Computer Security
[EN] securityvulns.ru
no-pyccku

  

Apple Mac OS X multiple security vulnerabilities
Published:20.08.2012
Source:BUGTRAQ
SecurityVulns ID:12518
Type:remote
Level:8/10
Description:Multiple vulnerabilities in different subsystems.
Affected:APPLE : MacOS X 10.7
CVE:CVE-2012-1182 (The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call.)
 CVE-2012-0870 (Heap-based buffer overflow in process.c in smbd in Samba 3.0, as used in the file-sharing service on the BlackBerry PlayBook tablet before 2.0.0.7971 and other products, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a Batched (aka AndX) request that triggers infinite recursion.)
 CVE-2012-0830 (The php_register_variable_ex function in php_variables.c in PHP 5.3.9 allows remote attackers to execute arbitrary code via a request containing a large number of variables, related to improper handling of array variables. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4885.)
 CVE-2012-0675 (Time Machine in Apple Mac OS X before 10.7.4 does not require continued use of SRP-based authentication after this authentication method is first used, which allows remote attackers to read Time Capsule credentials by spoofing the backup volume.)
 CVE-2012-0662 (Integer overflow in the Security Framework in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted input.)
 CVE-2012-0661 (Use-after-free vulnerability in QuickTime in Apple Mac OS X 10.7.x before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with JPEG2000 encoding.)
 CVE-2012-0660 (Buffer underflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG file.)
 CVE-2012-0659 (Integer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG file.)
 CVE-2012-0658 (Buffer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted audio sample tables in a movie file that is progressively downloaded.)
 CVE-2012-0657 (Quartz Composer in Apple Mac OS X before 10.7.4, when the RSS Visualizer screensaver is enabled, allows physically proximate attackers to bypass screen locking and launch a Safari process via unspecified vectors.)
 CVE-2012-0656 (Race condition in LoginUIFramework in Apple Mac OS X 10.7.x before 10.7.4, when the Guest account is enabled, allows physically proximate attackers to login to arbitrary accounts by entering the account name and no password.)
 CVE-2012-0655 (libsecurity in Apple Mac OS X before 10.7.4 does not properly restrict the length of RSA keys within X.509 certificates, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by conducting a spoofing or network-sniffing attack during communication with a site that uses a short key.)
 CVE-2012-0654 (libsecurity in Apple Mac OS X before 10.7.4 accesses uninitialized memory locations during the processing of X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted certificate.)
 CVE-2012-0652 (Login Window in Apple Mac OS X 10.7.3, when Legacy File Vault or networked home directories are enabled, does not properly restrict what is written to the system log for network logins, which allows local users to obtain sensitive information by reading the log.)
 CVE-2012-0651 (The directory server in Directory Service in Apple Mac OS X 10.6.8 allows remote attackers to obtain sensitive information from process memory via a crafted message.)
 CVE-2012-0649 (Race condition in the initialization routine in blued in Bluetooth in Apple Mac OS X before 10.7.4 allows local users to gain privileges via vectors involving a temporary file.)
 CVE-2012-0642 (Integer underflow in Apple iOS before 5.1 allows remote attackers to execute arbitrary code or cause a denial of service (device crash) via a crafted catalog file in an HFS disk image.)
 CVE-2012-0036 (curl and libcurl 7.2x before 7.24.0 do not properly consider special characters during extraction of a pathname from a URL, which allows remote attackers to conduct data-injection attacks via a crafted URL, as demonstrated by a CRLF injection attack on the (1) IMAP, (2) POP3, or (3) SMTP protocol.)
 CVE-2011-4885 (PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.)
 CVE-2011-4815 (Ruby (aka CRuby) before 1.8.7-p357 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.)
 CVE-2011-4566 (Integer overflow in the exif_process_IFD_TAG function in exif.c in the exif extension in PHP 5.4.0beta2 on 32-bit platforms allows remote attackers to read the contents of arbitrary memory locations or cause a denial of service via a crafted offset_val value in an EXIF header in a JPEG file, a different vulnerability than CVE-2011-0708.)
 CVE-2011-3919 (Heap-based buffer overflow in libxml2, as used in Google Chrome before 16.0.912.75, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.)
 CVE-2011-3389 (The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.)
 CVE-2011-3328 (The png_handle_cHRM function in pngrutil.c in libpng 1.5.4, when color-correction support is enabled, allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a malformed PNG image containing a cHRM chunk associated with a certain zero value.)
 CVE-2011-3212 (CoreStorage in Apple Mac OS X 10.7 before 10.7.2 does not ensure that all disk data is encrypted during the enabling of FileVault, which makes it easier for physically proximate attackers to obtain sensitive information by reading directly from the disk device.)
 CVE-2011-2895 (The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType 2.1.9, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows context-dependent attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2896.)
 CVE-2011-2834 (Double free vulnerability in libxml2, as used in Google Chrome before 14.0.835.163, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling.)
 CVE-2011-2821 (Double free vulnerability in libxml2, as used in Google Chrome before 13.0.782.215, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted XPath expression.)
 CVE-2011-2692 (The png_handle_sCAL function in pngrutil.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 does not properly handle invalid sCAL chunks, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted PNG image that triggers the reading of uninitialized memory.)
 CVE-2011-1944 (Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x through 2.7.8, and libxml 1.8.16 and earlier, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XML file that triggers a heap-based buffer overflow when adding a new namespace node, related to handling of XPath expressions.)
 CVE-2011-1778 (Buffer overflow in libarchive through 2.8.5 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TAR archive.)
 CVE-2011-1777 (Multiple buffer overflows in the (1) heap_add_entry and (2) relocate_dir functions in archive_read_support_format_iso9660.c in libarchive through 2.8.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted ISO9660 image.)
 CVE-2011-1167 (Heap-based buffer overflow in the thunder (aka ThunderScan) decoder in tif_thunder.c in LibTIFF 3.9.4 and earlier allows remote attackers to execute arbitrary code via crafted THUNDER_2BITDELTAS data in a .tiff file that has an unexpected BitsPerSample value.)
 CVE-2011-1005 (The safe-level feature in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, and 1.8.8dev allows context-dependent attackers to modify strings via the Exception#to_s method, as demonstrated by changing an intended pathname.)
 CVE-2011-1004 (The FileUtils.remove_entry_secure method in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, 1.8.8dev, 1.9.1 through 1.9.1-430, 1.9.2 through 1.9.2-136, and 1.9.3dev allows local users to delete arbitrary files via a symlink attack.)
 CVE-2011-0241 (Heap-based buffer overflow in ImageIO in Apple Safari before 5.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image with CCITT Group 4 encoding.)
Original documentdocumentZDI, ZDI-12-137 : Apple Mac OS X libsecurity_cdsa_plugin Malloc Integer Truncation Remote Code Execution Vulnerability (20.08.2012)
Files:APPLE-SA-2012-05-09-1 OS X Lion v10.7.4 and Security Update 2012-002

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 



Rating@Mail.ru