Computer Security
[EN] securityvulns.ru no-pyccku


Apple Mac OS X multiple security vulnerabilities
Published:30.05.2008
Source:
SecurityVulns ID:9039
Type:remote
Threat Level:
9/10
Description:AFP server directory traversal, Apache updates, AppKit memory corruption, Apple Pixlet Video multiple memory corruptions, Apple Type Services PDF printing fonts memory corruption, SSL information leak, multiple vulnerabilities in Graphics and Image engines on different filetypes and multimedia formats, Help Viewer buffer overflow, Unicode content filtering bypass, Image Capture directory traversal, DoS через IPv6, SMTP client buffer overflow, etc.
Affected:APPLE : Mac OS X 10.4
CVE:CVE-2008-1580
 CVE-2008-1578 (The sso_util program in Single Sign-On in Apple Mac OS X before 10.5.3 places passwords on the command line, which allows local users to obtain sensitive information by listing the process.)
 CVE-2008-1577
 CVE-2008-1576
 CVE-2008-1575
 CVE-2008-1574
 CVE-2008-1573 (The BMP and GIF image decoding engine in ImageIO in Apple Mac OS X before 10.5.3 allows remote attackers to obtain sensitive information (memory contents) via a crafted (1) BMP or (2) GIF image, which causes an out-of-bounds read.)
 CVE-2008-1572 (Image Capture in Apple Mac OS X before 10.5 does not properly use temporary files, which allows local users to overwrite arbitrary files, and display images that are being resized by this application.)
 CVE-2008-1571
 CVE-2008-1036 (The International Components for Unicode (ICU) library in Apple Mac OS X before 10.5.3, Red Hat Enterprise Linux 5, and other operating systems omits some invalid character sequences during conversion of some character encodings, which might allow remote attackers to conduct cross-site scripting (XSS) attacks.)
 CVE-2008-1035
 CVE-2008-1034 (Integer underflow in Help Viewer in Apple Mac OS X before 10.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted help:topic URL that triggers a buffer overflow.)
 CVE-2008-1033 (The scheduler in CUPS in Apple Mac OS X 10.5 before 10.5.3, when debug logging is enabled and a printer requires a password, allows attackers to obtain sensitive information (credentials) by reading the log data, related to "authentication environment variables.")
 CVE-2008-1032
 CVE-2008-1031
 CVE-2008-1030
 CVE-2008-1028
 CVE-2008-1027
 CVE-2008-0177
 CVE-2007-6359 (The cs_validate_page function in bsd/kern/ubc_subr.c in the xnu kernel 1228.0 and earlier in Apple Mac OS X 10.5.1 allows local users to cause a denial of service (failed assertion and system crash) via a crafted signed Mach-O binary that causes the hashes function to return NULL.)
Original documentdocumentAPPLE, About the security content of Security Update 2008-003 / Mac OS X 10.5.3 (30.05.2008)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod