Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:19937
HistoryMay 30, 2008 - 12:00 a.m.

About the security content of Security Update 2008-003 / Mac OS X 10.5.3

2008-05-3000:00:00
vulners.com
67
JSON

About the security content of Security Update 2008-003 / Mac OS X 10.5.3

* Last Modified: May 28, 2008
* Article: HT1897

Summary

This document describes the security content of Security Update 2008-003 / Mac OS X 10.5.3, which can be downloaded and installed via Software Update preferences, or from Apple Downloads.

For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.

For information about the Apple Product Security PGP Key, see "How to use the Apple Product Security PGP Key."

Where possible, CVE IDs are used to reference the vulnerabilities for further information.

To learn about other Security Updates, see "Apple Security Updates."
Products Affected

Security
Security Update 2008-003 / Mac OS X v10.5.3

* AFP Server

  CVE-ID: CVE-2008-1027

  Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.2, Mac OS X Server v10.5 through v10.5.2

  Impact: Files that are not designated for sharing may be accessed remotely

  Description: AFP Server did not check that a file or directory to be served was inside a folder designated for sharing. A connected user or guest may access any files or folders for which they have permission, even if not contained in folders designated for sharing. This update addresses the issue by denying access to files and folders that are not inside a folder designated for sharing. Credit to Alex deVries and Robert Rich for reporting this issue.

* Apache

  CVE-ID: CVE-2005-3352, CVE-2005-3357, CVE-2006-3747, CVE-2007-1863, CVE-2007-3847, CVE-2007-4465, CVE-2007-5000, CVE-2007-6388

  Available for: Mac OS X Server v10.4.11

  Impact: Multiple vulnerabilities in Apache 2.0.55

  Description: Apache is updated to version 2.0.63 to address several vulnerabilities, the most serious of which may lead to cross-site scripting. Further information is available via the Apache web site at http://httpd.apache.org. Apache 2.0.x is only shipped with Mac OS X Server v10.4.x systems. Mac OS X v10.5.x and Mac OS X Server v10.5.x ship with Apache 2.2.x. The issues that affected Apache 2.2.x were addressed in Security Update 2008-002 for Mac OS X v10.5.2 and Mac OS X Server v10.5.2.

* AppKit

  CVE-ID: CVE-2008-1028

  Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11

  Impact: Opening a maliciously crafted file may lead to an unexpected application termination or arbitrary code execution

  Description: An implementation issue exists in AppKit's processing of document files. Opening a maliciously crafted file in an editor that uses AppKit, such as TextEdit, may cause an unexpected application termination or arbitrary code execution. This update addresses the issue through improved validation of document files. This issue does not affect systems running Mac OS X 10.5 or later. Credit to Rosyna of Unsanity for reporting this issue.

* Apple Pixlet Video

  CVE-ID: CVE-2008-1577

  Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.2, Mac OS X Server v10.5 through v10.5.2

  Impact: Opening a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution

  Description: Multiple memory corruption issues exist in the handling of files using the Pixlet codec. Opening a maliciously crafted movie file may cause an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking.

* ATS

  CVE-ID: CVE-2008-1575

  Available for: Mac OS X v10.5 through v10.5.2, Mac OS X Server v10.5 through v10.5.2

  Impact: Printing a PDF document containing a maliciously crafted embedded font may lead to arbitrary code execution

  Description: A memory corruption issue exists in the Apple Type Services server's handling of embedded fonts in PDF files. Printing a PDF document containing a maliciously crafted font may lead to arbitrary code execution. This update addresses the issue by performing additional validation of embedded fonts. This issue does not affect systems prior to Mac OS X v10.5. Credit to Melissa O'Neill of Harvey Mudd College for reporting this issue.

* CFNetwork

  CVE-ID: CVE-2008-1580

  Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.2, Mac OS X Server v10.5 through v10.5.2

  Impact: Visiting a maliciously crafted website may lead to the disclosure of sensitive information

  Description: An information disclosure issue exists in Safari's SSL client certificate handling. When a web server issues a client certificate request, the first client certificate found in the keychain is automatically sent, which may lead to the disclosure of the information contained in the certificate. This update addresses the issue by prompting the user before sending the certificate.

* CoreFoundation

  CVE-ID: CVE-2008-1030

  Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.2, Mac OS X Server v10.5 through v10.5.2

  Impact: Applications' use of the CFData API in certain ways may lead to an unexpected application termination or arbitrary code execution

  Description: An integer overflow in CoreFoundation's handling of CFData objects may result in a heap buffer overflow. An application calling CFDataReplaceBytes with an with invalid length argument may unexpectedly terminate or lead to arbitrary code execution. This update addresses the issue by performing additional validation of length parameters.

* CoreGraphics

  CVE-ID: CVE-2008-1031

  Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.2, Mac OS X Server v10.5 through v10.5.2

  Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution

  Description: An uninitialized variable issue exists in CoreGraphics' handling of PDF files. Opening a maliciously crafted PDF file may cause an unexpected application termination or arbitrary code execution. This update addresses the issue through proper initialization of pointers.

* CoreTypes

  CVE-ID: CVE-2008-1032

  Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.2, Mac OS X Server v10.5 through v10.5.2

  Impact: Users are not warned before opening certain potentially unsafe content types

  Description: This update extends the system's list of content types that will be flagged as potentially unsafe under certain circumstances, such as when they are downloaded from a web page. While these content types are not automatically launched, if manually opened they could lead to the execution of a malicious payload. This update improves the system's ability to notify users before handling content types used by Automator, Help, Safari, and Terminal. On Mac OS X v10.4 this functionality is provided by the Download Validation feature. On Mac OS X v10.5 this functionality is provided by the Quarantine feature. Credit to Brian Mastenbrook for reporting this issue.

* CUPS

  CVE-ID: CVE-2008-1033

  Available for: Mac OS X v10.5 through v10.5.2, Mac OS X Server v10.5 through v10.5.2

  Impact: Printing to password-protected printers with debug logging enabled may lead to the disclosure of sensitive information

  Description: An issue exists in the CUPS scheduler's check of the authentication environment variables when debug logging is enabled. This may lead to the disclosure of the username, domain, and password when printing to a password-protected printer. This update addresses the issue by properly validating environment variables. This issue does not affect systems prior to Mac OS X v10.5 with Security Update 2008-002 installed.

* Flash Player Plug-in

  CVE-ID: CVE-2007-5275, CVE-2007- 6243, CVE-2007- 6637, CVE-2007-6019, CVE-2007-0071, CVE-2008-1655, CVE-2008-1654

  Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.2, Mac OS X Server v10.5 through v10.5.2

  Impact: Opening maliciously crafted Flash content may lead to arbitrary code execution

  Description: Multiple issues exist in Adobe Flash Player Plug-in, the most serious of which may lead to arbitrary code execution. This update addresses the issue by updating to version 9.0.124.0. Further information is available via the Adobe web site at http://www.adobe.com/support/security/bulletins/apsb08-11.html

* Help Viewer

  CVE-ID: CVE-2008-1034

  Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11

  Impact: A malicious help:topic URL may cause an unexpected application termination or arbitrary code execution

  Description: An integer underflow in Help Viewer's handling of help:topic URLs may result in a buffer overflow. Accessing a malicious help:topic URL may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. This issue does not affect systems running Mac OS X 10.5 or later. Credit to Paul Haddad of PTH Consulting for reporting this issue.

* iCal

  CVE-ID: CVE-2008-1035

  Available for: Mac OS X v10.5 through v10.5.2, Mac OS X Server v10.5 through v10.5.2

  Impact: Opening a maliciously crafted iCalendar file in iCal may lead to an unexpected application termination or arbitrary code execution

  Description: A use-after-free issue exists in the iCal application's handling of iCalendar (usually ".ics") files. Opening a maliciously crafted iCalendar file in iCal may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by improving reference counting in the affected code. This issue does not affect systems prior to Mac OS X v10.5. Credit to Rodrigo Carvalho of Core Security Technologies for reporting this issue.

* International Components for Unicode

  CVE-ID: CVE-2008-1036

  Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.2, Mac OS X Server v10.5 through v10.5.2

  Impact: Visiting certain web sites may result in the disclosure of sensitive information

  Description: A conversion issue exists in ICU's handling of certain character encodings. Particular invalid character sequences may not appear in the converted output, and this can affect content filters. Visiting a maliciously crafted web site may lead to cross site scripting and the disclosure of sensitive information. This update addresses the issue by replacing invalid character sequences with a fallback character.

* Image Capture

  CVE-ID: CVE-2008-1571

  Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11

  Impact: Accessing a maliciously crafted URL may lead to information disclosure

  Description: A path traversal issue exists in Image Capture's embedded web server. This may lead to the disclosure of local files on the server system. This update addresses the issue through improved URL handling. This issue does not affect systems running Mac OS X v10.5 or later.

* Image Capture

   

  CVE-ID: CVE-2008-1572

  Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11

  Impact: A local user may manipulate files with the privileges of another user running Image Capture

  Description: An insecure file operation exists in Image Capture's handling of temporary files. This could allow a local user to overwrite files with the privileges of another user running Image Capture, or to access the contents of images being resized. This update addresses the issue through improved handling of temporary files. This issue does not affect systems running Mac OS X v10.5 or later.

* ImageIO

   

  CVE-ID: CVE-2008-1573

  Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.2, Mac OS X Server v10.5 through v10.5.2

  Impact: Viewing a maliciously crafted BMP or GIF image may lead to information disclosure

  Description: An out-of-bounds memory read may occur in the BMP and GIF image decoding engine, which may lead to the disclosure of content in memory. This update addresses the issue by performing additional validation of BMP and GIF images. Credit to Gynvael Coldwind of Hispasec for reporting this issue.

* ImageIO

   

  CVE-ID: CVE-2007-5266, CVE-2007-5268, CVE-2007-5269

  Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.2, Mac OS X Server v10.5 through v10.5.2

  Impact: Multiple vulnerabilities in libpng version 1.2.18

  Description: Multiple vulnerabilities exist in libpng version 1.2.18, the most serious of which may lead to a remote denial of service. This update addresses the issue by updating to version 1.2.24. Further information is available via the libpng website at http://www.libpng.org/pub/png/libpng.html

* ImageIO

   

  CVE-ID: CVE-2008-1574

  Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.2, Mac OS X Server v10.5 through v10.5.2

  Impact: Viewing a maliciously crafted JPEG2000 image file may lead to an unexpected application termination or arbitrary code execution

  Description: An integer overflow in the handling of JPEG2000 image files may result in a heap buffer overflow. Viewing a maliciously crafted JPEG2000 image file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through additional validation of JPEG2000 images.

* Kernel

   

  CVE-ID: CVE-2008-0177

  Available for: Mac OS X v10.5 through v10.5.2, Mac OS X Server v10.5 through v10.5.2

  Impact: A remote attacker may be able to cause to an unexpected system shutdown

  Description: An undetected failure condition exists in the handling of packets with an IPComp header. By sending a maliciously crafted packet to a system configured to use IPSec or IPv6, an attacker may cause an unexpected system shutdown. This update addresses the issue by properly detecting the failure condition.

* Kernel

   

  CVE-ID: CVE-2007-6359

  Available for: Mac OS X v10.5 through v10.5.2, Mac OS X Server v10.5 through v10.5.2

  Impact: A local user may be able to cause an unexpected system shutdown

  Description: A null pointer dereference exists in the kernel's handling of code signatures in the cs_validate_page function. This may allow a local user to cause an unexpected system shutdown. This update addresses the issue by performing additional validation of code signatures. This issue does not affect systems prior to Mac OS X v10.5.

* LoginWindow

   

  Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11

  Impact: Managed Client preferences may not be applied

  Description: This update addresses a non-security issue introduced in Security Update 2007-004. Due to a race condition, LoginWindow may fail to apply certain preferences to fail on systems managed by Managed Client for Mac OS X (MCX). This update addresses the issue by eliminating the race condition in the handling of managed preferences. This issue does not affect systems running Mac OS X v10.5.

* Mail

   

  CVE-ID: CVE-2008-1576

  Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11

  Impact: Sending mail through an SMTP server over IPv6 may lead to an unexpected application termination, information disclosure, or arbitrary code execution

  Description: An uninitialized buffer issue exists in Mail. When sending mail through an SMTP server over IPv6, Mail may use a buffer containing partially uninitialized memory, which could result in the disclosure of sensitive information to message recipients and mail server administrators. This could also potentially lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by properly initializing the variable. This issue does not affect systems running Mac OS X v10.5 or later. Credit to Derek Morr of The Pennsylvania State University for reporting this issue.

* ruby

   

  CVE-ID: CVE-2007-6612

  Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.2, Mac OS X Server v10.5 through v10.5.2

  Impact: A remote attacker may be able to read arbitrary files

  Description: Mongrel is updated to version 1.1.4 to address a directory traversal issue in DirHandler which may lead to the disclosure of sensitive information. Further information is available via the Mongrel web site at http://mongrel.rubyforge.org

* Single Sign-On

   

  CVE-ID: CVE-2008-1578

  Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.2, Mac OS X Server v10.5 through v10.5.2

  Impact: Passwords supplied to sso_util are exposed to other local users

  Description: The sso_util command-line tool required that passwords be passed to it in its arguments, potentially exposing the passwords to other local users. Passwords exposed include those for users, administrators, and the KDC administration password. This update makes the password parameter optional, and sso_util will prompt for the password if needed. Credit to Geoff Franks of Hauptman Woodward Institute for reporting this issue.

* Wiki Server

   

  CVE-ID: CVE-2008-1579

  Available for: Mac OS X Server v10.5 through v10.5.2

  Impact: A remote attacker may determine valid user names on servers with the Wiki Server enabled

  Description: An information disclosure issue exists in Wiki Server when a nonexistent blog is accessed. Using the information in the error message, an attacker may deduce the existence of local user names. This update addresses the issue through improved handling of error messages. This issue does not affect systems prior to Mac OS X v10.5. Credit to Don Rainwater of the University of Cincinnati for reporting this issue.

Important: Mention of third-party websites and products is for informational purposes only and constitutes neither an endorsement nor a recommendation. Apple assumes no responsibility with regard to the selection, performance or use of information or products found at third-party websites. Apple provides this only as a convenience to our users. Apple has not tested the information found on these sites and makes no representations regarding its accuracy or reliability. There are risks inherent in the use of any information or products found on the Internet, and Apple assumes no responsibility in this regard. Please understand that a third-party site is independent from Apple and that Apple has no control over the content on that website. Please contact the vendor for additional information.

Related

nessus 65
openvas 85
seebug 2
securityvulns 6
oraclelinux 5
suse 3
gentoo 4
cert 1
centos 5
slackware 4
redhat 8
freebsd 1
ubuntu 3
fedora 3
vmware 2
packetstorm 1
coresecurity 1
nessus
nessus
Mac OS X Multiple Vulnerabilities (Security Update 2008-003)
2008-05-29 00:00:00
Mac OS X 10.5.x < 10.5.3 Multiple Vulnerabilities
2008-05-29 00:00:00
HP-UX PHSS_36385 : HP OpenView Network Node Manager (OV NNM) Running Apache, Remote Cross Site Scripting (XSS), Denial of Service (DoS), Execute Arbitrary Code (HPSBMA02328 SSRT071293 rev.2)
2007-09-25 00:00:00
openvas
openvas
Mac OS X 10.5.3 Update / Mac OS X Security Update 2008-003
2010-05-12 00:00:00
Mac OS X 10.5.3 Update / Mac OS X Security Update 2008-003
2010-05-12 00:00:00
Solaris Update for Apache 2 120544-14
2009-06-03 00:00:00
seebug
seebug
Apple Mac OS X 2008-003更新修复多个安全漏洞
2008-05-29 00:00:00
Adobe Flash Player 9.0.124.0版本修改多个安全漏洞
2008-04-11 00:00:00
securityvulns
securityvulns
Apple Mac OS X multiple security vulnerabilities
2008-05-30 00:00:00
Adobe Flash Player multiple security vulnerabilities
2008-04-14 00:00:00
libpng multiple security vulnerabilities
2007-10-20 00:00:00
oraclelinux
oraclelinux
Moderate: httpd security update
2008-01-15 00:00:00
Moderate: httpd security update
2008-01-15 00:00:00
Moderate: httpd security update
2008-01-15 00:00:00
suse
suse
remote code execution in flash-player
2008-04-11 13:28:58
remote denial of service in apache,apache2
2006-07-28 14:21:14
remote denial of service in apache2
2007-11-19 15:20:20
gentoo
gentoo
libpng: Multiple Denials of Service
2007-11-07 00:00:00
Adobe Flash Player: Multiple vulnerabilities
2008-04-18 00:00:00
Apache: Multiple vulnerabilities
2006-02-06 00:00:00
cert
cert
Apache mod_rewrite contains off-by-one error in ldap scheme handling
2006-07-28 00:00:00
centos
centos
httpd, mod_ssl security update
2008-01-15 12:48:29
apache security update
2008-01-16 02:42:35
httpd, mod_ssl security update
2008-01-15 13:48:01
slackware
slackware
[slackware-security] apache
2008-02-15 01:23:13
[slackware-security] libpng
2007-11-21 08:14:31
[slackware-security] libpng for Slackware 10.1 and 10.2
2007-11-21 21:16:25
redhat
redhat
(RHSA-2008:0005) Moderate: httpd security update
2008-01-15 00:00:00
(RHSA-2008:0221) Critical: flash-plugin security update
2008-04-08 00:00:00
(RHSA-2008:0004) Moderate: apache security update
2008-01-15 00:00:00
freebsd
freebsd
png -- multiple vulnerabilities
2007-10-08 00:00:00
ubuntu
ubuntu
Apache vulnerabilities
2006-01-13 00:00:00
libpng vulnerabilities
2007-10-25 00:00:00
Apache vulnerabilities
2008-02-04 00:00:00
fedora
fedora
[SECURITY] Fedora Core 6 Update: httpd-2.2.6-1.fc6
2007-09-24 20:29:48
[SECURITY] Fedora 7 Update: httpd-2.2.6-1.fc7
2007-09-19 02:53:28
[SECURITY] Fedora Core 5 Update: httpd-2.2.2-1.3
2007-07-02 15:01:38
vmware
vmware
VMware Hosted products update libpng and Apache HTTP Server
2009-08-20 00:00:00
VMware Hosted products update libpng and Apache HTTP Server
2009-08-20 00:00:00
packetstorm
packetstorm
Core Security Technologies Advisory 2008.0124
2008-03-04 00:00:00
coresecurity
coresecurity
Multiple Vulnerabilities in Google's Android
2008-03-04 00:00:00
JSON
Related for SECURITYVULNS:DOC:19937
nessus65openvas85seebug2securityvulns6oraclelinux5suse3gentoo4cert1centos5slackware4redhat8freebsd1ubuntu3fedora3vmware2packetstorm1coresecurity1