----------------------------------------------------------------------

Secunia is pleased to announce the release of the annual Secunia
report for 2008.

Highlights from the 2008 report:
 * Vulnerability Research
 * Software Inspection Results
 * Secunia Research Highlights
 * Secunia Advisory Statistics

Request the full 2008 Report here:
http://secunia.com/advisories/try_vi/request_2008_report/

Stay Secure,

Secunia


----------------------------------------------------------------------

TITLE:
Mac OS X Multiple Vulnerabilities

SECUNIA ADVISORY ID:
SA34424

VERIFY ADVISORY:
http://secunia.com/advisories/34424/

DESCRIPTION:
Some vulnerabilities have been reported in Mac OS X, which can be
exploited by malicious, local users to cause a DoS (Denial of
Service) or to gain escalated privileges, and potentially by
malicious people to cause a DoS (Denial of Service) or compromise a
vulnerable system.

1) An error in the processing of hfs images can be exploited to
overwrite certain kernel memory and execute arbitrary code with root
privileges.

2) An error exists in the Appletalk implementation within the
handling of zip notify request, which can be exploited by sending a
specially crafted packet to an affected system.

3) An error in the "sysctl()" interface can be exploited to cause a
DoS via " CTL_VFS" sysctl() calls.

4) An error in the handling of the "SYS___mac_getfsstat" system call
can be exploited to disclose kernel memory or cause a DoS.

5) An error in the handling of the "SYS_add_profil" system call can
be exploited to disclose kernel memory or cause a DoS.

SOLUTION:
Grant only trusted users access and restrict network access to
affected systems.

PROVIDED AND/OR DISCOVERED BY:
mu-b

ORIGINAL ADVISORY:
http://milw0rm.com/exploits/8266
http://milw0rm.com/exploits/8265
http://milw0rm.com/exploits/8264
http://milw0rm.com/exploits/8263
http://milw0rm.com/exploits/8262

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

----------------------------------------------------------------------