclosure. The CVE Mitre candidate ID CAN-2005-2513 is assigned to this issue. Kerberos is prone to five vulnerabilities that may result in a buffer overflow, execution of arbitrary code, and root compromise. The CVE Mitre candidate IDs CAN-2004-1189, CAN-2005-1174, CAN-2005-1175, CAN-2005-1689, and CAN-2005-2511 are assigned to these issues. loginwindow is prone to a vulnerability that could permit a user to gain access to other logged-in accounts. The CVE Mitre candidate ID CAN-2005-2509 is assigned to this issue. Mail is prone to a vulnerability regarding the loss of privacy when remote images are loaded into HTML email. The CVE Mitre candidate ID CAN-2005-2512 is assigned to this issue. MySQL is prone to three vulnerabilities that include arbitrary code execution by remote authenticated users. The CVE Mitre candidate IDs CAN-2005-0709, CAN-2005-0710, and CAN-2005-0711 are assigned to these issues. OpenSSL is prone to two vulnerabilities resulting in denial of service. The CVE Mitre candidate IDs CAN-2004-0079 and CAN-2004-0112 are assigned to these issues. ping is prone to a vulnerability that could allow local privilege escalation and arbitrary code execution. The CVE Mitre candidate ID CAN-2005-2514 is assigned to this issue. QuartzComposerScreenSaver is prone to a vulnerability that could allow users to open pages while the RSS Visualizer screen is locked. The CVE Mitre candidate ID CAN-2005-2515 is assigned to this issue. Safari is prone to two vulnerabilities that could result in arbitrary command execution or have information submitted to an incorrect site. The CVE Mitre candidate IDs CAN-2005-2516 and CAN-2005-2517 are assigned to these issues. SecurityInterface is prone to a vulnerability that could expose recently used passwords. The CVE Mitre candidate ID CAN-2005-2520 is assigned to this issue. servermgrd is prone to a buffer-overflow vulnerability that could ultimately lead to the execution of arbitrary code. The CVE Mitre candidate ID CAN-2005-2518 is assigned to this issue. servermgr_ipfilter is prone to a vulnerability regarding firewall settings not always being written to the Active Rules. The CVE Mitre candidate ID CAN-2005-2510 is assigned to this issue. SquirrelMail is prone to two vulnerabilities including a cross-site scripting issue. The CVE Mitre candidate IDs CAN-2005-1769 and CAN-2005-2095 are assigned to these issues. traceroute is prone to a vulnerability that could result in arbitrary code execution and privilege escalation. The CVE Mitre candidate ID CAN-2005-2521 is assigned to this issue. WebKit is affected by a vulnerability that could result in code execution regarding a malformed PDF file. The CVE Mitre candidate ID CAN-2005-2522 is assigned to this issue. The CVE Mitre candidate ID CAN-2005-2523 is assigned to this issue. X11 is prone to a vulnerability that could result in arbitrary code execution. The CVE Mitre candidate ID CAN-2005-0605 is assigned to this issue. zlib is prone to two denial-of-service vulnerabilities that may ultimately lead to arbitrary code execution. The CVE Mitre candidate IDs CAN-2005-2096 and CAN-2005-1849 are assigned to these issues. These vulnerabilities will be separated into individual BIDs upon further analysis of the issues. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks. It is now being assigned its own BID

Safari in Mac OS X 10.3.9 and 10.4.2 submits forms from an XSL formatted page to the next page that is browsed by the user, which causes form data to be sent to the wrong site. Multiple security vulnerabilities are reported to affect Apple Mac OS X; updates are available. Apache is prone to five vulnerabilities ranging from buffer overflows to access validation vulnerabilities. The CVE Mitre candidate IDs CAN-2005-1344, CAN-2004-0942, CAN-2004-0885, CAN-2004-1083, and CAN-2004-1084 are assigned to these issues. Appkit is prone to three vulnerabilities. Two of these could result in arbitrary code execution, the third could permit the creation of local accounts. The CVE Mitre candidate IDs CAN-2005-2501, CAN-2005-2502, and CAN-2005-2503 are assigned to these issues. Bluetooth is prone to a vulnerability regarding authentication bypass. The CVE Mitre candidate ID CAN-2005-2504 is assigned to this issue. CoreFoundation is prone to two vulnerabilities, one resulting in a buffer overflow, the other a denial-of-service vulnerability. The CVE Mitre candidate IDs CAN-2005-2505 and CAN-2005-2506 are assigned to these issues. CUPS is prone to two vulnerabilities resulting in a denial of service until the service can be restarted. The CVE Mitre candidate IDs CAN-2005-2525 and CAN-2005-2526 are assigned to these issues. Directory Services is prone to three vulnerabilities. These issues vary from buffer overflow, unauthorized account creation and deletion, and privilege escalation. The CVE Mitre candidate IDs CAN-2005-2507, CAN-2005-2508 and CAN-2005-2519 are assigned to these issues. HItoolbox is prone to a vulnerability that could result in information disclosure. The CVE Mitre candidate ID CAN-2005-2513 is assigned to this issue. Kerberos is prone to five vulnerabilities that may result in a buffer overflow, execution of arbitrary code, and root compromise. The CVE Mitre candidate IDs CAN-2004-1189, CAN-2005-1174, CAN-2005-1175, CAN-2005-1689, and CAN-2005-2511 are assigned to these issues. loginwindow is prone to a vulnerability that could permit a user to gain access to other logged-in accounts. The CVE Mitre candidate ID CAN-2005-2509 is assigned to this issue. Mail is prone to a vulnerability regarding the loss of privacy when remote images are loaded into HTML email. The CVE Mitre candidate ID CAN-2005-2512 is assigned to this issue. MySQL is prone to three vulnerabilities that include arbitrary code execution by remote authenticated users. The CVE Mitre candidate IDs CAN-2005-0709, CAN-2005-0710, and CAN-2005-0711 are assigned to these issues. OpenSSL is prone to two vulnerabilities resulting in denial of service. The CVE Mitre candidate IDs CAN-2004-0079 and CAN-2004-0112 are assigned to these issues. ping is prone to a vulnerability that could allow local privilege escalation and arbitrary code execution. The CVE Mitre candidate ID CAN-2005-2514 is assigned to this issue. QuartzComposerScreenSaver is prone to a vulnerability that could allow users to open pages while the RSS Visualizer screen is locked. The CVE Mitre candidate ID CAN-2005-2515 is assigned to this issue. Safari is prone to two vulnerabilities that could result in arbitrary command execution or have information submitted to an incorrect site. The CVE Mitre candidate IDs CAN-2005-2516 and CAN-2005-2517 are assigned to these issues. SecurityInterface is prone to a vulnerability that could expose recently used passwords. The CVE Mitre candidate ID CAN-2005-2520 is assigned to this issue. servermgrd is prone to a buffer-overflow vulnerability that could ultimately lead to the execution of arbitrary code. The CVE Mitre candidate ID CAN-2005-2518 is assigned to this issue. servermgr_ipfilter is prone to a vulnerability regarding firewall settings not always being written to the Active Rules. The CVE Mitre candidate ID CAN-2005-2510 is assigned to this issue. SquirrelMail is prone to two vulnerabilities including a cross-site scripting issue. The CVE Mitre candidate IDs CAN-2005-1769 and CAN-2005-2095 are assigned to these issues. traceroute is prone to a vulnerability that could result in arbitrary code execution and privilege escalation. The CVE Mitre candidate ID CAN-2005-2521 is assigned to this issue. WebKit is affected by a vulnerability that could result in code execution regarding a malformed PDF file. The CVE Mitre candidate ID CAN-2005-2522 is assigned to this issue. Weblog Server is prone to multiple cross-site scripting vulnerabilities. The CVE Mitre candidate ID CAN-2005-2523 is assigned to this issue. X11 is prone to a vulnerability that could result in arbitrary code execution. The CVE Mitre candidate ID CAN-2005-0605 is assigned to this issue. zlib is prone to two denial-of-service vulnerabilities that may ultimately lead to arbitrary code execution. The CVE Mitre candidate IDs CAN-2005-2096 and CAN-2005-1849 are assigned to these issues. These vulnerabilities will be separated into individual BIDs upon further analysis of the issues. OpenSSL is an open source general-purpose encryption library developed by the OpenSSL team that can implement the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols. It supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, security hashing algorithm, etc. A bug in OpenSSL's handling of the SSL/TLS handshake implementation could be exploited by a remote attacker to crash OpenSSL. Using the Codenomicon TLS testing tool, OpenSSL found a NULL pointer allocation in the do_change_cipher_spec() function. A remote attacker can construct a special SSL/TLS handshake and send it to a server using the OpenSSL library, which can cause OpenSSL to crash, and applications that rely on this library will cause a denial of service

Buffer overflow in ping in Mac OS X 10.3.9 allows local users to execute arbitrary code. Multiple security vulnerabilities are reported to affect Apple Mac OS X; updates are available. Apache is prone to five vulnerabilities ranging from buffer overflows to access validation vulnerabilities. The CVE Mitre candidate IDs CAN-2005-1344, CAN-2004-0942, CAN-2004-0885, CAN-2004-1083, and CAN-2004-1084 are assigned to these issues. Appkit is prone to three vulnerabilities. Two of these could result in arbitrary code execution, the third could permit the creation of local accounts. The CVE Mitre candidate IDs CAN-2005-2501, CAN-2005-2502, and CAN-2005-2503 are assigned to these issues. Bluetooth is prone to a vulnerability regarding authentication bypass. The CVE Mitre candidate ID CAN-2005-2504 is assigned to this issue. CoreFoundation is prone to two vulnerabilities, one resulting in a buffer overflow, the other a denial-of-service vulnerability. The CVE Mitre candidate IDs CAN-2005-2505 and CAN-2005-2506 are assigned to these issues. CUPS is prone to two vulnerabilities resulting in a denial of service until the service can be restarted. The CVE Mitre candidate IDs CAN-2005-2525 and CAN-2005-2526 are assigned to these issues. Directory Services is prone to three vulnerabilities. These issues vary from buffer overflow, unauthorized account creation and deletion, and privilege escalation. The CVE Mitre candidate IDs CAN-2005-2507, CAN-2005-2508 and CAN-2005-2519 are assigned to these issues. HItoolbox is prone to a vulnerability that could result in information disclosure. The CVE Mitre candidate ID CAN-2005-2513 is assigned to this issue. Kerberos is prone to five vulnerabilities that may result in a buffer overflow, execution of arbitrary code, and root compromise. The CVE Mitre candidate IDs CAN-2004-1189, CAN-2005-1174, CAN-2005-1175, CAN-2005-1689, and CAN-2005-2511 are assigned to these issues. loginwindow is prone to a vulnerability that could permit a user to gain access to other logged-in accounts. The CVE Mitre candidate ID CAN-2005-2509 is assigned to this issue. Mail is prone to a vulnerability regarding the loss of privacy when remote images are loaded into HTML email. The CVE Mitre candidate ID CAN-2005-2512 is assigned to this issue. MySQL is prone to three vulnerabilities that include arbitrary code execution by remote authenticated users. The CVE Mitre candidate IDs CAN-2005-0709, CAN-2005-0710, and CAN-2005-0711 are assigned to these issues. OpenSSL is prone to two vulnerabilities resulting in denial of service. The CVE Mitre candidate IDs CAN-2004-0079 and CAN-2004-0112 are assigned to these issues. The CVE Mitre candidate ID CAN-2005-2514 is assigned to this issue. QuartzComposerScreenSaver is prone to a vulnerability that could allow users to open pages while the RSS Visualizer screen is locked. The CVE Mitre candidate ID CAN-2005-2515 is assigned to this issue. Safari is prone to two vulnerabilities that could result in arbitrary command execution or have information submitted to an incorrect site. The CVE Mitre candidate IDs CAN-2005-2516 and CAN-2005-2517 are assigned to these issues. SecurityInterface is prone to a vulnerability that could expose recently used passwords. The CVE Mitre candidate ID CAN-2005-2520 is assigned to this issue. servermgrd is prone to a buffer-overflow vulnerability that could ultimately lead to the execution of arbitrary code. The CVE Mitre candidate ID CAN-2005-2518 is assigned to this issue. servermgr_ipfilter is prone to a vulnerability regarding firewall settings not always being written to the Active Rules. The CVE Mitre candidate ID CAN-2005-2510 is assigned to this issue. SquirrelMail is prone to two vulnerabilities including a cross-site scripting issue. The CVE Mitre candidate IDs CAN-2005-1769 and CAN-2005-2095 are assigned to these issues. traceroute is prone to a vulnerability that could result in arbitrary code execution and privilege escalation. The CVE Mitre candidate ID CAN-2005-2521 is assigned to this issue. WebKit is affected by a vulnerability that could result in code execution regarding a malformed PDF file. The CVE Mitre candidate ID CAN-2005-2522 is assigned to this issue. Weblog Server is prone to multiple cross-site scripting vulnerabilities. The CVE Mitre candidate ID CAN-2005-2523 is assigned to this issue. X11 is prone to a vulnerability that could result in arbitrary code execution. The CVE Mitre candidate ID CAN-2005-0605 is assigned to this issue. zlib is prone to two denial-of-service vulnerabilities that may ultimately lead to arbitrary code execution. The CVE Mitre candidate IDs CAN-2005-2096 and CAN-2005-1849 are assigned to these issues. These vulnerabilities will be separated into individual BIDs upon further analysis of the issues

Unknown vulnerability in HItoolbox for Mac OS X 10.4.2 allows VoiceOver services to read secure input fields. Apache is prone to five vulnerabilities ranging from buffer overflows to access validation vulnerabilities. The CVE Mitre candidate IDs CAN-2005-1344, CAN-2004-0942, CAN-2004-0885, CAN-2004-1083, and CAN-2004-1084 are assigned to these issues. Appkit is prone to three vulnerabilities. Two of these could result in arbitrary code execution, the third could permit the creation of local accounts. The CVE Mitre candidate IDs CAN-2005-2501, CAN-2005-2502, and CAN-2005-2503 are assigned to these issues. Bluetooth is prone to a vulnerability regarding authentication bypass. The CVE Mitre candidate ID CAN-2005-2504 is assigned to this issue. CoreFoundation is prone to two vulnerabilities, one resulting in a buffer overflow, the other a denial-of-service vulnerability. The CVE Mitre candidate IDs CAN-2005-2505 and CAN-2005-2506 are assigned to these issues. CUPS is prone to two vulnerabilities resulting in a denial of service until the service can be restarted. The CVE Mitre candidate IDs CAN-2005-2525 and CAN-2005-2526 are assigned to these issues. Directory Services is prone to three vulnerabilities. These issues vary from buffer overflow, unauthorized account creation and deletion, and privilege escalation. The CVE Mitre candidate IDs CAN-2005-2507, CAN-2005-2508 and CAN-2005-2519 are assigned to these issues. HItoolbox is prone to a vulnerability that could result in information disclosure. The CVE Mitre candidate ID CAN-2005-2513 is assigned to this issue. Kerberos is prone to five vulnerabilities that may result in a buffer overflow, execution of arbitrary code, and root compromise. The CVE Mitre candidate IDs CAN-2004-1189, CAN-2005-1174, CAN-2005-1175, CAN-2005-1689, and CAN-2005-2511 are assigned to these issues. loginwindow is prone to a vulnerability that could permit a user to gain access to other logged-in accounts. The CVE Mitre candidate ID CAN-2005-2509 is assigned to this issue. Mail is prone to a vulnerability regarding the loss of privacy when remote images are loaded into HTML email. The CVE Mitre candidate ID CAN-2005-2512 is assigned to this issue. MySQL is prone to three vulnerabilities that include arbitrary code execution by remote authenticated users. The CVE Mitre candidate IDs CAN-2005-0709, CAN-2005-0710, and CAN-2005-0711 are assigned to these issues. OpenSSL is prone to two vulnerabilities resulting in denial of service. The CVE Mitre candidate IDs CAN-2004-0079 and CAN-2004-0112 are assigned to these issues. ping is prone to a vulnerability that could allow local privilege escalation and arbitrary code execution. The CVE Mitre candidate ID CAN-2005-2514 is assigned to this issue. QuartzComposerScreenSaver is prone to a vulnerability that could allow users to open pages while the RSS Visualizer screen is locked. The CVE Mitre candidate ID CAN-2005-2515 is assigned to this issue. Safari is prone to two vulnerabilities that could result in arbitrary command execution or have information submitted to an incorrect site. The CVE Mitre candidate IDs CAN-2005-2516 and CAN-2005-2517 are assigned to these issues. SecurityInterface is prone to a vulnerability that could expose recently used passwords. The CVE Mitre candidate ID CAN-2005-2520 is assigned to this issue. servermgrd is prone to a buffer-overflow vulnerability that could ultimately lead to the execution of arbitrary code. The CVE Mitre candidate ID CAN-2005-2518 is assigned to this issue. servermgr_ipfilter is prone to a vulnerability regarding firewall settings not always being written to the Active Rules. The CVE Mitre candidate ID CAN-2005-2510 is assigned to this issue. SquirrelMail is prone to two vulnerabilities including a cross-site scripting issue. The CVE Mitre candidate IDs CAN-2005-1769 and CAN-2005-2095 are assigned to these issues. traceroute is prone to a vulnerability that could result in arbitrary code execution and privilege escalation. The CVE Mitre candidate ID CAN-2005-2521 is assigned to this issue. WebKit is affected by a vulnerability that could result in code execution regarding a malformed PDF file. The CVE Mitre candidate ID CAN-2005-2522 is assigned to this issue. Weblog Server is prone to multiple cross-site scripting vulnerabilities. The CVE Mitre candidate ID CAN-2005-2523 is assigned to this issue. X11 is prone to a vulnerability that could result in arbitrary code execution. The CVE Mitre candidate ID CAN-2005-0605 is assigned to this issue. zlib is prone to two denial-of-service vulnerabilities that may ultimately lead to arbitrary code execution. The CVE Mitre candidate IDs CAN-2005-2096 and CAN-2005-1849 are assigned to these issues. These vulnerabilities will be separated into individual BIDs upon further analysis of the issues. OpenSSL is an open source general-purpose encryption library developed by the OpenSSL team that can implement the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols. It supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, security hashing algorithm, etc. A bug in OpenSSL's handling of the SSL/TLS handshake implementation could be exploited by a remote attacker to crash OpenSSL. Using the Codenomicon TLS testing tool, OpenSSL found a NULL pointer allocation in the do_change_cipher_spec() function. A remote attacker can construct a special SSL/TLS handshake and send it to a server using the OpenSSL library, which can cause OpenSSL to crash, and applications that rely on this library will cause a denial of service

Mail.app in Mac OS 10.4.2 and earlier, when printing or forwarding an HTML message, loads remote images even when the user's preferences state otherwise, which could result in a privacy leak. Multiple security vulnerabilities are reported to affect Apple Mac OS X; updates are available. Apache is prone to five vulnerabilities ranging from buffer overflows to access validation vulnerabilities. The CVE Mitre candidate IDs CAN-2005-1344, CAN-2004-0942, CAN-2004-0885, CAN-2004-1083, and CAN-2004-1084 are assigned to these issues. Appkit is prone to three vulnerabilities. Two of these could result in arbitrary code execution, the third could permit the creation of local accounts. The CVE Mitre candidate IDs CAN-2005-2501, CAN-2005-2502, and CAN-2005-2503 are assigned to these issues. Bluetooth is prone to a vulnerability regarding authentication bypass. The CVE Mitre candidate ID CAN-2005-2504 is assigned to this issue. CoreFoundation is prone to two vulnerabilities, one resulting in a buffer overflow, the other a denial-of-service vulnerability. The CVE Mitre candidate IDs CAN-2005-2505 and CAN-2005-2506 are assigned to these issues. CUPS is prone to two vulnerabilities resulting in a denial of service until the service can be restarted. The CVE Mitre candidate IDs CAN-2005-2525 and CAN-2005-2526 are assigned to these issues. Directory Services is prone to three vulnerabilities. These issues vary from buffer overflow, unauthorized account creation and deletion, and privilege escalation. The CVE Mitre candidate IDs CAN-2005-2507, CAN-2005-2508 and CAN-2005-2519 are assigned to these issues. HItoolbox is prone to a vulnerability that could result in information disclosure. The CVE Mitre candidate ID CAN-2005-2513 is assigned to this issue. Kerberos is prone to five vulnerabilities that may result in a buffer overflow, execution of arbitrary code, and root compromise. The CVE Mitre candidate IDs CAN-2004-1189, CAN-2005-1174, CAN-2005-1175, CAN-2005-1689, and CAN-2005-2511 are assigned to these issues. loginwindow is prone to a vulnerability that could permit a user to gain access to other logged-in accounts. The CVE Mitre candidate ID CAN-2005-2509 is assigned to this issue. Mail is prone to a vulnerability regarding the loss of privacy when remote images are loaded into HTML email. The CVE Mitre candidate ID CAN-2005-2512 is assigned to this issue. MySQL is prone to three vulnerabilities that include arbitrary code execution by remote authenticated users. The CVE Mitre candidate IDs CAN-2005-0709, CAN-2005-0710, and CAN-2005-0711 are assigned to these issues. OpenSSL is prone to two vulnerabilities resulting in denial of service. The CVE Mitre candidate IDs CAN-2004-0079 and CAN-2004-0112 are assigned to these issues. ping is prone to a vulnerability that could allow local privilege escalation and arbitrary code execution. The CVE Mitre candidate ID CAN-2005-2514 is assigned to this issue. QuartzComposerScreenSaver is prone to a vulnerability that could allow users to open pages while the RSS Visualizer screen is locked. The CVE Mitre candidate ID CAN-2005-2515 is assigned to this issue. Safari is prone to two vulnerabilities that could result in arbitrary command execution or have information submitted to an incorrect site. The CVE Mitre candidate IDs CAN-2005-2516 and CAN-2005-2517 are assigned to these issues. SecurityInterface is prone to a vulnerability that could expose recently used passwords. The CVE Mitre candidate ID CAN-2005-2520 is assigned to this issue. servermgrd is prone to a buffer-overflow vulnerability that could ultimately lead to the execution of arbitrary code. The CVE Mitre candidate ID CAN-2005-2518 is assigned to this issue. servermgr_ipfilter is prone to a vulnerability regarding firewall settings not always being written to the Active Rules. The CVE Mitre candidate ID CAN-2005-2510 is assigned to this issue. SquirrelMail is prone to two vulnerabilities including a cross-site scripting issue. The CVE Mitre candidate IDs CAN-2005-1769 and CAN-2005-2095 are assigned to these issues. traceroute is prone to a vulnerability that could result in arbitrary code execution and privilege escalation. The CVE Mitre candidate ID CAN-2005-2521 is assigned to this issue. WebKit is affected by a vulnerability that could result in code execution regarding a malformed PDF file. The CVE Mitre candidate ID CAN-2005-2522 is assigned to this issue. Weblog Server is prone to multiple cross-site scripting vulnerabilities. The CVE Mitre candidate ID CAN-2005-2523 is assigned to this issue. X11 is prone to a vulnerability that could result in arbitrary code execution. The CVE Mitre candidate ID CAN-2005-0605 is assigned to this issue. zlib is prone to two denial-of-service vulnerabilities that may ultimately lead to arbitrary code execution. The CVE Mitre candidate IDs CAN-2005-2096 and CAN-2005-1849 are assigned to these issues. These vulnerabilities will be separated into individual BIDs upon further analysis of the issues

Unknown vulnerability in Mac OS X 10.4.2 and earlier, when using Kerberos authentication with LDAP, allows attackers to gain access to a root Terminal window. Multiple security vulnerabilities are reported to affect Apple Mac OS X; updates are available. Apache is prone to five vulnerabilities ranging from buffer overflows to access validation vulnerabilities. The CVE Mitre candidate IDs CAN-2005-1344, CAN-2004-0942, CAN-2004-0885, CAN-2004-1083, and CAN-2004-1084 are assigned to these issues. Appkit is prone to three vulnerabilities. Two of these could result in arbitrary code execution, the third could permit the creation of local accounts. The CVE Mitre candidate IDs CAN-2005-2501, CAN-2005-2502, and CAN-2005-2503 are assigned to these issues. Bluetooth is prone to a vulnerability regarding authentication bypass. The CVE Mitre candidate ID CAN-2005-2504 is assigned to this issue. CoreFoundation is prone to two vulnerabilities, one resulting in a buffer overflow, the other a denial-of-service vulnerability. The CVE Mitre candidate IDs CAN-2005-2505 and CAN-2005-2506 are assigned to these issues. CUPS is prone to two vulnerabilities resulting in a denial of service until the service can be restarted. The CVE Mitre candidate IDs CAN-2005-2525 and CAN-2005-2526 are assigned to these issues. Directory Services is prone to three vulnerabilities. These issues vary from buffer overflow, unauthorized account creation and deletion, and privilege escalation. The CVE Mitre candidate IDs CAN-2005-2507, CAN-2005-2508 and CAN-2005-2519 are assigned to these issues. HItoolbox is prone to a vulnerability that could result in information disclosure. The CVE Mitre candidate ID CAN-2005-2513 is assigned to this issue. Kerberos is prone to five vulnerabilities that may result in a buffer overflow, execution of arbitrary code, and root compromise. The CVE Mitre candidate IDs CAN-2004-1189, CAN-2005-1174, CAN-2005-1175, CAN-2005-1689, and CAN-2005-2511 are assigned to these issues. loginwindow is prone to a vulnerability that could permit a user to gain access to other logged-in accounts. The CVE Mitre candidate ID CAN-2005-2509 is assigned to this issue. Mail is prone to a vulnerability regarding the loss of privacy when remote images are loaded into HTML email. The CVE Mitre candidate ID CAN-2005-2512 is assigned to this issue. MySQL is prone to three vulnerabilities that include arbitrary code execution by remote authenticated users. The CVE Mitre candidate IDs CAN-2005-0709, CAN-2005-0710, and CAN-2005-0711 are assigned to these issues. OpenSSL is prone to two vulnerabilities resulting in denial of service. The CVE Mitre candidate IDs CAN-2004-0079 and CAN-2004-0112 are assigned to these issues. ping is prone to a vulnerability that could allow local privilege escalation and arbitrary code execution. The CVE Mitre candidate ID CAN-2005-2514 is assigned to this issue. QuartzComposerScreenSaver is prone to a vulnerability that could allow users to open pages while the RSS Visualizer screen is locked. The CVE Mitre candidate ID CAN-2005-2515 is assigned to this issue. Safari is prone to two vulnerabilities that could result in arbitrary command execution or have information submitted to an incorrect site. The CVE Mitre candidate IDs CAN-2005-2516 and CAN-2005-2517 are assigned to these issues. SecurityInterface is prone to a vulnerability that could expose recently used passwords. The CVE Mitre candidate ID CAN-2005-2520 is assigned to this issue. servermgrd is prone to a buffer-overflow vulnerability that could ultimately lead to the execution of arbitrary code. The CVE Mitre candidate ID CAN-2005-2518 is assigned to this issue. servermgr_ipfilter is prone to a vulnerability regarding firewall settings not always being written to the Active Rules. The CVE Mitre candidate ID CAN-2005-2510 is assigned to this issue. SquirrelMail is prone to two vulnerabilities including a cross-site scripting issue. The CVE Mitre candidate IDs CAN-2005-1769 and CAN-2005-2095 are assigned to these issues. traceroute is prone to a vulnerability that could result in arbitrary code execution and privilege escalation. The CVE Mitre candidate ID CAN-2005-2521 is assigned to this issue. WebKit is affected by a vulnerability that could result in code execution regarding a malformed PDF file. The CVE Mitre candidate ID CAN-2005-2522 is assigned to this issue. Weblog Server is prone to multiple cross-site scripting vulnerabilities. The CVE Mitre candidate ID CAN-2005-2523 is assigned to this issue. X11 is prone to a vulnerability that could result in arbitrary code execution. The CVE Mitre candidate ID CAN-2005-0605 is assigned to this issue. zlib is prone to two denial-of-service vulnerabilities that may ultimately lead to arbitrary code execution. The CVE Mitre candidate IDs CAN-2005-2096 and CAN-2005-1849 are assigned to these issues. These vulnerabilities will be separated into individual BIDs upon further analysis of the issues

The Server Admin tool in servermgr_ipfilter for Mac OS X 10.4 to 10.4.2, when using multiple subnets and Address Groups, does not always properly write firewall rules to the Active Rules when certain conditions occur, which could result in firewall policies that are less restrictive than intended by the administrator. Multiple security vulnerabilities are reported to affect Apple Mac OS X; updates are available. Apache is prone to five vulnerabilities ranging from buffer overflows to access validation vulnerabilities. The CVE Mitre candidate IDs CAN-2005-1344, CAN-2004-0942, CAN-2004-0885, CAN-2004-1083, and CAN-2004-1084 are assigned to these issues. Appkit is prone to three vulnerabilities. Two of these could result in arbitrary code execution, the third could permit the creation of local accounts. The CVE Mitre candidate IDs CAN-2005-2501, CAN-2005-2502, and CAN-2005-2503 are assigned to these issues. Bluetooth is prone to a vulnerability regarding authentication bypass. The CVE Mitre candidate ID CAN-2005-2504 is assigned to this issue. CoreFoundation is prone to two vulnerabilities, one resulting in a buffer overflow, the other a denial-of-service vulnerability. The CVE Mitre candidate IDs CAN-2005-2505 and CAN-2005-2506 are assigned to these issues. CUPS is prone to two vulnerabilities resulting in a denial of service until the service can be restarted. The CVE Mitre candidate IDs CAN-2005-2525 and CAN-2005-2526 are assigned to these issues. Directory Services is prone to three vulnerabilities. These issues vary from buffer overflow, unauthorized account creation and deletion, and privilege escalation. The CVE Mitre candidate IDs CAN-2005-2507, CAN-2005-2508 and CAN-2005-2519 are assigned to these issues. HItoolbox is prone to a vulnerability that could result in information disclosure. The CVE Mitre candidate ID CAN-2005-2513 is assigned to this issue. Kerberos is prone to five vulnerabilities that may result in a buffer overflow, execution of arbitrary code, and root compromise. The CVE Mitre candidate IDs CAN-2004-1189, CAN-2005-1174, CAN-2005-1175, CAN-2005-1689, and CAN-2005-2511 are assigned to these issues. loginwindow is prone to a vulnerability that could permit a user to gain access to other logged-in accounts. The CVE Mitre candidate ID CAN-2005-2509 is assigned to this issue. Mail is prone to a vulnerability regarding the loss of privacy when remote images are loaded into HTML email. The CVE Mitre candidate ID CAN-2005-2512 is assigned to this issue. MySQL is prone to three vulnerabilities that include arbitrary code execution by remote authenticated users. The CVE Mitre candidate IDs CAN-2005-0709, CAN-2005-0710, and CAN-2005-0711 are assigned to these issues. OpenSSL is prone to two vulnerabilities resulting in denial of service. The CVE Mitre candidate IDs CAN-2004-0079 and CAN-2004-0112 are assigned to these issues. ping is prone to a vulnerability that could allow local privilege escalation and arbitrary code execution. The CVE Mitre candidate ID CAN-2005-2514 is assigned to this issue. QuartzComposerScreenSaver is prone to a vulnerability that could allow users to open pages while the RSS Visualizer screen is locked. The CVE Mitre candidate ID CAN-2005-2515 is assigned to this issue. Safari is prone to two vulnerabilities that could result in arbitrary command execution or have information submitted to an incorrect site. The CVE Mitre candidate IDs CAN-2005-2516 and CAN-2005-2517 are assigned to these issues. SecurityInterface is prone to a vulnerability that could expose recently used passwords. The CVE Mitre candidate ID CAN-2005-2520 is assigned to this issue. servermgrd is prone to a buffer-overflow vulnerability that could ultimately lead to the execution of arbitrary code. The CVE Mitre candidate ID CAN-2005-2518 is assigned to this issue. servermgr_ipfilter is prone to a vulnerability regarding firewall settings not always being written to the Active Rules. The CVE Mitre candidate ID CAN-2005-2510 is assigned to this issue. SquirrelMail is prone to two vulnerabilities including a cross-site scripting issue. The CVE Mitre candidate IDs CAN-2005-1769 and CAN-2005-2095 are assigned to these issues. traceroute is prone to a vulnerability that could result in arbitrary code execution and privilege escalation. The CVE Mitre candidate ID CAN-2005-2521 is assigned to this issue. WebKit is affected by a vulnerability that could result in code execution regarding a malformed PDF file. The CVE Mitre candidate ID CAN-2005-2522 is assigned to this issue. Weblog Server is prone to multiple cross-site scripting vulnerabilities. The CVE Mitre candidate ID CAN-2005-2523 is assigned to this issue. X11 is prone to a vulnerability that could result in arbitrary code execution. The CVE Mitre candidate ID CAN-2005-0605 is assigned to this issue. zlib is prone to two denial-of-service vulnerabilities that may ultimately lead to arbitrary code execution. The CVE Mitre candidate IDs CAN-2005-2096 and CAN-2005-1849 are assigned to these issues. These vulnerabilities will be separated into individual BIDs upon further analysis of the issues

Unknown vulnerability in loginwindow in Mac OS X 10.4.2 and earlier, when Fast User Switching is enabled, allows attackers to log into other accounts if they know the passwords to at least two accounts. Multiple security vulnerabilities are reported to affect Apple Mac OS X; updates are available. Apache is prone to five vulnerabilities ranging from buffer overflows to access validation vulnerabilities. The CVE Mitre candidate IDs CAN-2005-1344, CAN-2004-0942, CAN-2004-0885, CAN-2004-1083, and CAN-2004-1084 are assigned to these issues. Appkit is prone to three vulnerabilities. Two of these could result in arbitrary code execution, the third could permit the creation of local accounts. The CVE Mitre candidate IDs CAN-2005-2501, CAN-2005-2502, and CAN-2005-2503 are assigned to these issues. Bluetooth is prone to a vulnerability regarding authentication bypass. The CVE Mitre candidate ID CAN-2005-2504 is assigned to this issue. CoreFoundation is prone to two vulnerabilities, one resulting in a buffer overflow, the other a denial-of-service vulnerability. The CVE Mitre candidate IDs CAN-2005-2505 and CAN-2005-2506 are assigned to these issues. CUPS is prone to two vulnerabilities resulting in a denial of service until the service can be restarted. The CVE Mitre candidate IDs CAN-2005-2525 and CAN-2005-2526 are assigned to these issues. Directory Services is prone to three vulnerabilities. These issues vary from buffer overflow, unauthorized account creation and deletion, and privilege escalation. The CVE Mitre candidate IDs CAN-2005-2507, CAN-2005-2508 and CAN-2005-2519 are assigned to these issues. HItoolbox is prone to a vulnerability that could result in information disclosure. The CVE Mitre candidate ID CAN-2005-2513 is assigned to this issue. Kerberos is prone to five vulnerabilities that may result in a buffer overflow, execution of arbitrary code, and root compromise. The CVE Mitre candidate IDs CAN-2004-1189, CAN-2005-1174, CAN-2005-1175, CAN-2005-1689, and CAN-2005-2511 are assigned to these issues. loginwindow is prone to a vulnerability that could permit a user to gain access to other logged-in accounts. The CVE Mitre candidate ID CAN-2005-2509 is assigned to this issue. Mail is prone to a vulnerability regarding the loss of privacy when remote images are loaded into HTML email. The CVE Mitre candidate ID CAN-2005-2512 is assigned to this issue. MySQL is prone to three vulnerabilities that include arbitrary code execution by remote authenticated users. The CVE Mitre candidate IDs CAN-2005-0709, CAN-2005-0710, and CAN-2005-0711 are assigned to these issues. OpenSSL is prone to two vulnerabilities resulting in denial of service. The CVE Mitre candidate IDs CAN-2004-0079 and CAN-2004-0112 are assigned to these issues. ping is prone to a vulnerability that could allow local privilege escalation and arbitrary code execution. The CVE Mitre candidate ID CAN-2005-2514 is assigned to this issue. QuartzComposerScreenSaver is prone to a vulnerability that could allow users to open pages while the RSS Visualizer screen is locked. The CVE Mitre candidate ID CAN-2005-2515 is assigned to this issue. Safari is prone to two vulnerabilities that could result in arbitrary command execution or have information submitted to an incorrect site. The CVE Mitre candidate IDs CAN-2005-2516 and CAN-2005-2517 are assigned to these issues. SecurityInterface is prone to a vulnerability that could expose recently used passwords. The CVE Mitre candidate ID CAN-2005-2520 is assigned to this issue. servermgrd is prone to a buffer-overflow vulnerability that could ultimately lead to the execution of arbitrary code. The CVE Mitre candidate ID CAN-2005-2518 is assigned to this issue. servermgr_ipfilter is prone to a vulnerability regarding firewall settings not always being written to the Active Rules. The CVE Mitre candidate ID CAN-2005-2510 is assigned to this issue. SquirrelMail is prone to two vulnerabilities including a cross-site scripting issue. The CVE Mitre candidate IDs CAN-2005-1769 and CAN-2005-2095 are assigned to these issues. traceroute is prone to a vulnerability that could result in arbitrary code execution and privilege escalation. The CVE Mitre candidate ID CAN-2005-2521 is assigned to this issue. WebKit is affected by a vulnerability that could result in code execution regarding a malformed PDF file. The CVE Mitre candidate ID CAN-2005-2522 is assigned to this issue. Weblog Server is prone to multiple cross-site scripting vulnerabilities. The CVE Mitre candidate ID CAN-2005-2523 is assigned to this issue. X11 is prone to a vulnerability that could result in arbitrary code execution. The CVE Mitre candidate ID CAN-2005-0605 is assigned to this issue. zlib is prone to two denial-of-service vulnerabilities that may ultimately lead to arbitrary code execution. The CVE Mitre candidate IDs CAN-2005-2096 and CAN-2005-1849 are assigned to these issues. These vulnerabilities will be separated into individual BIDs upon further analysis of the issues

Buffer overflow in CoreFoundation in Mac OS X 10.3.9 allows attackers to execute arbitrary code via command line arguments to an application that uses CoreFoundation. Multiple security vulnerabilities are reported to affect Apple Mac OS X; updates are available. Apache is prone to five vulnerabilities ranging from buffer overflows to access validation vulnerabilities. The CVE Mitre candidate IDs CAN-2005-1344, CAN-2004-0942, CAN-2004-0885, CAN-2004-1083, and CAN-2004-1084 are assigned to these issues. Appkit is prone to three vulnerabilities. Two of these could result in arbitrary code execution, the third could permit the creation of local accounts. The CVE Mitre candidate IDs CAN-2005-2501, CAN-2005-2502, and CAN-2005-2503 are assigned to these issues. Bluetooth is prone to a vulnerability regarding authentication bypass. The CVE Mitre candidate ID CAN-2005-2504 is assigned to this issue. CoreFoundation is prone to two vulnerabilities, one resulting in a buffer overflow, the other a denial-of-service vulnerability. The CVE Mitre candidate IDs CAN-2005-2505 and CAN-2005-2506 are assigned to these issues. CUPS is prone to two vulnerabilities resulting in a denial of service until the service can be restarted. The CVE Mitre candidate IDs CAN-2005-2525 and CAN-2005-2526 are assigned to these issues. Directory Services is prone to three vulnerabilities. These issues vary from buffer overflow, unauthorized account creation and deletion, and privilege escalation. The CVE Mitre candidate IDs CAN-2005-2507, CAN-2005-2508 and CAN-2005-2519 are assigned to these issues. HItoolbox is prone to a vulnerability that could result in information disclosure. The CVE Mitre candidate ID CAN-2005-2513 is assigned to this issue. Kerberos is prone to five vulnerabilities that may result in a buffer overflow, execution of arbitrary code, and root compromise. The CVE Mitre candidate IDs CAN-2004-1189, CAN-2005-1174, CAN-2005-1175, CAN-2005-1689, and CAN-2005-2511 are assigned to these issues. loginwindow is prone to a vulnerability that could permit a user to gain access to other logged-in accounts. The CVE Mitre candidate ID CAN-2005-2509 is assigned to this issue. Mail is prone to a vulnerability regarding the loss of privacy when remote images are loaded into HTML email. The CVE Mitre candidate ID CAN-2005-2512 is assigned to this issue. MySQL is prone to three vulnerabilities that include arbitrary code execution by remote authenticated users. The CVE Mitre candidate IDs CAN-2005-0709, CAN-2005-0710, and CAN-2005-0711 are assigned to these issues. OpenSSL is prone to two vulnerabilities resulting in denial of service. The CVE Mitre candidate IDs CAN-2004-0079 and CAN-2004-0112 are assigned to these issues. ping is prone to a vulnerability that could allow local privilege escalation and arbitrary code execution. The CVE Mitre candidate ID CAN-2005-2514 is assigned to this issue. QuartzComposerScreenSaver is prone to a vulnerability that could allow users to open pages while the RSS Visualizer screen is locked. The CVE Mitre candidate ID CAN-2005-2515 is assigned to this issue. Safari is prone to two vulnerabilities that could result in arbitrary command execution or have information submitted to an incorrect site. The CVE Mitre candidate IDs CAN-2005-2516 and CAN-2005-2517 are assigned to these issues. SecurityInterface is prone to a vulnerability that could expose recently used passwords. The CVE Mitre candidate ID CAN-2005-2520 is assigned to this issue. servermgrd is prone to a buffer-overflow vulnerability that could ultimately lead to the execution of arbitrary code. The CVE Mitre candidate ID CAN-2005-2518 is assigned to this issue. servermgr_ipfilter is prone to a vulnerability regarding firewall settings not always being written to the Active Rules. The CVE Mitre candidate ID CAN-2005-2510 is assigned to this issue. SquirrelMail is prone to two vulnerabilities including a cross-site scripting issue. The CVE Mitre candidate IDs CAN-2005-1769 and CAN-2005-2095 are assigned to these issues. traceroute is prone to a vulnerability that could result in arbitrary code execution and privilege escalation. The CVE Mitre candidate ID CAN-2005-2521 is assigned to this issue. WebKit is affected by a vulnerability that could result in code execution regarding a malformed PDF file. The CVE Mitre candidate ID CAN-2005-2522 is assigned to this issue. Weblog Server is prone to multiple cross-site scripting vulnerabilities. The CVE Mitre candidate ID CAN-2005-2523 is assigned to this issue. X11 is prone to a vulnerability that could result in arbitrary code execution. The CVE Mitre candidate ID CAN-2005-0605 is assigned to this issue. zlib is prone to two denial-of-service vulnerabilities that may ultimately lead to arbitrary code execution. The CVE Mitre candidate IDs CAN-2005-2096 and CAN-2005-1849 are assigned to these issues. These vulnerabilities will be separated into individual BIDs upon further analysis of the issues

The System Profiler in Mac OS X 10.4.2 labels a Bluetooth device with "Requires Authentication: No" even when the user has selected the "Require pairing for security" option, which could confuse users about which setting is valid. Multiple security vulnerabilities are reported to affect Apple Mac OS X; updates are available. Apache is prone to five vulnerabilities ranging from buffer overflows to access validation vulnerabilities. The CVE Mitre candidate IDs CAN-2005-1344, CAN-2004-0942, CAN-2004-0885, CAN-2004-1083, and CAN-2004-1084 are assigned to these issues. Appkit is prone to three vulnerabilities. Two of these could result in arbitrary code execution, the third could permit the creation of local accounts. The CVE Mitre candidate IDs CAN-2005-2501, CAN-2005-2502, and CAN-2005-2503 are assigned to these issues. Bluetooth is prone to a vulnerability regarding authentication bypass. The CVE Mitre candidate ID CAN-2005-2504 is assigned to this issue. CoreFoundation is prone to two vulnerabilities, one resulting in a buffer overflow, the other a denial-of-service vulnerability. The CVE Mitre candidate IDs CAN-2005-2505 and CAN-2005-2506 are assigned to these issues. CUPS is prone to two vulnerabilities resulting in a denial of service until the service can be restarted. The CVE Mitre candidate IDs CAN-2005-2525 and CAN-2005-2526 are assigned to these issues. Directory Services is prone to three vulnerabilities. These issues vary from buffer overflow, unauthorized account creation and deletion, and privilege escalation. The CVE Mitre candidate IDs CAN-2005-2507, CAN-2005-2508 and CAN-2005-2519 are assigned to these issues. HItoolbox is prone to a vulnerability that could result in information disclosure. The CVE Mitre candidate ID CAN-2005-2513 is assigned to this issue. Kerberos is prone to five vulnerabilities that may result in a buffer overflow, execution of arbitrary code, and root compromise. The CVE Mitre candidate IDs CAN-2004-1189, CAN-2005-1174, CAN-2005-1175, CAN-2005-1689, and CAN-2005-2511 are assigned to these issues. loginwindow is prone to a vulnerability that could permit a user to gain access to other logged-in accounts. The CVE Mitre candidate ID CAN-2005-2509 is assigned to this issue. Mail is prone to a vulnerability regarding the loss of privacy when remote images are loaded into HTML email. The CVE Mitre candidate ID CAN-2005-2512 is assigned to this issue. MySQL is prone to three vulnerabilities that include arbitrary code execution by remote authenticated users. The CVE Mitre candidate IDs CAN-2005-0709, CAN-2005-0710, and CAN-2005-0711 are assigned to these issues. OpenSSL is prone to two vulnerabilities resulting in denial of service. The CVE Mitre candidate IDs CAN-2004-0079 and CAN-2004-0112 are assigned to these issues. ping is prone to a vulnerability that could allow local privilege escalation and arbitrary code execution. The CVE Mitre candidate ID CAN-2005-2514 is assigned to this issue. QuartzComposerScreenSaver is prone to a vulnerability that could allow users to open pages while the RSS Visualizer screen is locked. The CVE Mitre candidate ID CAN-2005-2515 is assigned to this issue. Safari is prone to two vulnerabilities that could result in arbitrary command execution or have information submitted to an incorrect site. The CVE Mitre candidate IDs CAN-2005-2516 and CAN-2005-2517 are assigned to these issues. SecurityInterface is prone to a vulnerability that could expose recently used passwords. The CVE Mitre candidate ID CAN-2005-2520 is assigned to this issue. servermgrd is prone to a buffer-overflow vulnerability that could ultimately lead to the execution of arbitrary code. The CVE Mitre candidate ID CAN-2005-2518 is assigned to this issue. servermgr_ipfilter is prone to a vulnerability regarding firewall settings not always being written to the Active Rules. The CVE Mitre candidate ID CAN-2005-2510 is assigned to this issue. SquirrelMail is prone to two vulnerabilities including a cross-site scripting issue. The CVE Mitre candidate IDs CAN-2005-1769 and CAN-2005-2095 are assigned to these issues. traceroute is prone to a vulnerability that could result in arbitrary code execution and privilege escalation. The CVE Mitre candidate ID CAN-2005-2521 is assigned to this issue. WebKit is affected by a vulnerability that could result in code execution regarding a malformed PDF file. The CVE Mitre candidate ID CAN-2005-2522 is assigned to this issue. Weblog Server is prone to multiple cross-site scripting vulnerabilities. The CVE Mitre candidate ID CAN-2005-2523 is assigned to this issue. X11 is prone to a vulnerability that could result in arbitrary code execution. The CVE Mitre candidate ID CAN-2005-0605 is assigned to this issue. zlib is prone to two denial-of-service vulnerabilities that may ultimately lead to arbitrary code execution. The CVE Mitre candidate IDs CAN-2005-2096 and CAN-2005-1849 are assigned to these issues. These vulnerabilities will be separated into individual BIDs upon further analysis of the issues. OpenSSL is an open source general-purpose encryption library developed by the OpenSSL team that can implement the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols. It supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, security hashing algorithm, etc. A bug in OpenSSL's handling of the SSL/TLS handshake implementation could be exploited by a remote attacker to crash OpenSSL. Using the Codenomicon TLS testing tool, OpenSSL found a NULL pointer allocation in the do_change_cipher_spec() function. A remote attacker can construct a special SSL/TLS handshake and send it to a server using the OpenSSL library, which can cause OpenSSL to crash, and applications that rely on this library will cause a denial of service

AppKit for Mac OS X 10.3.9 and 10.4.2 allows attackers with physical access to create local accounts by forcing a particular error to occur at the login window. Multiple security vulnerabilities are reported to affect Apple Mac OS X; updates are available. Apache is prone to five vulnerabilities ranging from buffer overflows to access validation vulnerabilities. The CVE Mitre candidate IDs CAN-2005-1344, CAN-2004-0942, CAN-2004-0885, CAN-2004-1083, and CAN-2004-1084 are assigned to these issues. Appkit is prone to three vulnerabilities. Two of these could result in arbitrary code execution, the third could permit the creation of local accounts. The CVE Mitre candidate IDs CAN-2005-2501, CAN-2005-2502, and CAN-2005-2503 are assigned to these issues. Bluetooth is prone to a vulnerability regarding authentication bypass. The CVE Mitre candidate ID CAN-2005-2504 is assigned to this issue. CoreFoundation is prone to two vulnerabilities, one resulting in a buffer overflow, the other a denial-of-service vulnerability. The CVE Mitre candidate IDs CAN-2005-2505 and CAN-2005-2506 are assigned to these issues. CUPS is prone to two vulnerabilities resulting in a denial of service until the service can be restarted. The CVE Mitre candidate IDs CAN-2005-2525 and CAN-2005-2526 are assigned to these issues. Directory Services is prone to three vulnerabilities. These issues vary from buffer overflow, unauthorized account creation and deletion, and privilege escalation. The CVE Mitre candidate IDs CAN-2005-2507, CAN-2005-2508 and CAN-2005-2519 are assigned to these issues. HItoolbox is prone to a vulnerability that could result in information disclosure. The CVE Mitre candidate ID CAN-2005-2513 is assigned to this issue. Kerberos is prone to five vulnerabilities that may result in a buffer overflow, execution of arbitrary code, and root compromise. The CVE Mitre candidate IDs CAN-2004-1189, CAN-2005-1174, CAN-2005-1175, CAN-2005-1689, and CAN-2005-2511 are assigned to these issues. loginwindow is prone to a vulnerability that could permit a user to gain access to other logged-in accounts. The CVE Mitre candidate ID CAN-2005-2509 is assigned to this issue. Mail is prone to a vulnerability regarding the loss of privacy when remote images are loaded into HTML email. The CVE Mitre candidate ID CAN-2005-2512 is assigned to this issue. MySQL is prone to three vulnerabilities that include arbitrary code execution by remote authenticated users. The CVE Mitre candidate IDs CAN-2005-0709, CAN-2005-0710, and CAN-2005-0711 are assigned to these issues. OpenSSL is prone to two vulnerabilities resulting in denial of service. The CVE Mitre candidate IDs CAN-2004-0079 and CAN-2004-0112 are assigned to these issues. ping is prone to a vulnerability that could allow local privilege escalation and arbitrary code execution. The CVE Mitre candidate ID CAN-2005-2514 is assigned to this issue. QuartzComposerScreenSaver is prone to a vulnerability that could allow users to open pages while the RSS Visualizer screen is locked. The CVE Mitre candidate ID CAN-2005-2515 is assigned to this issue. Safari is prone to two vulnerabilities that could result in arbitrary command execution or have information submitted to an incorrect site. The CVE Mitre candidate IDs CAN-2005-2516 and CAN-2005-2517 are assigned to these issues. SecurityInterface is prone to a vulnerability that could expose recently used passwords. The CVE Mitre candidate ID CAN-2005-2520 is assigned to this issue. servermgrd is prone to a buffer-overflow vulnerability that could ultimately lead to the execution of arbitrary code. The CVE Mitre candidate ID CAN-2005-2518 is assigned to this issue. servermgr_ipfilter is prone to a vulnerability regarding firewall settings not always being written to the Active Rules. The CVE Mitre candidate ID CAN-2005-2510 is assigned to this issue. SquirrelMail is prone to two vulnerabilities including a cross-site scripting issue. The CVE Mitre candidate IDs CAN-2005-1769 and CAN-2005-2095 are assigned to these issues. traceroute is prone to a vulnerability that could result in arbitrary code execution and privilege escalation. The CVE Mitre candidate ID CAN-2005-2521 is assigned to this issue. WebKit is affected by a vulnerability that could result in code execution regarding a malformed PDF file. The CVE Mitre candidate ID CAN-2005-2522 is assigned to this issue. Weblog Server is prone to multiple cross-site scripting vulnerabilities. The CVE Mitre candidate ID CAN-2005-2523 is assigned to this issue. X11 is prone to a vulnerability that could result in arbitrary code execution. The CVE Mitre candidate ID CAN-2005-0605 is assigned to this issue. zlib is prone to two denial-of-service vulnerabilities that may ultimately lead to arbitrary code execution. The CVE Mitre candidate IDs CAN-2005-2096 and CAN-2005-1849 are assigned to these issues. These vulnerabilities will be separated into individual BIDs upon further analysis of the issues

dsidentity in Directory Services in Mac OS X 10.4.2 allows local users to add or remove user accounts. Multiple security vulnerabilities are reported to affect Apple Mac OS X; updates are available. Apache is prone to five vulnerabilities ranging from buffer overflows to access validation vulnerabilities. The CVE Mitre candidate IDs CAN-2005-1344, CAN-2004-0942, CAN-2004-0885, CAN-2004-1083, and CAN-2004-1084 are assigned to these issues. Appkit is prone to three vulnerabilities. Two of these could result in arbitrary code execution, the third could permit the creation of local accounts. The CVE Mitre candidate IDs CAN-2005-2501, CAN-2005-2502, and CAN-2005-2503 are assigned to these issues. Bluetooth is prone to a vulnerability regarding authentication bypass. The CVE Mitre candidate ID CAN-2005-2504 is assigned to this issue. CoreFoundation is prone to two vulnerabilities, one resulting in a buffer overflow, the other a denial-of-service vulnerability. The CVE Mitre candidate IDs CAN-2005-2505 and CAN-2005-2506 are assigned to these issues. CUPS is prone to two vulnerabilities resulting in a denial of service until the service can be restarted. The CVE Mitre candidate IDs CAN-2005-2525 and CAN-2005-2526 are assigned to these issues. Directory Services is prone to three vulnerabilities. These issues vary from buffer overflow, unauthorized account creation and deletion, and privilege escalation. The CVE Mitre candidate IDs CAN-2005-2507, CAN-2005-2508 and CAN-2005-2519 are assigned to these issues. HItoolbox is prone to a vulnerability that could result in information disclosure. The CVE Mitre candidate ID CAN-2005-2513 is assigned to this issue. Kerberos is prone to five vulnerabilities that may result in a buffer overflow, execution of arbitrary code, and root compromise. The CVE Mitre candidate IDs CAN-2004-1189, CAN-2005-1174, CAN-2005-1175, CAN-2005-1689, and CAN-2005-2511 are assigned to these issues. loginwindow is prone to a vulnerability that could permit a user to gain access to other logged-in accounts. The CVE Mitre candidate ID CAN-2005-2509 is assigned to this issue. Mail is prone to a vulnerability regarding the loss of privacy when remote images are loaded into HTML email. The CVE Mitre candidate ID CAN-2005-2512 is assigned to this issue. MySQL is prone to three vulnerabilities that include arbitrary code execution by remote authenticated users. The CVE Mitre candidate IDs CAN-2005-0709, CAN-2005-0710, and CAN-2005-0711 are assigned to these issues. OpenSSL is prone to two vulnerabilities resulting in denial of service. The CVE Mitre candidate IDs CAN-2004-0079 and CAN-2004-0112 are assigned to these issues. ping is prone to a vulnerability that could allow local privilege escalation and arbitrary code execution. The CVE Mitre candidate ID CAN-2005-2514 is assigned to this issue. QuartzComposerScreenSaver is prone to a vulnerability that could allow users to open pages while the RSS Visualizer screen is locked. The CVE Mitre candidate ID CAN-2005-2515 is assigned to this issue. Safari is prone to two vulnerabilities that could result in arbitrary command execution or have information submitted to an incorrect site. The CVE Mitre candidate IDs CAN-2005-2516 and CAN-2005-2517 are assigned to these issues. SecurityInterface is prone to a vulnerability that could expose recently used passwords. The CVE Mitre candidate ID CAN-2005-2520 is assigned to this issue. servermgrd is prone to a buffer-overflow vulnerability that could ultimately lead to the execution of arbitrary code. The CVE Mitre candidate ID CAN-2005-2518 is assigned to this issue. servermgr_ipfilter is prone to a vulnerability regarding firewall settings not always being written to the Active Rules. The CVE Mitre candidate ID CAN-2005-2510 is assigned to this issue. SquirrelMail is prone to two vulnerabilities including a cross-site scripting issue. The CVE Mitre candidate IDs CAN-2005-1769 and CAN-2005-2095 are assigned to these issues. traceroute is prone to a vulnerability that could result in arbitrary code execution and privilege escalation. The CVE Mitre candidate ID CAN-2005-2521 is assigned to this issue. WebKit is affected by a vulnerability that could result in code execution regarding a malformed PDF file. The CVE Mitre candidate ID CAN-2005-2522 is assigned to this issue. Weblog Server is prone to multiple cross-site scripting vulnerabilities. The CVE Mitre candidate ID CAN-2005-2523 is assigned to this issue. X11 is prone to a vulnerability that could result in arbitrary code execution. The CVE Mitre candidate ID CAN-2005-0605 is assigned to this issue. zlib is prone to two denial-of-service vulnerabilities that may ultimately lead to arbitrary code execution. The CVE Mitre candidate IDs CAN-2005-2096 and CAN-2005-1849 are assigned to these issues. These vulnerabilities will be separated into individual BIDs upon further analysis of the issues. It is now being assigned its own BID. OpenSSL is an open source general-purpose encryption library developed by the OpenSSL team that can implement the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols. It supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, security hashing algorithm, etc. A bug in OpenSSL's handling of the SSL/TLS handshake implementation could be exploited by a remote attacker to crash OpenSSL. Using the Codenomicon TLS testing tool, OpenSSL found a NULL pointer allocation in the do_change_cipher_spec() function. A remote attacker can construct a special SSL/TLS handshake and send it to a server using the OpenSSL library, which can cause OpenSSL to crash, and applications that rely on this library will cause a denial of service. DMA[2005-0818a] - 'Apple OSX dsidentity privilege abuse' Author: Kevin Finisterre Vendor: http://www.apple.com/bluetooth/ Product: 'Mac OSX 10.4' References: http://www.digitalmunition.com/DMA[2005-0818a].txt http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2508 http://www.suresec.org/advisories/adv5.pdf Description: After roughly one hour of beating on the freshly released OSX 10.4 I found that /usr/sbin/dsidentity allows any user on the system to add accounts to Directory Services. Passwords can easily be set at the time of account creation, and the newly created account can be used to login to the OSX gui. Due to the lack of shell the account is limited in nature, however once you have logged into the gui accessing a shell is trivial. To add an account simply use the following command line and then you can now login as RickJames with the password isapimp. CrunkJuice:~ kevinfinisterre$ /usr/sbin/dsidentity -a RickJames -s isapimp -v After logging in as RickJames open Safari and type file:///bin in the address bar. Double click on bash. Ignore the warning about not being authorized, and then click cancel when asked to close the application. Voila Now you have a working bash shell as RickJames. CrunkJuice:~ kevinfinisterre$ /usr/sbin/dsidentity -r CharlieMurphy -v If you rally want to piss off someone's Directory Services try the following. CrunkJuice:~ kevinfinisterre$ /usr/sbin/dsidentity -a `perl -e 'print "A" x 29000'` (lather, rinse, repeat) Work Around: Install 2005-007 update or just rm -rf /usr/sbin/dsidentity http://www.apple.com/support/downloads/ Sidenote: Neil Archibald of Suresec LTD also reported this issue to apple at the same time I did. http://www.suresec.org/advisories/adv5.pdf outlines extra detail about this issue with regard to the use of getenv() calls. Timeline associated with this bug: 05/25/2005 reported to apple. 05/26/2005 followup to auto ticketing system #9116351 08/03/2005 AppleSeeds! 08/17/2005 Security Update 2005-007 v1.1

Buffer overflow in AppKit for Mac OS X 10.3.9 and 10.4.2, as used in applications such as TextEdit, allows external user-assisted attackers to execute arbitrary code via a crafted Microsoft Word file. This vulnerability may lead to remote execution of arbitrary code. Apple Safari fails to perform security checks on hyperlinks in rich text content, which may allow an attacker to execute arbitrary commands on a vulnerable system. Apple Mac OS X WebKit and Safari security controls may be bypassed, possibly allowing remote command execution. Apple From Security Update 2005-007 Has been released. Mac OS X, Mac OS X Server, Safari web browser Vulnerability has been confirmed in such as.The potential impact depends on each vulnerability. For more information Apple See the information provided by. These vulnerabilities could allow a remote third party to execute arbitrary code or commands, bypass access restrictions, DoS You can be attacked. Apache is prone to five vulnerabilities ranging from buffer overflows to access validation vulnerabilities. The CVE Mitre candidate IDs CAN-2005-1344, CAN-2004-0942, CAN-2004-0885, CAN-2004-1083, and CAN-2004-1084 are assigned to these issues. Appkit is prone to three vulnerabilities. The CVE Mitre candidate IDs CAN-2005-2501, CAN-2005-2502, and CAN-2005-2503 are assigned to these issues. Bluetooth is prone to a vulnerability regarding authentication bypass. The CVE Mitre candidate ID CAN-2005-2504 is assigned to this issue. CoreFoundation is prone to two vulnerabilities, one resulting in a buffer overflow, the other a denial-of-service vulnerability. The CVE Mitre candidate IDs CAN-2005-2505 and CAN-2005-2506 are assigned to these issues. CUPS is prone to two vulnerabilities resulting in a denial of service until the service can be restarted. The CVE Mitre candidate IDs CAN-2005-2525 and CAN-2005-2526 are assigned to these issues. Directory Services is prone to three vulnerabilities. These issues vary from buffer overflow, unauthorized account creation and deletion, and privilege escalation. The CVE Mitre candidate IDs CAN-2005-2507, CAN-2005-2508 and CAN-2005-2519 are assigned to these issues. HItoolbox is prone to a vulnerability that could result in information disclosure. The CVE Mitre candidate ID CAN-2005-2513 is assigned to this issue. The CVE Mitre candidate IDs CAN-2004-1189, CAN-2005-1174, CAN-2005-1175, CAN-2005-1689, and CAN-2005-2511 are assigned to these issues. loginwindow is prone to a vulnerability that could permit a user to gain access to other logged-in accounts. The CVE Mitre candidate ID CAN-2005-2509 is assigned to this issue. Mail is prone to a vulnerability regarding the loss of privacy when remote images are loaded into HTML email. The CVE Mitre candidate ID CAN-2005-2512 is assigned to this issue. The CVE Mitre candidate IDs CAN-2005-0709, CAN-2005-0710, and CAN-2005-0711 are assigned to these issues. OpenSSL is prone to two vulnerabilities resulting in denial of service. The CVE Mitre candidate IDs CAN-2004-0079 and CAN-2004-0112 are assigned to these issues. The CVE Mitre candidate ID CAN-2005-2514 is assigned to this issue. QuartzComposerScreenSaver is prone to a vulnerability that could allow users to open pages while the RSS Visualizer screen is locked. The CVE Mitre candidate ID CAN-2005-2515 is assigned to this issue. Safari is prone to two vulnerabilities that could result in arbitrary command execution or have information submitted to an incorrect site. The CVE Mitre candidate IDs CAN-2005-2516 and CAN-2005-2517 are assigned to these issues. SecurityInterface is prone to a vulnerability that could expose recently used passwords. The CVE Mitre candidate ID CAN-2005-2520 is assigned to this issue. The CVE Mitre candidate ID CAN-2005-2518 is assigned to this issue. servermgr_ipfilter is prone to a vulnerability regarding firewall settings not always being written to the Active Rules. The CVE Mitre candidate ID CAN-2005-2510 is assigned to this issue. SquirrelMail is prone to two vulnerabilities including a cross-site scripting issue. The CVE Mitre candidate IDs CAN-2005-1769 and CAN-2005-2095 are assigned to these issues. The CVE Mitre candidate ID CAN-2005-2521 is assigned to this issue. The CVE Mitre candidate ID CAN-2005-2522 is assigned to this issue. Weblog Server is prone to multiple cross-site scripting vulnerabilities. The CVE Mitre candidate ID CAN-2005-2523 is assigned to this issue. The CVE Mitre candidate ID CAN-2005-0605 is assigned to this issue. The CVE Mitre candidate IDs CAN-2005-2096 and CAN-2005-1849 are assigned to these issues. These vulnerabilities will be separated into individual BIDs upon further analysis of the issues. ---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secunia_vacancies/ ---------------------------------------------------------------------- TITLE: Mac OS X Security Update Fixes Multiple Vulnerabilities SECUNIA ADVISORY ID: SA16449 VERIFY ADVISORY: http://secunia.com/advisories/16449/ CRITICAL: Highly critical IMPACT: Security Bypass, Cross Site Scripting, Manipulation of data, Exposure of sensitive information, Privilege escalation, DoS, System access WHERE: >From remote OPERATING SYSTEM: Apple Macintosh OS X http://secunia.com/product/96/ DESCRIPTION: Apple has issued a security update for Mac OS X, which fixes more than 40 vulnerabilities. 1) A boundary error in htdigest can be exploited to cause a buffer overflow by passing an overly long realm argument. NOTE: htdigest is by default only locally accessible and not setuid / setgid. For more information: SA12787 SA13045 3) A security issue in Apache 2 results in access to ".DS_Store" files and files starting with ".ht" not being fully blocked. The problem is that the Apache configuration blocks access in a case sensitive way, but the Apple HFS+ filesystem performs file access in a case insensitive way. 4) A security issue in Apache 2 makes it possible to bypass the normal Apache file handlers and retrieve file data and resource fork content via HTTP. The problem is that the Apple HFS+ filesystem permits files to have multiple data streams. NOTE: This issue may also affect other products installed on the HFS+ filesystem. TextEdit. 7) An error in the AppKit component allows malicious, local users with physical access to create additional local accounts. 8) A bug in the System Profiler causes it to display misleading information about whether or not a Bluetooth device requires authentication. 10) An error in the CoreFoundation framework when parsing Gregorian date information can cause applications to stall. 11) Errors in the CUPS printing service can cause it to stop printing when handling multiple, simultaneous print jobs. 13) Various errors in the privileged tool dsidentity can be exploited by unprivileged users to add or remove identity user accounts in Directory Services. 14) The slpd program in Directory Services creates temporary files insecurely. This can be exploited via symlink attacks to overwrite arbitrary files with root privileges. 15) An error in Hltoolbox may allow VoiceOver services to read contents from secure input fields. 16) An error in Kerberos can potentially be exploited by malicious users to compromise a vulnerable system. For more information: SA13592 17) Multiple boundary errors in Kerberos can be exploited by malicious people to cause a DoS or potentially compromise a vulnerable system. For more information: SA16041 18) An error in Kerberos when Kerberos authentication is enabled in addition to LDAP can be exploited to gain access to the root Terminal window. 21) Various errors in MySQL can potentially be exploited by malicious users to compromise a vulnerable system and by malicious, local users to perform certain actions on a vulnerable system with escalated privileges. For more information: SA14547 22) Three vulnerabilities in OpenSSL can be exploited by malicious people to cause a DoS (Denial-of-Service). For more information: SA11139 23) An unspecified boundary error in the ping utility can be exploited to cause a buffer overflow and potentially gain escalated privileges. 26) A security issue in Safari when submitting forms on a XSL formatted page may cause the information to be submitted to the next visited web page. 27) A security issue in the SecurityInterface component may cause recently used passwords to be visible in the password assistant. 34) A vulnerability in X11 can potentially be exploited by malicious people to compromise a vulnerable system. 8) John M. Glenn 9) David Remahl 10) David Remahl 13) KF and Neil Archibald. 18) Jim Foraker 20) Brad Miller and John Pell 23) Neil Archibald, Suresec LTD. 24) Jay Craft, GrooVault Entertainment. 26) Bill Kuker 27) Andrew Langmead 29) Matt Richard and Chris Pepper 31) Neil Archibald, Suresec LTD. 33) Donnie Werner and Atsushi MATSUO. ORIGINAL ADVISORY: Apple: http://docs.info.apple.com/article.html?artnum=302163 OTHER REFERENCES: SA11139: http://secunia.com/advisories/11139/ SA12787: http://secunia.com/advisories/12787/ SA13045: http://secunia.com/advisories/13045/ SA13592: http://secunia.com/advisories/13592/ SA14460: http://secunia.com/advisories/14460/ SA14547: http://secunia.com/advisories/14547/ SA15721: http://secunia.com/advisories/15721/ SA15949: http://secunia.com/advisories/15949/ SA16041: http://secunia.com/advisories/16041/ SA16058: http://secunia.com/advisories/16058/ SA16137: http://secunia.com/advisories/16137/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . I. II. Impact The impacts of these vulnerabilities vary. III. Appendix A. References * US-CERT Vulnerability Note VU#913820 - <http://www.kb.cert.org/vuls/id/913820> * US-CERT Vulnerability Note VU#461412 - <http://www.kb.cert.org/vuls/id/461412> * US-CERT Vulnerability Note VU#435188 - <http://www.kb.cert.org/vuls/id/435188> * US-CERT Vulnerability Note VU#172948 - <http://www.kb.cert.org/vuls/id/172948> * US-CERT Vulnerability Note VU#420316 - <http://www.kb.cert.org/vuls/id/420316> * US-CERT Vulnerability Note VU#709220 - <http://www.kb.cert.org/vuls/id/709220> * Apple Security Update 2005-007 - <http://docs.info.apple.com/article.html?artnum=302163> * Mac OS X: Updating your software - <http://docs.info.apple.com/article.html?artnum=106704> ____________________________________________________________________ The most recent version of this document can be found at: <http://www.us-cert.gov/cas/techalerts/TA05-229A.html> ____________________________________________________________________ Feedback can be directed to US-CERT. Please send email to <cert@cert.org> with "TA05-229A Feedback VU#913820" in the subject. ____________________________________________________________________ Mailing list information: <http://www.us-cert.gov/cas/> ____________________________________________________________________ Produced 2005 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History August 17, 2005: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBQwOKkRhoSezw4YfQAQLxywgAkWTcoA3KoWAiY5YYPGejCVbWw/yFzAqy 4Fb0z9WXfwhwB3/L/IxLvJGhPdVF/b6buP/KZgIxalwsRu6GPjJp5Aj+Cbtf/8KI 2ca0bRxS3vZJS52ZOEVpS2Z2M8JdcBA2CgfvIw6GEklXD9MTjXXwYUhB6tYK4Ar0 +UAk6xxaaMRvKztOYbRZhy5/5Kz2Xd9a5UwO/hbojQmilv4elW3iZhGWP+nLEpSI D680yttkY++UzmYGYHO0Wm+SAK4fzXKxs/4PMfWvNgP8lKJsHXjjr7KLFtmgCiWU oxhOB8RdqVNTKE2kYEq1kiopusBtwK/x35VNr3uCjg23CxYuv8HAjw== =yJpi -----END PGP SIGNATURE-----

Buffer overflow in Directory Services in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to execute arbitrary code during authentication. This vulnerability may lead to remote execution of arbitrary code. Apple Safari fails to perform security checks on hyperlinks in rich text content, which may allow an attacker to execute arbitrary commands on a vulnerable system. Apache is prone to five vulnerabilities ranging from buffer overflows to access validation vulnerabilities. The CVE Mitre candidate IDs CAN-2005-1344, CAN-2004-0942, CAN-2004-0885, CAN-2004-1083, and CAN-2004-1084 are assigned to these issues. Appkit is prone to three vulnerabilities. The CVE Mitre candidate IDs CAN-2005-2501, CAN-2005-2502, and CAN-2005-2503 are assigned to these issues. Bluetooth is prone to a vulnerability regarding authentication bypass. The CVE Mitre candidate ID CAN-2005-2504 is assigned to this issue. CoreFoundation is prone to two vulnerabilities, one resulting in a buffer overflow, the other a denial-of-service vulnerability. The CVE Mitre candidate IDs CAN-2005-2505 and CAN-2005-2506 are assigned to these issues. CUPS is prone to two vulnerabilities resulting in a denial of service until the service can be restarted. The CVE Mitre candidate IDs CAN-2005-2525 and CAN-2005-2526 are assigned to these issues. Directory Services is prone to three vulnerabilities. These issues vary from buffer overflow, unauthorized account creation and deletion, and privilege escalation. The CVE Mitre candidate IDs CAN-2005-2507, CAN-2005-2508 and CAN-2005-2519 are assigned to these issues. HItoolbox is prone to a vulnerability that could result in information disclosure. The CVE Mitre candidate ID CAN-2005-2513 is assigned to this issue. The CVE Mitre candidate IDs CAN-2004-1189, CAN-2005-1174, CAN-2005-1175, CAN-2005-1689, and CAN-2005-2511 are assigned to these issues. loginwindow is prone to a vulnerability that could permit a user to gain access to other logged-in accounts. The CVE Mitre candidate ID CAN-2005-2509 is assigned to this issue. Mail is prone to a vulnerability regarding the loss of privacy when remote images are loaded into HTML email. The CVE Mitre candidate ID CAN-2005-2512 is assigned to this issue. The CVE Mitre candidate IDs CAN-2005-0709, CAN-2005-0710, and CAN-2005-0711 are assigned to these issues. OpenSSL is prone to two vulnerabilities resulting in denial of service. The CVE Mitre candidate IDs CAN-2004-0079 and CAN-2004-0112 are assigned to these issues. The CVE Mitre candidate ID CAN-2005-2514 is assigned to this issue. QuartzComposerScreenSaver is prone to a vulnerability that could allow users to open pages while the RSS Visualizer screen is locked. The CVE Mitre candidate ID CAN-2005-2515 is assigned to this issue. Safari is prone to two vulnerabilities that could result in arbitrary command execution or have information submitted to an incorrect site. The CVE Mitre candidate IDs CAN-2005-2516 and CAN-2005-2517 are assigned to these issues. SecurityInterface is prone to a vulnerability that could expose recently used passwords. The CVE Mitre candidate ID CAN-2005-2520 is assigned to this issue. The CVE Mitre candidate ID CAN-2005-2518 is assigned to this issue. servermgr_ipfilter is prone to a vulnerability regarding firewall settings not always being written to the Active Rules. The CVE Mitre candidate ID CAN-2005-2510 is assigned to this issue. SquirrelMail is prone to two vulnerabilities including a cross-site scripting issue. The CVE Mitre candidate IDs CAN-2005-1769 and CAN-2005-2095 are assigned to these issues. The CVE Mitre candidate ID CAN-2005-2521 is assigned to this issue. The CVE Mitre candidate ID CAN-2005-2522 is assigned to this issue. Weblog Server is prone to multiple cross-site scripting vulnerabilities. The CVE Mitre candidate ID CAN-2005-2523 is assigned to this issue. The CVE Mitre candidate ID CAN-2005-0605 is assigned to this issue. The CVE Mitre candidate IDs CAN-2005-2096 and CAN-2005-1849 are assigned to these issues. These vulnerabilities will be separated into individual BIDs upon further analysis of the issues. ---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secunia_vacancies/ ---------------------------------------------------------------------- TITLE: Mac OS X Security Update Fixes Multiple Vulnerabilities SECUNIA ADVISORY ID: SA16449 VERIFY ADVISORY: http://secunia.com/advisories/16449/ CRITICAL: Highly critical IMPACT: Security Bypass, Cross Site Scripting, Manipulation of data, Exposure of sensitive information, Privilege escalation, DoS, System access WHERE: >From remote OPERATING SYSTEM: Apple Macintosh OS X http://secunia.com/product/96/ DESCRIPTION: Apple has issued a security update for Mac OS X, which fixes more than 40 vulnerabilities. 1) A boundary error in htdigest can be exploited to cause a buffer overflow by passing an overly long realm argument. NOTE: htdigest is by default only locally accessible and not setuid / setgid. 2) Two vulnerabilities in Apache 2 can be exploited by malicious people to bypass certain security restrictions or cause a DoS (Denial of Service). For more information: SA12787 SA13045 3) A security issue in Apache 2 results in access to ".DS_Store" files and files starting with ".ht" not being fully blocked. The problem is that the Apache configuration blocks access in a case sensitive way, but the Apple HFS+ filesystem performs file access in a case insensitive way. 4) A security issue in Apache 2 makes it possible to bypass the normal Apache file handlers and retrieve file data and resource fork content via HTTP. The problem is that the Apple HFS+ filesystem permits files to have multiple data streams. NOTE: This issue may also affect other products installed on the HFS+ filesystem. 6) A boundary error in the AppKit component can be exploited to cause a buffer overflow and execute arbitrary code on a user's system when a specially crafted Microsoft Word .doc file is opened in e.g. TextEdit. 7) An error in the AppKit component allows malicious, local users with physical access to create additional local accounts. 8) A bug in the System Profiler causes it to display misleading information about whether or not a Bluetooth device requires authentication. 10) An error in the CoreFoundation framework when parsing Gregorian date information can cause applications to stall. 11) Errors in the CUPS printing service can cause it to stop printing when handling multiple, simultaneous print jobs. 13) Various errors in the privileged tool dsidentity can be exploited by unprivileged users to add or remove identity user accounts in Directory Services. 14) The slpd program in Directory Services creates temporary files insecurely. This can be exploited via symlink attacks to overwrite arbitrary files with root privileges. 15) An error in Hltoolbox may allow VoiceOver services to read contents from secure input fields. 16) An error in Kerberos can potentially be exploited by malicious users to compromise a vulnerable system. For more information: SA13592 17) Multiple boundary errors in Kerberos can be exploited by malicious people to cause a DoS or potentially compromise a vulnerable system. For more information: SA16041 18) An error in Kerberos when Kerberos authentication is enabled in addition to LDAP can be exploited to gain access to the root Terminal window. 21) Various errors in MySQL can potentially be exploited by malicious users to compromise a vulnerable system and by malicious, local users to perform certain actions on a vulnerable system with escalated privileges. For more information: SA14547 22) Three vulnerabilities in OpenSSL can be exploited by malicious people to cause a DoS (Denial-of-Service). For more information: SA11139 23) An unspecified boundary error in the ping utility can be exploited to cause a buffer overflow and potentially gain escalated privileges. 26) A security issue in Safari when submitting forms on a XSL formatted page may cause the information to be submitted to the next visited web page. 27) A security issue in the SecurityInterface component may cause recently used passwords to be visible in the password assistant. 34) A vulnerability in X11 can potentially be exploited by malicious people to compromise a vulnerable system. For more information: SA14460 35) Errors in zlib can be exploited by malicious people to conduct a DoS against a vulnerable application or potentially to execute arbitrary code. For more information: SA15949 SA16137 SOLUTION: Apply Security Update 2005-007. Mac OS X 10.3.9 Client: http://www.apple.com/support/downloads/securityupdate2005007macosx1039client.html Mac OS X 10.3.9 Server: http://www.apple.com/support/downloads/securityupdate2005007macosx1039server.html Mac OS X 10.4.2 Client: http://www.apple.com/support/downloads/securityupdate2005007macosx1042client.html Mac OS X 10.4.2 Server: http://www.apple.com/support/downloads/securityupdate2005007macosx1042server.html PROVIDED AND/OR DISCOVERED BY: 1) JxT, SNOsoft. 8) John M. Glenn 9) David Remahl 10) David Remahl 13) KF and Neil Archibald. 18) Jim Foraker 20) Brad Miller and John Pell 23) Neil Archibald, Suresec LTD. 24) Jay Craft, GrooVault Entertainment. 26) Bill Kuker 27) Andrew Langmead 29) Matt Richard and Chris Pepper 31) Neil Archibald, Suresec LTD. 33) Donnie Werner and Atsushi MATSUO. ORIGINAL ADVISORY: Apple: http://docs.info.apple.com/article.html?artnum=302163 OTHER REFERENCES: SA11139: http://secunia.com/advisories/11139/ SA12787: http://secunia.com/advisories/12787/ SA13045: http://secunia.com/advisories/13045/ SA13592: http://secunia.com/advisories/13592/ SA14460: http://secunia.com/advisories/14460/ SA14547: http://secunia.com/advisories/14547/ SA15721: http://secunia.com/advisories/15721/ SA15949: http://secunia.com/advisories/15949/ SA16041: http://secunia.com/advisories/16041/ SA16058: http://secunia.com/advisories/16058/ SA16137: http://secunia.com/advisories/16137/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . I. II. Impact The impacts of these vulnerabilities vary. III. In addition, this update is available via Apple Update. Appendix A. References * US-CERT Vulnerability Note VU#913820 - <http://www.kb.cert.org/vuls/id/913820> * US-CERT Vulnerability Note VU#461412 - <http://www.kb.cert.org/vuls/id/461412> * US-CERT Vulnerability Note VU#435188 - <http://www.kb.cert.org/vuls/id/435188> * US-CERT Vulnerability Note VU#172948 - <http://www.kb.cert.org/vuls/id/172948> * US-CERT Vulnerability Note VU#420316 - <http://www.kb.cert.org/vuls/id/420316> * US-CERT Vulnerability Note VU#709220 - <http://www.kb.cert.org/vuls/id/709220> * Apple Security Update 2005-007 - <http://docs.info.apple.com/article.html?artnum=302163> * Mac OS X: Updating your software - <http://docs.info.apple.com/article.html?artnum=106704> ____________________________________________________________________ The most recent version of this document can be found at: <http://www.us-cert.gov/cas/techalerts/TA05-229A.html> ____________________________________________________________________ Feedback can be directed to US-CERT. Please send email to <cert@cert.org> with "TA05-229A Feedback VU#913820" in the subject. ____________________________________________________________________ Mailing list information: <http://www.us-cert.gov/cas/> ____________________________________________________________________ Produced 2005 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History August 17, 2005: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBQwOKkRhoSezw4YfQAQLxywgAkWTcoA3KoWAiY5YYPGejCVbWw/yFzAqy 4Fb0z9WXfwhwB3/L/IxLvJGhPdVF/b6buP/KZgIxalwsRu6GPjJp5Aj+Cbtf/8KI 2ca0bRxS3vZJS52ZOEVpS2Z2M8JdcBA2CgfvIw6GEklXD9MTjXXwYUhB6tYK4Ar0 +UAk6xxaaMRvKztOYbRZhy5/5Kz2Xd9a5UwO/hbojQmilv4elW3iZhGWP+nLEpSI D680yttkY++UzmYGYHO0Wm+SAK4fzXKxs/4PMfWvNgP8lKJsHXjjr7KLFtmgCiWU oxhOB8RdqVNTKE2kYEq1kiopusBtwK/x35VNr3uCjg23CxYuv8HAjw== =yJpi -----END PGP SIGNATURE-----

Buffer overflow in servermgrd in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to execute arbitrary code during authentication. This vulnerability may lead to remote execution of arbitrary code. Apple Safari fails to perform security checks on hyperlinks in rich text content, which may allow an attacker to execute arbitrary commands on a vulnerable system. Apple From Security Update 2005-007 Has been released. Mac OS X, Mac OS X Server, Safari web browser Vulnerability has been confirmed in such as.The potential impact depends on each vulnerability. For more information Apple See the information provided by. Apache is prone to five vulnerabilities ranging from buffer overflows to access validation vulnerabilities. The CVE Mitre candidate IDs CAN-2005-1344, CAN-2004-0942, CAN-2004-0885, CAN-2004-1083, and CAN-2004-1084 are assigned to these issues. Appkit is prone to three vulnerabilities. The CVE Mitre candidate IDs CAN-2005-2501, CAN-2005-2502, and CAN-2005-2503 are assigned to these issues. Bluetooth is prone to a vulnerability regarding authentication bypass. The CVE Mitre candidate ID CAN-2005-2504 is assigned to this issue. CoreFoundation is prone to two vulnerabilities, one resulting in a buffer overflow, the other a denial-of-service vulnerability. The CVE Mitre candidate IDs CAN-2005-2505 and CAN-2005-2506 are assigned to these issues. CUPS is prone to two vulnerabilities resulting in a denial of service until the service can be restarted. The CVE Mitre candidate IDs CAN-2005-2525 and CAN-2005-2526 are assigned to these issues. Directory Services is prone to three vulnerabilities. These issues vary from buffer overflow, unauthorized account creation and deletion, and privilege escalation. The CVE Mitre candidate IDs CAN-2005-2507, CAN-2005-2508 and CAN-2005-2519 are assigned to these issues. HItoolbox is prone to a vulnerability that could result in information disclosure. The CVE Mitre candidate ID CAN-2005-2513 is assigned to this issue. The CVE Mitre candidate IDs CAN-2004-1189, CAN-2005-1174, CAN-2005-1175, CAN-2005-1689, and CAN-2005-2511 are assigned to these issues. loginwindow is prone to a vulnerability that could permit a user to gain access to other logged-in accounts. The CVE Mitre candidate ID CAN-2005-2509 is assigned to this issue. Mail is prone to a vulnerability regarding the loss of privacy when remote images are loaded into HTML email. The CVE Mitre candidate ID CAN-2005-2512 is assigned to this issue. The CVE Mitre candidate IDs CAN-2005-0709, CAN-2005-0710, and CAN-2005-0711 are assigned to these issues. OpenSSL is prone to two vulnerabilities resulting in denial of service. The CVE Mitre candidate IDs CAN-2004-0079 and CAN-2004-0112 are assigned to these issues. The CVE Mitre candidate ID CAN-2005-2514 is assigned to this issue. QuartzComposerScreenSaver is prone to a vulnerability that could allow users to open pages while the RSS Visualizer screen is locked. The CVE Mitre candidate ID CAN-2005-2515 is assigned to this issue. Safari is prone to two vulnerabilities that could result in arbitrary command execution or have information submitted to an incorrect site. The CVE Mitre candidate IDs CAN-2005-2516 and CAN-2005-2517 are assigned to these issues. SecurityInterface is prone to a vulnerability that could expose recently used passwords. The CVE Mitre candidate ID CAN-2005-2520 is assigned to this issue. The CVE Mitre candidate ID CAN-2005-2518 is assigned to this issue. servermgr_ipfilter is prone to a vulnerability regarding firewall settings not always being written to the Active Rules. The CVE Mitre candidate ID CAN-2005-2510 is assigned to this issue. SquirrelMail is prone to two vulnerabilities including a cross-site scripting issue. The CVE Mitre candidate IDs CAN-2005-1769 and CAN-2005-2095 are assigned to these issues. The CVE Mitre candidate ID CAN-2005-2521 is assigned to this issue. The CVE Mitre candidate ID CAN-2005-2522 is assigned to this issue. Weblog Server is prone to multiple cross-site scripting vulnerabilities. The CVE Mitre candidate ID CAN-2005-2523 is assigned to this issue. The CVE Mitre candidate ID CAN-2005-0605 is assigned to this issue. The CVE Mitre candidate IDs CAN-2005-2096 and CAN-2005-1849 are assigned to these issues. These vulnerabilities will be separated into individual BIDs upon further analysis of the issues. ---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secunia_vacancies/ ---------------------------------------------------------------------- TITLE: Mac OS X Security Update Fixes Multiple Vulnerabilities SECUNIA ADVISORY ID: SA16449 VERIFY ADVISORY: http://secunia.com/advisories/16449/ CRITICAL: Highly critical IMPACT: Security Bypass, Cross Site Scripting, Manipulation of data, Exposure of sensitive information, Privilege escalation, DoS, System access WHERE: >From remote OPERATING SYSTEM: Apple Macintosh OS X http://secunia.com/product/96/ DESCRIPTION: Apple has issued a security update for Mac OS X, which fixes more than 40 vulnerabilities. 1) A boundary error in htdigest can be exploited to cause a buffer overflow by passing an overly long realm argument. NOTE: htdigest is by default only locally accessible and not setuid / setgid. For more information: SA12787 SA13045 3) A security issue in Apache 2 results in access to ".DS_Store" files and files starting with ".ht" not being fully blocked. The problem is that the Apache configuration blocks access in a case sensitive way, but the Apple HFS+ filesystem performs file access in a case insensitive way. 4) A security issue in Apache 2 makes it possible to bypass the normal Apache file handlers and retrieve file data and resource fork content via HTTP. The problem is that the Apple HFS+ filesystem permits files to have multiple data streams. NOTE: This issue may also affect other products installed on the HFS+ filesystem. 6) A boundary error in the AppKit component can be exploited to cause a buffer overflow and execute arbitrary code on a user's system when a specially crafted Microsoft Word .doc file is opened in e.g. TextEdit. 7) An error in the AppKit component allows malicious, local users with physical access to create additional local accounts. 8) A bug in the System Profiler causes it to display misleading information about whether or not a Bluetooth device requires authentication. 10) An error in the CoreFoundation framework when parsing Gregorian date information can cause applications to stall. 11) Errors in the CUPS printing service can cause it to stop printing when handling multiple, simultaneous print jobs. 13) Various errors in the privileged tool dsidentity can be exploited by unprivileged users to add or remove identity user accounts in Directory Services. 14) The slpd program in Directory Services creates temporary files insecurely. This can be exploited via symlink attacks to overwrite arbitrary files with root privileges. 15) An error in Hltoolbox may allow VoiceOver services to read contents from secure input fields. 16) An error in Kerberos can potentially be exploited by malicious users to compromise a vulnerable system. For more information: SA13592 17) Multiple boundary errors in Kerberos can be exploited by malicious people to cause a DoS or potentially compromise a vulnerable system. For more information: SA16041 18) An error in Kerberos when Kerberos authentication is enabled in addition to LDAP can be exploited to gain access to the root Terminal window. 21) Various errors in MySQL can potentially be exploited by malicious users to compromise a vulnerable system and by malicious, local users to perform certain actions on a vulnerable system with escalated privileges. For more information: SA14547 22) Three vulnerabilities in OpenSSL can be exploited by malicious people to cause a DoS (Denial-of-Service). For more information: SA11139 23) An unspecified boundary error in the ping utility can be exploited to cause a buffer overflow and potentially gain escalated privileges. 26) A security issue in Safari when submitting forms on a XSL formatted page may cause the information to be submitted to the next visited web page. 27) A security issue in the SecurityInterface component may cause recently used passwords to be visible in the password assistant. 34) A vulnerability in X11 can potentially be exploited by malicious people to compromise a vulnerable system. 8) John M. Glenn 9) David Remahl 10) David Remahl 13) KF and Neil Archibald. 18) Jim Foraker 20) Brad Miller and John Pell 23) Neil Archibald, Suresec LTD. 24) Jay Craft, GrooVault Entertainment. 26) Bill Kuker 27) Andrew Langmead 29) Matt Richard and Chris Pepper 31) Neil Archibald, Suresec LTD. 33) Donnie Werner and Atsushi MATSUO. ORIGINAL ADVISORY: Apple: http://docs.info.apple.com/article.html?artnum=302163 OTHER REFERENCES: SA11139: http://secunia.com/advisories/11139/ SA12787: http://secunia.com/advisories/12787/ SA13045: http://secunia.com/advisories/13045/ SA13592: http://secunia.com/advisories/13592/ SA14460: http://secunia.com/advisories/14460/ SA14547: http://secunia.com/advisories/14547/ SA15721: http://secunia.com/advisories/15721/ SA15949: http://secunia.com/advisories/15949/ SA16041: http://secunia.com/advisories/16041/ SA16058: http://secunia.com/advisories/16058/ SA16137: http://secunia.com/advisories/16137/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . I. II. Impact The impacts of these vulnerabilities vary. III. Appendix A. References * US-CERT Vulnerability Note VU#913820 - <http://www.kb.cert.org/vuls/id/913820> * US-CERT Vulnerability Note VU#461412 - <http://www.kb.cert.org/vuls/id/461412> * US-CERT Vulnerability Note VU#435188 - <http://www.kb.cert.org/vuls/id/435188> * US-CERT Vulnerability Note VU#172948 - <http://www.kb.cert.org/vuls/id/172948> * US-CERT Vulnerability Note VU#420316 - <http://www.kb.cert.org/vuls/id/420316> * US-CERT Vulnerability Note VU#709220 - <http://www.kb.cert.org/vuls/id/709220> * Apple Security Update 2005-007 - <http://docs.info.apple.com/article.html?artnum=302163> * Mac OS X: Updating your software - <http://docs.info.apple.com/article.html?artnum=106704> ____________________________________________________________________ The most recent version of this document can be found at: <http://www.us-cert.gov/cas/techalerts/TA05-229A.html> ____________________________________________________________________ Feedback can be directed to US-CERT. Please send email to <cert@cert.org> with "TA05-229A Feedback VU#913820" in the subject. ____________________________________________________________________ Mailing list information: <http://www.us-cert.gov/cas/> ____________________________________________________________________ Produced 2005 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History August 17, 2005: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBQwOKkRhoSezw4YfQAQLxywgAkWTcoA3KoWAiY5YYPGejCVbWw/yFzAqy 4Fb0z9WXfwhwB3/L/IxLvJGhPdVF/b6buP/KZgIxalwsRu6GPjJp5Aj+Cbtf/8KI 2ca0bRxS3vZJS52ZOEVpS2Z2M8JdcBA2CgfvIw6GEklXD9MTjXXwYUhB6tYK4Ar0 +UAk6xxaaMRvKztOYbRZhy5/5Kz2Xd9a5UwO/hbojQmilv4elW3iZhGWP+nLEpSI D680yttkY++UzmYGYHO0Wm+SAK4fzXKxs/4PMfWvNgP8lKJsHXjjr7KLFtmgCiWU oxhOB8RdqVNTKE2kYEq1kiopusBtwK/x35VNr3uCjg23CxYuv8HAjw== =yJpi -----END PGP SIGNATURE-----

Safari in Mac OS X 10.3.9 and 10.4.2, when rendering Rich Text Format (RTF) files, can directly access URLs without performing the normal security checks, which allows remote attackers to execute arbitrary commands. This vulnerability may lead to remote execution of arbitrary code. Apple From Security Update 2005-007 Has been released. Mac OS X, Mac OS X Server, Safari web browser Vulnerability has been confirmed in such as.The potential impact depends on each vulnerability. For more information Apple See the information provided by. These vulnerabilities could allow a remote third party to execute arbitrary code or commands, bypass access restrictions, DoS You can be attacked. Apache is prone to five vulnerabilities ranging from buffer overflows to access validation vulnerabilities. The CVE Mitre candidate IDs CAN-2005-1344, CAN-2004-0942, CAN-2004-0885, CAN-2004-1083, and CAN-2004-1084 are assigned to these issues. Appkit is prone to three vulnerabilities. The CVE Mitre candidate IDs CAN-2005-2501, CAN-2005-2502, and CAN-2005-2503 are assigned to these issues. Bluetooth is prone to a vulnerability regarding authentication bypass. The CVE Mitre candidate ID CAN-2005-2504 is assigned to this issue. CoreFoundation is prone to two vulnerabilities, one resulting in a buffer overflow, the other a denial-of-service vulnerability. The CVE Mitre candidate IDs CAN-2005-2505 and CAN-2005-2506 are assigned to these issues. CUPS is prone to two vulnerabilities resulting in a denial of service until the service can be restarted. The CVE Mitre candidate IDs CAN-2005-2525 and CAN-2005-2526 are assigned to these issues. Directory Services is prone to three vulnerabilities. These issues vary from buffer overflow, unauthorized account creation and deletion, and privilege escalation. The CVE Mitre candidate IDs CAN-2005-2507, CAN-2005-2508 and CAN-2005-2519 are assigned to these issues. HItoolbox is prone to a vulnerability that could result in information disclosure. The CVE Mitre candidate ID CAN-2005-2513 is assigned to this issue. The CVE Mitre candidate IDs CAN-2004-1189, CAN-2005-1174, CAN-2005-1175, CAN-2005-1689, and CAN-2005-2511 are assigned to these issues. loginwindow is prone to a vulnerability that could permit a user to gain access to other logged-in accounts. The CVE Mitre candidate ID CAN-2005-2509 is assigned to this issue. Mail is prone to a vulnerability regarding the loss of privacy when remote images are loaded into HTML email. The CVE Mitre candidate ID CAN-2005-2512 is assigned to this issue. The CVE Mitre candidate IDs CAN-2005-0709, CAN-2005-0710, and CAN-2005-0711 are assigned to these issues. OpenSSL is prone to two vulnerabilities resulting in denial of service. The CVE Mitre candidate IDs CAN-2004-0079 and CAN-2004-0112 are assigned to these issues. The CVE Mitre candidate ID CAN-2005-2514 is assigned to this issue. QuartzComposerScreenSaver is prone to a vulnerability that could allow users to open pages while the RSS Visualizer screen is locked. The CVE Mitre candidate ID CAN-2005-2515 is assigned to this issue. Safari is prone to two vulnerabilities that could result in arbitrary command execution or have information submitted to an incorrect site. The CVE Mitre candidate IDs CAN-2005-2516 and CAN-2005-2517 are assigned to these issues. SecurityInterface is prone to a vulnerability that could expose recently used passwords. The CVE Mitre candidate ID CAN-2005-2520 is assigned to this issue. The CVE Mitre candidate ID CAN-2005-2518 is assigned to this issue. servermgr_ipfilter is prone to a vulnerability regarding firewall settings not always being written to the Active Rules. The CVE Mitre candidate ID CAN-2005-2510 is assigned to this issue. SquirrelMail is prone to two vulnerabilities including a cross-site scripting issue. The CVE Mitre candidate IDs CAN-2005-1769 and CAN-2005-2095 are assigned to these issues. The CVE Mitre candidate ID CAN-2005-2521 is assigned to this issue. The CVE Mitre candidate ID CAN-2005-2522 is assigned to this issue. Weblog Server is prone to multiple cross-site scripting vulnerabilities. The CVE Mitre candidate ID CAN-2005-2523 is assigned to this issue. The CVE Mitre candidate ID CAN-2005-0605 is assigned to this issue. The CVE Mitre candidate IDs CAN-2005-2096 and CAN-2005-1849 are assigned to these issues. These vulnerabilities will be separated into individual BIDs upon further analysis of the issues. ---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secunia_vacancies/ ---------------------------------------------------------------------- TITLE: Mac OS X Security Update Fixes Multiple Vulnerabilities SECUNIA ADVISORY ID: SA16449 VERIFY ADVISORY: http://secunia.com/advisories/16449/ CRITICAL: Highly critical IMPACT: Security Bypass, Cross Site Scripting, Manipulation of data, Exposure of sensitive information, Privilege escalation, DoS, System access WHERE: >From remote OPERATING SYSTEM: Apple Macintosh OS X http://secunia.com/product/96/ DESCRIPTION: Apple has issued a security update for Mac OS X, which fixes more than 40 vulnerabilities. 1) A boundary error in htdigest can be exploited to cause a buffer overflow by passing an overly long realm argument. NOTE: htdigest is by default only locally accessible and not setuid / setgid. For more information: SA12787 SA13045 3) A security issue in Apache 2 results in access to ".DS_Store" files and files starting with ".ht" not being fully blocked. The problem is that the Apache configuration blocks access in a case sensitive way, but the Apple HFS+ filesystem performs file access in a case insensitive way. 4) A security issue in Apache 2 makes it possible to bypass the normal Apache file handlers and retrieve file data and resource fork content via HTTP. The problem is that the Apple HFS+ filesystem permits files to have multiple data streams. NOTE: This issue may also affect other products installed on the HFS+ filesystem. 6) A boundary error in the AppKit component can be exploited to cause a buffer overflow and execute arbitrary code on a user's system when a specially crafted Microsoft Word .doc file is opened in e.g. TextEdit. 7) An error in the AppKit component allows malicious, local users with physical access to create additional local accounts. 8) A bug in the System Profiler causes it to display misleading information about whether or not a Bluetooth device requires authentication. 10) An error in the CoreFoundation framework when parsing Gregorian date information can cause applications to stall. 11) Errors in the CUPS printing service can cause it to stop printing when handling multiple, simultaneous print jobs. 13) Various errors in the privileged tool dsidentity can be exploited by unprivileged users to add or remove identity user accounts in Directory Services. 14) The slpd program in Directory Services creates temporary files insecurely. This can be exploited via symlink attacks to overwrite arbitrary files with root privileges. 15) An error in Hltoolbox may allow VoiceOver services to read contents from secure input fields. 16) An error in Kerberos can potentially be exploited by malicious users to compromise a vulnerable system. For more information: SA13592 17) Multiple boundary errors in Kerberos can be exploited by malicious people to cause a DoS or potentially compromise a vulnerable system. For more information: SA16041 18) An error in Kerberos when Kerberos authentication is enabled in addition to LDAP can be exploited to gain access to the root Terminal window. 21) Various errors in MySQL can potentially be exploited by malicious users to compromise a vulnerable system and by malicious, local users to perform certain actions on a vulnerable system with escalated privileges. For more information: SA14547 22) Three vulnerabilities in OpenSSL can be exploited by malicious people to cause a DoS (Denial-of-Service). For more information: SA11139 23) An unspecified boundary error in the ping utility can be exploited to cause a buffer overflow and potentially gain escalated privileges. 26) A security issue in Safari when submitting forms on a XSL formatted page may cause the information to be submitted to the next visited web page. 27) A security issue in the SecurityInterface component may cause recently used passwords to be visible in the password assistant. 34) A vulnerability in X11 can potentially be exploited by malicious people to compromise a vulnerable system. 8) John M. Glenn 9) David Remahl 10) David Remahl 13) KF and Neil Archibald. 18) Jim Foraker 20) Brad Miller and John Pell 23) Neil Archibald, Suresec LTD. 24) Jay Craft, GrooVault Entertainment. 26) Bill Kuker 27) Andrew Langmead 29) Matt Richard and Chris Pepper 31) Neil Archibald, Suresec LTD. 33) Donnie Werner and Atsushi MATSUO. ORIGINAL ADVISORY: Apple: http://docs.info.apple.com/article.html?artnum=302163 OTHER REFERENCES: SA11139: http://secunia.com/advisories/11139/ SA12787: http://secunia.com/advisories/12787/ SA13045: http://secunia.com/advisories/13045/ SA13592: http://secunia.com/advisories/13592/ SA14460: http://secunia.com/advisories/14460/ SA14547: http://secunia.com/advisories/14547/ SA15721: http://secunia.com/advisories/15721/ SA15949: http://secunia.com/advisories/15949/ SA16041: http://secunia.com/advisories/16041/ SA16058: http://secunia.com/advisories/16058/ SA16137: http://secunia.com/advisories/16137/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . I. II. Impact The impacts of these vulnerabilities vary. III. Appendix A. References * US-CERT Vulnerability Note VU#913820 - <http://www.kb.cert.org/vuls/id/913820> * US-CERT Vulnerability Note VU#461412 - <http://www.kb.cert.org/vuls/id/461412> * US-CERT Vulnerability Note VU#435188 - <http://www.kb.cert.org/vuls/id/435188> * US-CERT Vulnerability Note VU#172948 - <http://www.kb.cert.org/vuls/id/172948> * US-CERT Vulnerability Note VU#420316 - <http://www.kb.cert.org/vuls/id/420316> * US-CERT Vulnerability Note VU#709220 - <http://www.kb.cert.org/vuls/id/709220> * Apple Security Update 2005-007 - <http://docs.info.apple.com/article.html?artnum=302163> * Mac OS X: Updating your software - <http://docs.info.apple.com/article.html?artnum=106704> ____________________________________________________________________ The most recent version of this document can be found at: <http://www.us-cert.gov/cas/techalerts/TA05-229A.html> ____________________________________________________________________ Feedback can be directed to US-CERT. Please send email to <cert@cert.org> with "TA05-229A Feedback VU#913820" in the subject. ____________________________________________________________________ Mailing list information: <http://www.us-cert.gov/cas/> ____________________________________________________________________ Produced 2005 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History August 17, 2005: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBQwOKkRhoSezw4YfQAQLxywgAkWTcoA3KoWAiY5YYPGejCVbWw/yFzAqy 4Fb0z9WXfwhwB3/L/IxLvJGhPdVF/b6buP/KZgIxalwsRu6GPjJp5Aj+Cbtf/8KI 2ca0bRxS3vZJS52ZOEVpS2Z2M8JdcBA2CgfvIw6GEklXD9MTjXXwYUhB6tYK4Ar0 +UAk6xxaaMRvKztOYbRZhy5/5Kz2Xd9a5UwO/hbojQmilv4elW3iZhGWP+nLEpSI D680yttkY++UzmYGYHO0Wm+SAK4fzXKxs/4PMfWvNgP8lKJsHXjjr7KLFtmgCiWU oxhOB8RdqVNTKE2kYEq1kiopusBtwK/x35VNr3uCjg23CxYuv8HAjw== =yJpi -----END PGP SIGNATURE-----

Safari in WebKit in Mac OS X 10.4 to 10.4.2 directly accesses URLs within PDF files without the normal security checks, which allows remote attackers to execute arbitrary code via links in a PDF file. This vulnerability may lead to remote execution of arbitrary code. Apple Safari fails to perform security checks on hyperlinks in rich text content, which may allow an attacker to execute arbitrary commands on a vulnerable system. Apple From Security Update 2005-007 Has been released. Mac OS X, Mac OS X Server, Safari web browser Vulnerability has been confirmed in such as.The potential impact depends on each vulnerability. For more information Apple See the information provided by. These vulnerabilities could allow a remote third party to execute arbitrary code or commands, bypass access restrictions, DoS You can be attacked. Apache is prone to five vulnerabilities ranging from buffer overflows to access validation vulnerabilities. The CVE Mitre candidate IDs CAN-2005-1344, CAN-2004-0942, CAN-2004-0885, CAN-2004-1083, and CAN-2004-1084 are assigned to these issues. Appkit is prone to three vulnerabilities. The CVE Mitre candidate IDs CAN-2005-2501, CAN-2005-2502, and CAN-2005-2503 are assigned to these issues. Bluetooth is prone to a vulnerability regarding authentication bypass. The CVE Mitre candidate ID CAN-2005-2504 is assigned to this issue. CoreFoundation is prone to two vulnerabilities, one resulting in a buffer overflow, the other a denial-of-service vulnerability. The CVE Mitre candidate IDs CAN-2005-2505 and CAN-2005-2506 are assigned to these issues. CUPS is prone to two vulnerabilities resulting in a denial of service until the service can be restarted. The CVE Mitre candidate IDs CAN-2005-2525 and CAN-2005-2526 are assigned to these issues. Directory Services is prone to three vulnerabilities. These issues vary from buffer overflow, unauthorized account creation and deletion, and privilege escalation. The CVE Mitre candidate IDs CAN-2005-2507, CAN-2005-2508 and CAN-2005-2519 are assigned to these issues. HItoolbox is prone to a vulnerability that could result in information disclosure. The CVE Mitre candidate ID CAN-2005-2513 is assigned to this issue. The CVE Mitre candidate IDs CAN-2004-1189, CAN-2005-1174, CAN-2005-1175, CAN-2005-1689, and CAN-2005-2511 are assigned to these issues. loginwindow is prone to a vulnerability that could permit a user to gain access to other logged-in accounts. The CVE Mitre candidate ID CAN-2005-2509 is assigned to this issue. Mail is prone to a vulnerability regarding the loss of privacy when remote images are loaded into HTML email. The CVE Mitre candidate ID CAN-2005-2512 is assigned to this issue. The CVE Mitre candidate IDs CAN-2005-0709, CAN-2005-0710, and CAN-2005-0711 are assigned to these issues. OpenSSL is prone to two vulnerabilities resulting in denial of service. The CVE Mitre candidate IDs CAN-2004-0079 and CAN-2004-0112 are assigned to these issues. The CVE Mitre candidate ID CAN-2005-2514 is assigned to this issue. QuartzComposerScreenSaver is prone to a vulnerability that could allow users to open pages while the RSS Visualizer screen is locked. The CVE Mitre candidate ID CAN-2005-2515 is assigned to this issue. Safari is prone to two vulnerabilities that could result in arbitrary command execution or have information submitted to an incorrect site. The CVE Mitre candidate IDs CAN-2005-2516 and CAN-2005-2517 are assigned to these issues. SecurityInterface is prone to a vulnerability that could expose recently used passwords. The CVE Mitre candidate ID CAN-2005-2520 is assigned to this issue. The CVE Mitre candidate ID CAN-2005-2518 is assigned to this issue. servermgr_ipfilter is prone to a vulnerability regarding firewall settings not always being written to the Active Rules. The CVE Mitre candidate ID CAN-2005-2510 is assigned to this issue. SquirrelMail is prone to two vulnerabilities including a cross-site scripting issue. The CVE Mitre candidate IDs CAN-2005-1769 and CAN-2005-2095 are assigned to these issues. The CVE Mitre candidate ID CAN-2005-2521 is assigned to this issue. The CVE Mitre candidate ID CAN-2005-2522 is assigned to this issue. Weblog Server is prone to multiple cross-site scripting vulnerabilities. The CVE Mitre candidate ID CAN-2005-2523 is assigned to this issue. The CVE Mitre candidate ID CAN-2005-0605 is assigned to this issue. The CVE Mitre candidate IDs CAN-2005-2096 and CAN-2005-1849 are assigned to these issues. These vulnerabilities will be separated into individual BIDs upon further analysis of the issues. ---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secunia_vacancies/ ---------------------------------------------------------------------- TITLE: Mac OS X Security Update Fixes Multiple Vulnerabilities SECUNIA ADVISORY ID: SA16449 VERIFY ADVISORY: http://secunia.com/advisories/16449/ CRITICAL: Highly critical IMPACT: Security Bypass, Cross Site Scripting, Manipulation of data, Exposure of sensitive information, Privilege escalation, DoS, System access WHERE: >From remote OPERATING SYSTEM: Apple Macintosh OS X http://secunia.com/product/96/ DESCRIPTION: Apple has issued a security update for Mac OS X, which fixes more than 40 vulnerabilities. 1) A boundary error in htdigest can be exploited to cause a buffer overflow by passing an overly long realm argument. NOTE: htdigest is by default only locally accessible and not setuid / setgid. For more information: SA12787 SA13045 3) A security issue in Apache 2 results in access to ".DS_Store" files and files starting with ".ht" not being fully blocked. The problem is that the Apache configuration blocks access in a case sensitive way, but the Apple HFS+ filesystem performs file access in a case insensitive way. 4) A security issue in Apache 2 makes it possible to bypass the normal Apache file handlers and retrieve file data and resource fork content via HTTP. The problem is that the Apple HFS+ filesystem permits files to have multiple data streams. NOTE: This issue may also affect other products installed on the HFS+ filesystem. 6) A boundary error in the AppKit component can be exploited to cause a buffer overflow and execute arbitrary code on a user's system when a specially crafted Microsoft Word .doc file is opened in e.g. TextEdit. 7) An error in the AppKit component allows malicious, local users with physical access to create additional local accounts. 8) A bug in the System Profiler causes it to display misleading information about whether or not a Bluetooth device requires authentication. 10) An error in the CoreFoundation framework when parsing Gregorian date information can cause applications to stall. 11) Errors in the CUPS printing service can cause it to stop printing when handling multiple, simultaneous print jobs. 13) Various errors in the privileged tool dsidentity can be exploited by unprivileged users to add or remove identity user accounts in Directory Services. 14) The slpd program in Directory Services creates temporary files insecurely. This can be exploited via symlink attacks to overwrite arbitrary files with root privileges. 15) An error in Hltoolbox may allow VoiceOver services to read contents from secure input fields. 16) An error in Kerberos can potentially be exploited by malicious users to compromise a vulnerable system. For more information: SA13592 17) Multiple boundary errors in Kerberos can be exploited by malicious people to cause a DoS or potentially compromise a vulnerable system. For more information: SA16041 18) An error in Kerberos when Kerberos authentication is enabled in addition to LDAP can be exploited to gain access to the root Terminal window. 21) Various errors in MySQL can potentially be exploited by malicious users to compromise a vulnerable system and by malicious, local users to perform certain actions on a vulnerable system with escalated privileges. For more information: SA14547 22) Three vulnerabilities in OpenSSL can be exploited by malicious people to cause a DoS (Denial-of-Service). For more information: SA11139 23) An unspecified boundary error in the ping utility can be exploited to cause a buffer overflow and potentially gain escalated privileges. 26) A security issue in Safari when submitting forms on a XSL formatted page may cause the information to be submitted to the next visited web page. 27) A security issue in the SecurityInterface component may cause recently used passwords to be visible in the password assistant. 34) A vulnerability in X11 can potentially be exploited by malicious people to compromise a vulnerable system. 8) John M. Glenn 9) David Remahl 10) David Remahl 13) KF and Neil Archibald. 18) Jim Foraker 20) Brad Miller and John Pell 23) Neil Archibald, Suresec LTD. 24) Jay Craft, GrooVault Entertainment. 26) Bill Kuker 27) Andrew Langmead 29) Matt Richard and Chris Pepper 31) Neil Archibald, Suresec LTD. 33) Donnie Werner and Atsushi MATSUO. ORIGINAL ADVISORY: Apple: http://docs.info.apple.com/article.html?artnum=302163 OTHER REFERENCES: SA11139: http://secunia.com/advisories/11139/ SA12787: http://secunia.com/advisories/12787/ SA13045: http://secunia.com/advisories/13045/ SA13592: http://secunia.com/advisories/13592/ SA14460: http://secunia.com/advisories/14460/ SA14547: http://secunia.com/advisories/14547/ SA15721: http://secunia.com/advisories/15721/ SA15949: http://secunia.com/advisories/15949/ SA16041: http://secunia.com/advisories/16041/ SA16058: http://secunia.com/advisories/16058/ SA16137: http://secunia.com/advisories/16137/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . I. II. Impact The impacts of these vulnerabilities vary. III. Appendix A. References * US-CERT Vulnerability Note VU#913820 - <http://www.kb.cert.org/vuls/id/913820> * US-CERT Vulnerability Note VU#461412 - <http://www.kb.cert.org/vuls/id/461412> * US-CERT Vulnerability Note VU#435188 - <http://www.kb.cert.org/vuls/id/435188> * US-CERT Vulnerability Note VU#172948 - <http://www.kb.cert.org/vuls/id/172948> * US-CERT Vulnerability Note VU#420316 - <http://www.kb.cert.org/vuls/id/420316> * US-CERT Vulnerability Note VU#709220 - <http://www.kb.cert.org/vuls/id/709220> * Apple Security Update 2005-007 - <http://docs.info.apple.com/article.html?artnum=302163> * Mac OS X: Updating your software - <http://docs.info.apple.com/article.html?artnum=106704> ____________________________________________________________________ The most recent version of this document can be found at: <http://www.us-cert.gov/cas/techalerts/TA05-229A.html> ____________________________________________________________________ Feedback can be directed to US-CERT. Please send email to <cert@cert.org> with "TA05-229A Feedback VU#913820" in the subject. ____________________________________________________________________ Mailing list information: <http://www.us-cert.gov/cas/> ____________________________________________________________________ Produced 2005 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History August 17, 2005: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBQwOKkRhoSezw4YfQAQLxywgAkWTcoA3KoWAiY5YYPGejCVbWw/yFzAqy 4Fb0z9WXfwhwB3/L/IxLvJGhPdVF/b6buP/KZgIxalwsRu6GPjJp5Aj+Cbtf/8KI 2ca0bRxS3vZJS52ZOEVpS2Z2M8JdcBA2CgfvIw6GEklXD9MTjXXwYUhB6tYK4Ar0 +UAk6xxaaMRvKztOYbRZhy5/5Kz2Xd9a5UwO/hbojQmilv4elW3iZhGWP+nLEpSI D680yttkY++UzmYGYHO0Wm+SAK4fzXKxs/4PMfWvNgP8lKJsHXjjr7KLFtmgCiWU oxhOB8RdqVNTKE2kYEq1kiopusBtwK/x35VNr3uCjg23CxYuv8HAjw== =yJpi -----END PGP SIGNATURE-----

Buffer overflow in AppKit for Mac OS X 10.3.9 and 10.4.2 allows external user-assisted attackers to execute arbitrary code via a crafted Rich Text Format (RTF) file. This vulnerability may lead to remote execution of arbitrary code. Apple Safari fails to perform security checks on hyperlinks in rich text content, which may allow an attacker to execute arbitrary commands on a vulnerable system. Apple Mac OS X WebKit and Safari security controls may be bypassed, possibly allowing remote command execution. Apple From Security Update 2005-007 Has been released. Mac OS X, Mac OS X Server, Safari web browser Vulnerability has been confirmed in such as.The potential impact depends on each vulnerability. For more information Apple See the information provided by. These vulnerabilities could allow a remote third party to execute arbitrary code or commands, bypass access restrictions, DoS You can be attacked. Apache is prone to five vulnerabilities ranging from buffer overflows to access validation vulnerabilities. The CVE Mitre candidate IDs CAN-2005-1344, CAN-2004-0942, CAN-2004-0885, CAN-2004-1083, and CAN-2004-1084 are assigned to these issues. Appkit is prone to three vulnerabilities. The CVE Mitre candidate IDs CAN-2005-2501, CAN-2005-2502, and CAN-2005-2503 are assigned to these issues. Bluetooth is prone to a vulnerability regarding authentication bypass. The CVE Mitre candidate ID CAN-2005-2504 is assigned to this issue. CoreFoundation is prone to two vulnerabilities, one resulting in a buffer overflow, the other a denial-of-service vulnerability. The CVE Mitre candidate IDs CAN-2005-2505 and CAN-2005-2506 are assigned to these issues. CUPS is prone to two vulnerabilities resulting in a denial of service until the service can be restarted. The CVE Mitre candidate IDs CAN-2005-2525 and CAN-2005-2526 are assigned to these issues. Directory Services is prone to three vulnerabilities. These issues vary from buffer overflow, unauthorized account creation and deletion, and privilege escalation. The CVE Mitre candidate IDs CAN-2005-2507, CAN-2005-2508 and CAN-2005-2519 are assigned to these issues. HItoolbox is prone to a vulnerability that could result in information disclosure. The CVE Mitre candidate ID CAN-2005-2513 is assigned to this issue. The CVE Mitre candidate IDs CAN-2004-1189, CAN-2005-1174, CAN-2005-1175, CAN-2005-1689, and CAN-2005-2511 are assigned to these issues. loginwindow is prone to a vulnerability that could permit a user to gain access to other logged-in accounts. The CVE Mitre candidate ID CAN-2005-2509 is assigned to this issue. Mail is prone to a vulnerability regarding the loss of privacy when remote images are loaded into HTML email. The CVE Mitre candidate ID CAN-2005-2512 is assigned to this issue. The CVE Mitre candidate IDs CAN-2005-0709, CAN-2005-0710, and CAN-2005-0711 are assigned to these issues. OpenSSL is prone to two vulnerabilities resulting in denial of service. The CVE Mitre candidate IDs CAN-2004-0079 and CAN-2004-0112 are assigned to these issues. The CVE Mitre candidate ID CAN-2005-2514 is assigned to this issue. QuartzComposerScreenSaver is prone to a vulnerability that could allow users to open pages while the RSS Visualizer screen is locked. The CVE Mitre candidate ID CAN-2005-2515 is assigned to this issue. Safari is prone to two vulnerabilities that could result in arbitrary command execution or have information submitted to an incorrect site. The CVE Mitre candidate IDs CAN-2005-2516 and CAN-2005-2517 are assigned to these issues. SecurityInterface is prone to a vulnerability that could expose recently used passwords. The CVE Mitre candidate ID CAN-2005-2520 is assigned to this issue. The CVE Mitre candidate ID CAN-2005-2518 is assigned to this issue. servermgr_ipfilter is prone to a vulnerability regarding firewall settings not always being written to the Active Rules. The CVE Mitre candidate ID CAN-2005-2510 is assigned to this issue. SquirrelMail is prone to two vulnerabilities including a cross-site scripting issue. The CVE Mitre candidate IDs CAN-2005-1769 and CAN-2005-2095 are assigned to these issues. The CVE Mitre candidate ID CAN-2005-2521 is assigned to this issue. The CVE Mitre candidate ID CAN-2005-2522 is assigned to this issue. Weblog Server is prone to multiple cross-site scripting vulnerabilities. The CVE Mitre candidate ID CAN-2005-2523 is assigned to this issue. The CVE Mitre candidate ID CAN-2005-0605 is assigned to this issue. The CVE Mitre candidate IDs CAN-2005-2096 and CAN-2005-1849 are assigned to these issues. These vulnerabilities will be separated into individual BIDs upon further analysis of the issues. ---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secunia_vacancies/ ---------------------------------------------------------------------- TITLE: Mac OS X Security Update Fixes Multiple Vulnerabilities SECUNIA ADVISORY ID: SA16449 VERIFY ADVISORY: http://secunia.com/advisories/16449/ CRITICAL: Highly critical IMPACT: Security Bypass, Cross Site Scripting, Manipulation of data, Exposure of sensitive information, Privilege escalation, DoS, System access WHERE: >From remote OPERATING SYSTEM: Apple Macintosh OS X http://secunia.com/product/96/ DESCRIPTION: Apple has issued a security update for Mac OS X, which fixes more than 40 vulnerabilities. 1) A boundary error in htdigest can be exploited to cause a buffer overflow by passing an overly long realm argument. NOTE: htdigest is by default only locally accessible and not setuid / setgid. For more information: SA12787 SA13045 3) A security issue in Apache 2 results in access to ".DS_Store" files and files starting with ".ht" not being fully blocked. The problem is that the Apache configuration blocks access in a case sensitive way, but the Apple HFS+ filesystem performs file access in a case insensitive way. 4) A security issue in Apache 2 makes it possible to bypass the normal Apache file handlers and retrieve file data and resource fork content via HTTP. The problem is that the Apple HFS+ filesystem permits files to have multiple data streams. NOTE: This issue may also affect other products installed on the HFS+ filesystem. TextEdit. 7) An error in the AppKit component allows malicious, local users with physical access to create additional local accounts. 8) A bug in the System Profiler causes it to display misleading information about whether or not a Bluetooth device requires authentication. 10) An error in the CoreFoundation framework when parsing Gregorian date information can cause applications to stall. 11) Errors in the CUPS printing service can cause it to stop printing when handling multiple, simultaneous print jobs. 13) Various errors in the privileged tool dsidentity can be exploited by unprivileged users to add or remove identity user accounts in Directory Services. 14) The slpd program in Directory Services creates temporary files insecurely. This can be exploited via symlink attacks to overwrite arbitrary files with root privileges. 15) An error in Hltoolbox may allow VoiceOver services to read contents from secure input fields. 16) An error in Kerberos can potentially be exploited by malicious users to compromise a vulnerable system. For more information: SA13592 17) Multiple boundary errors in Kerberos can be exploited by malicious people to cause a DoS or potentially compromise a vulnerable system. For more information: SA16041 18) An error in Kerberos when Kerberos authentication is enabled in addition to LDAP can be exploited to gain access to the root Terminal window. 21) Various errors in MySQL can potentially be exploited by malicious users to compromise a vulnerable system and by malicious, local users to perform certain actions on a vulnerable system with escalated privileges. For more information: SA14547 22) Three vulnerabilities in OpenSSL can be exploited by malicious people to cause a DoS (Denial-of-Service). For more information: SA11139 23) An unspecified boundary error in the ping utility can be exploited to cause a buffer overflow and potentially gain escalated privileges. 26) A security issue in Safari when submitting forms on a XSL formatted page may cause the information to be submitted to the next visited web page. 27) A security issue in the SecurityInterface component may cause recently used passwords to be visible in the password assistant. 34) A vulnerability in X11 can potentially be exploited by malicious people to compromise a vulnerable system. 8) John M. Glenn 9) David Remahl 10) David Remahl 13) KF and Neil Archibald. 18) Jim Foraker 20) Brad Miller and John Pell 23) Neil Archibald, Suresec LTD. 24) Jay Craft, GrooVault Entertainment. 26) Bill Kuker 27) Andrew Langmead 29) Matt Richard and Chris Pepper 31) Neil Archibald, Suresec LTD. 33) Donnie Werner and Atsushi MATSUO. ORIGINAL ADVISORY: Apple: http://docs.info.apple.com/article.html?artnum=302163 OTHER REFERENCES: SA11139: http://secunia.com/advisories/11139/ SA12787: http://secunia.com/advisories/12787/ SA13045: http://secunia.com/advisories/13045/ SA13592: http://secunia.com/advisories/13592/ SA14460: http://secunia.com/advisories/14460/ SA14547: http://secunia.com/advisories/14547/ SA15721: http://secunia.com/advisories/15721/ SA15949: http://secunia.com/advisories/15949/ SA16041: http://secunia.com/advisories/16041/ SA16058: http://secunia.com/advisories/16058/ SA16137: http://secunia.com/advisories/16137/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . I. II. Impact The impacts of these vulnerabilities vary. III. Appendix A. References * US-CERT Vulnerability Note VU#913820 - <http://www.kb.cert.org/vuls/id/913820> * US-CERT Vulnerability Note VU#461412 - <http://www.kb.cert.org/vuls/id/461412> * US-CERT Vulnerability Note VU#435188 - <http://www.kb.cert.org/vuls/id/435188> * US-CERT Vulnerability Note VU#172948 - <http://www.kb.cert.org/vuls/id/172948> * US-CERT Vulnerability Note VU#420316 - <http://www.kb.cert.org/vuls/id/420316> * US-CERT Vulnerability Note VU#709220 - <http://www.kb.cert.org/vuls/id/709220> * Apple Security Update 2005-007 - <http://docs.info.apple.com/article.html?artnum=302163> * Mac OS X: Updating your software - <http://docs.info.apple.com/article.html?artnum=106704> ____________________________________________________________________ The most recent version of this document can be found at: <http://www.us-cert.gov/cas/techalerts/TA05-229A.html> ____________________________________________________________________ Feedback can be directed to US-CERT. Please send email to <cert@cert.org> with "TA05-229A Feedback VU#913820" in the subject. ____________________________________________________________________ Mailing list information: <http://www.us-cert.gov/cas/> ____________________________________________________________________ Produced 2005 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History August 17, 2005: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBQwOKkRhoSezw4YfQAQLxywgAkWTcoA3KoWAiY5YYPGejCVbWw/yFzAqy 4Fb0z9WXfwhwB3/L/IxLvJGhPdVF/b6buP/KZgIxalwsRu6GPjJp5Aj+Cbtf/8KI 2ca0bRxS3vZJS52ZOEVpS2Z2M8JdcBA2CgfvIw6GEklXD9MTjXXwYUhB6tYK4Ar0 +UAk6xxaaMRvKztOYbRZhy5/5Kz2Xd9a5UwO/hbojQmilv4elW3iZhGWP+nLEpSI D680yttkY++UzmYGYHO0Wm+SAK4fzXKxs/4PMfWvNgP8lKJsHXjjr7KLFtmgCiWU oxhOB8RdqVNTKE2kYEq1kiopusBtwK/x35VNr3uCjg23CxYuv8HAjw== =yJpi -----END PGP SIGNATURE-----

Darwin Streaming Server 5.0.1, and possibly earlier versions, allows remote attackers to cause a denial of service (server crash) via a DESCRIBE request with a location that contains a null byte. Multiple security vulnerabilities are reported to affect Apple Mac OS X. These issues were disclosed in the referenced vendor advisory. The first issue affects Apple's Apache configuration. Apparently Apple's default Apache configuration fails to properly block access to certain files. This issue has been assigned the CVE ID CAN-2004-1083 and is resolved in the attached Apple security update. The second issue reported in the referenced advisory affects the Apache web server on Mac OS X. This issue arises due to a failure of the affected server to properly handle HFS+ files system file resources. This issue has been assigned the CVE ID CAN-2004-1084 and is resolved in the attached Apple security update. The third issue affects Apple's windowing system and development kit (Appkit). This issue will allow and attacker to capture keyboard input that is supposed to be secure. This issue has been assigned the CVE ID CAN-2004-1081 and is resolved in the attached security update. The fourth issue surrounds the Cyrus IMAP server implementation when working with Kerberos authentication and may facilitate authentication bypass attacks. It should be noted that this issue only affects Mac OS X Server 10.3.X and earlier. This issue has been assigned CVE ID CAN-2004-1089 and is resolved in the attached security update. The fifth issue surrounds the HIToolBox. It affects only Mac OS X, and Mac OS X Server 10.3.X, the 10.2.X systems are not affected. This issue may allow an attacker to kill applications when running in kiosk mode. This issue has been assigned CVE ID CAN-2004-1085 and is resolved in the attached security update. The sixth issue affects the Postfix functionality on Mac OS X 10.3.X desktop and server. This issue may allow an attacker to send mail without requiring authentication. This issue has been assigned CVE ID CAN-2004-1088 and is resolved in the attached security update. The seventh issue surrounds the PSNormalizer utilities on Mac OS X 10.3.X desktop and server. This issue may allow an attacker to execute arbitrary code in the context of a user running a vulnerable version of the operating system. This issue has been assigned the CVE ID CAN-2004-1086 and is resolved in the attached security update. The eighth issue affects the QuickTime Streaming Server. An attacker may leverage this issue to trigger a denial of service condition in the affected server. This issue has been assigned the CVE ID CAN-2004-1123 and is resolved in the attached security update. Finally, a vulnerability affects Apple's Terminal application. This issue may lead to a false sense of security as the affected application may report that the 'Secure Keyboard Entry' functionality is active when it is not. This issue has been assigned the CVE ID CAN-2004-1087 and is resolved in the attached security update. An attacker may leverage these issues to carry out information disclosure, authentication bypass, code execution, privilege escalation, a false sense of security, and denial of service attacks. BACKGROUND Darwin Streaming Server is an open source version of Apple's QuickTime Streaming Server technology that allows you to send streaming media to clients across the Internet using the industry standard RTP and RTSP protocols. II. The vulnerability specifically occurs due to insufficient sanity checking on arguments to DESCRIBE requests. [Switching to Thread 1026 (LWP 9648)] 0x4207ac9e in chunk_free () from /lib/i686/libc.so.6 (gdb) bt #0 0x4207ac9e in chunk_free () from /lib/i686/libc.so.6 #1 0x4207ac24 in free () from /lib/i686/libc.so.6 #2 0x08096406 in FindOrCreateSession (inPath=0x408caf3c, inParams=0x81746f0, inData=0x0, isPush=0, foundSessionPtr=0x0) at APIModules/QTSSReflectorModule/QTSSReflectorModule.cpp:1262 III. ANALYSIS Successful exploitation allows any remote unauthenticated attacker to crash the targeted server, thereby preventing legitimate users from accessing streamed content. IV. DETECTION iDEFENSE has confirmed the existence of this vulnerability in Darwin Streaming Server 5.0.1. It is suspected that earlier versions are also vulnerable. V. WORKAROUND Employ firewalls, access control lists or other TCP/UDP restriction mechanisms to limit access to systems and services. VI. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the names CAN-2004-1123 to these issues. This is a candidate for inclusion in the CVE list (http://cve.mitre.org), which standardizes names for security problems. VIII. DISCLOSURE TIMELINE 09/10/2004 Initial vendor notification 09/15/2004 Initial vendor response 12/03/2004 Coordinated public disclosure IX. CREDIT The discoverer of this vulnerability wishes to remain anonymous. Get paid for vulnerability research http://www.idefense.com/poi/teams/vcp.jsp X. LEGAL NOTICES Copyright (c) 2004 iDEFENSE, Inc. Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDEFENSE. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please email customerservice@idefense.com for permission. Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html