----------------------------------------------------------------------

Bist Du interessiert an einem neuen Job in IT-Sicherheit?


Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT-
Sicherheit:
http://secunia.com/secunia_vacancies/

----------------------------------------------------------------------

TITLE:
Mac OS X Security Update Fixes Multiple Vulnerabilities

SECUNIA ADVISORY ID:
SA16449

VERIFY ADVISORY:
http://secunia.com/advisories/16449/

CRITICAL:
Highly critical

IMPACT:
Security Bypass, Cross Site Scripting, Manipulation of data, Exposure
of sensitive information, Privilege escalation, DoS, System access

WHERE:
>From remote

OPERATING SYSTEM:
Apple Macintosh OS X
http://secunia.com/product/96/

DESCRIPTION:
Apple has issued a security update for Mac OS X, which fixes more
than 40 vulnerabilities.

1) A boundary error in htdigest can be exploited to cause a buffer
overflow by passing an overly long realm argument.

NOTE: htdigest is by default only locally accessible and not setuid /
setgid.

2) Two vulnerabilities in Apache 2 can be exploited by malicious
people to bypass certain security restrictions or cause a DoS (Denial
of Service).

For more information:
SA12787
SA13045

3) A security issue in Apache 2 results in access to ".DS_Store"
files and files starting with ".ht" not being fully blocked. The
problem is that the Apache configuration blocks access in a case
sensitive way, but the Apple HFS+ filesystem performs file access in
a case insensitive way.

4) A security issue in Apache 2 makes it possible to bypass the
normal Apache file handlers and retrieve file data and resource fork
content via HTTP. The problem is that the Apple HFS+ filesystem
permits files to have multiple data streams.

NOTE: This issue may also affect other products installed on the HFS+
filesystem.

5) A boundary error in the AppKit component can be exploited to cause
a buffer overflow and execute arbitrary code on a user's system when a
specially crafted rich text file is opened.

6) A boundary error in the AppKit component can be exploited to cause
a buffer overflow and execute arbitrary code on a user's system when a
specially crafted Microsoft Word .doc file is opened in e.g.
TextEdit.

7) An error in the AppKit component allows malicious, local users
with physical access to create additional local accounts.

8) A bug in the System Profiler causes it to display misleading
information about whether or not a Bluetooth device requires
authentication.

9) A boundary error in the CoreFoundation framework when processing
command line arguments can be exploited to cause a buffer overflow
and execute arbitrary code.

10) An error in the CoreFoundation framework when parsing Gregorian
date information can cause applications to stall.

11) Errors in the CUPS printing service can cause it to stop printing
when handling multiple, simultaneous print jobs.

12) A boundary error in Directory Services during the authentication
handling can be exploited to cause a buffer overflow and execute
arbitrary code.

13) Various errors in the privileged tool dsidentity can be exploited
by unprivileged users to add or remove identity user accounts in
Directory Services.

14) The slpd program in Directory Services creates temporary files
insecurely. This can be exploited via symlink attacks to overwrite
arbitrary files with root privileges.

15) An error in Hltoolbox may allow VoiceOver services to read
contents from secure input fields.

16) An error in Kerberos can potentially be exploited by malicious
users to compromise a vulnerable system.

For more information:
SA13592

17) Multiple boundary errors in Kerberos can be exploited by
malicious people to cause a DoS or potentially compromise a
vulnerable system.

For more information:
SA16041

18) An error in Kerberos when Kerberos authentication is enabled in
addition to LDAP can be exploited to gain access to the root Terminal
window.

19) An error in loginwindow can be exploited by malicious users with
knowledge of two passwords to access other logged-in accounts when
"Fast User Switching" is enabled without knowing these passwords.

20) The Mail component loads remote images in HTML emails (even with
this disabled in the user's preferences), which can be exploited to
enumerate valid email addresses.

21) Various errors in MySQL can potentially be exploited by malicious
users to compromise a vulnerable system and by malicious, local users
to perform certain actions on a vulnerable system with escalated
privileges.

For more information:
SA14547

22) Three vulnerabilities in OpenSSL can be exploited by malicious
people to cause a DoS (Denial-of-Service).

For more information:
SA11139

23) An unspecified boundary error in the ping utility can be
exploited to cause a buffer overflow and potentially gain escalated
privileges.

24) An error in QuartzComposerScreenSaver can be exploited by
malicious people with physical access to open web pages while the RSS
Visualizer screen saver is locked.

25) An error in Safari can be exploited to bypass the normal browser
security checks and execute arbitrary commands when a link in a
specially crafted rich text file is clicked.

26) A security issue in Safari when submitting forms on a XSL
formatted page may cause the information to be submitted to the next
visited web page.

27) A security issue in the SecurityInterface component may cause
recently used passwords to be visible in the password assistant.

28) A boundary error in servermgrd during the authentication process
can be exploited to cause a buffer overflow and execute arbitrary
code.

29) A security issue in servermgr_ipfilter may cause certain firewall
policies created with the Server Admin tool to not be written to the
Active Rules.

30) Some vulnerabilities in Squirrelmail can be exploited to conduct
cross-site scripting attacks or disclose and manipulate sensitive
information.

For more information:
SA15721
SA16058

31) A boundary error in the traceroute utility can be exploited to
cause a buffer overflow and execute arbitrary code.

32) An error in WebKit can be exploited to bypass normal browser
security checks and execute arbitrary commands when a link in a
specially crafted PDF document is clicked.

33) Various errors in Weblog Server can be exploited to conduct
cross-site scripting attacks.

34) A vulnerability in X11 can potentially be exploited by malicious
people to compromise a vulnerable system.

For more information:
SA14460

35) Errors in zlib can be exploited by malicious people to conduct a
DoS against a vulnerable application or potentially to execute
arbitrary code.

For more information:
SA15949
SA16137

SOLUTION:
Apply Security Update 2005-007.

Mac OS X 10.3.9 Client:
http://www.apple.com/support/downloads/securityupdate2005007macosx1039client.html

Mac OS X 10.3.9 Server:
http://www.apple.com/support/downloads/securityupdate2005007macosx1039server.html

Mac OS X 10.4.2 Client:
http://www.apple.com/support/downloads/securityupdate2005007macosx1042client.html

Mac OS X 10.4.2 Server:
http://www.apple.com/support/downloads/securityupdate2005007macosx1042server.html

PROVIDED AND/OR DISCOVERED BY:
1) JxT, SNOsoft.
8) John M. Glenn
9) David Remahl
10) David Remahl
13) KF and Neil Archibald.
18) Jim Foraker
20) Brad Miller and John Pell
23) Neil Archibald, Suresec LTD.
24) Jay Craft, GrooVault Entertainment.
26) Bill Kuker
27) Andrew Langmead
29) Matt Richard and Chris Pepper
31) Neil Archibald, Suresec LTD.
33) Donnie Werner and Atsushi MATSUO.

ORIGINAL ADVISORY:
Apple:
http://docs.info.apple.com/article.html?artnum=302163

OTHER REFERENCES:
SA11139:
http://secunia.com/advisories/11139/

SA12787:
http://secunia.com/advisories/12787/

SA13045:
http://secunia.com/advisories/13045/

SA13592:
http://secunia.com/advisories/13592/

SA14460:
http://secunia.com/advisories/14460/

SA14547:
http://secunia.com/advisories/14547/

SA15721:
http://secunia.com/advisories/15721/

SA15949:
http://secunia.com/advisories/15949/

SA16041:
http://secunia.com/advisories/16041/

SA16058:
http://secunia.com/advisories/16058/

SA16137:
http://secunia.com/advisories/16137/

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

----------------------------------------------------------------------