NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Secunia Advisories> 2009-q3

[SA36701] Apple Mac OS X Security Update Fixes Multiple Vulnerabilities

From: Secunia Security Advisories (sec-advsecunia.com)
Date: Fri Sep 11 2009 - 17:10:10 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

----------------------------------------------------------------------

Do you have VARM strategy implemented?

(Vulnerability Assessment Remediation Management)

If not, then implement it through the most reliable vulnerability
intelligence source on the market.

Implement it through Secunia.

For more information visit:
http://secunia.com/advisories/business_solutions/

Alternatively request a call from a Secunia representative today to
discuss how we can help you with our capabilities contact us at:
salessecunia.com

----------------------------------------------------------------------

TITLE:
Apple Mac OS X Security Update Fixes Multiple Vulnerabilities

SECUNIA ADVISORY ID:
SA36701

VERIFY ADVISORY:
http://secunia.com/advisories/36701/

DESCRIPTION:
Apple has issued a security update for Mac OS X, which fixes multiple
vulnerabilities.

1) An error in Alias Manager when processing alias files can be
exploited to cause a buffer overflow and potentially execute
arbitrary code.

2) An error in Resource Manager when processing resource forks can be
exploited to corrupt memory and potentially execute arbitrary code.

3) Multiple vulnerabilities in ClamAV can be exploited to bypass
certain security restrictions, cause a DoS, and potentially
compromise a vulnerable system.

For more information:
SA34566
SA34612

4) An integer overflow error exists when processing ColorSync
profiles embedded in images. This can be exploited to cause a
heap-based buffer overflow and potentially execute arbitrary code via
a specially crafted image.

5) An integer overflow error exists in CoreGraphics when processing
JBIG2 streams embedded in PDF files. This can be exploited to cause a
heap-based buffer overflow and potentially execute arbitrary code via
a specially crafted PDF file.

6) An error in CoreGraphics can be exploited to cause a heap-based
buffer overflow potentially execute arbitrary code when drawing long
text strings.

This is related to vulnerability #1 in:
SA36269

7) A NULL-pointer dereference error in CUPS can be exploited to cause
a crash.

For more information see vulnerability #4 in:
SA34481

8) An error in the CUPS USB backend can be exploited to cause a
heap-based buffer overflow and execute arbitrary code with escalated
privileges.

9) Multiple vulnerabilities in Adobe Flash Player can be exploited by
malicious people to bypass security features, gain knowledge of
sensitive information, or compromise a user's system.

For more information:
SA35948

10) Multiple errors exist in ImageIO when processing PixarFilm
encoded TIFF images. These can be exploited to trigger memory
corruptions and potentially execute arbitrary code via specially
crafted TIFF files.

11) An error exists in Launch Services when handling files having a
".fileloc" extension. This can be exploited to potentially execute
arbitrary code by tricking a user into opening a ".fileloc" file.

12) An error exists in Launch Services when handling exported
document types presented when an application is downloaded. This can
be exploited to associate a safe file extension with an unsafe
Uniform Type Identifier (UTI) and execute arbitrary code.

13) An error in MySQL can be exploited by malicious, local users to
bypass certain security restrictions.

For more information:
SA30134

14) Multiple vulnerabilities in PHP have an unknown impact or can
potentially be exploited by malicious people to disclose sensitive
information or cause a DoS (Denial of Service).

For more information:
SA34081

15) An error exists in Samba when handling error conditions. This can
be exploited by a user without a configured home directory to access
the contents of the file system by connecting to the Windows File
Sharing service.

16) Input passed in search requests containing non UTF-8 encoded data
to Wiki Server is not properly sanitised before being returned to the
user. This can be exploited to execute arbitrary HTML and script code
in a user's browser session in context of an affected site.

SOLUTION:
Update to Mac OS X v10.6.1 or apply Security Update 2009-005.

Security Update 2009-005 (Tiger PPC):
http://support.apple.com/downloads/DL931/en_US/SecUpd2009-005PPC.dmg

Security Update 2009-005 (Tiger Intel):
http://support.apple.com/downloads/DL932/en_US/SecUpd2009-005Intel.dmg

Security Update 2009-005 Server (Tiger Univ):
http://support.apple.com/downloads/DL933/en_US/SecUpdSrvr2009-005Univ.dmg

Security Update 2009-005 Server (Tiger PPC):
http://support.apple.com/downloads/DL934/en_US/SecUpdSrvr2009-005PPC.dmg

Mac OS X Server v10.6.1 Update:
http://support.apple.com/downloads/DL929/en_US/MacOSXServerUpd10.6.1.dmg

Security Update 2009-005 Server (Leopard):
http://support.apple.com/downloads/DL936/en_US/SecUpdSrvr2009-005.dmg

Security Update 2009-005 (Leopard):
http://support.apple.com/downloads/DL935/en_US/SecUpd2009-005.dmg

Mac OS X v10.6.1 Update:
http://support.apple.com/downloads/DL930/en_US/MacOSXUpd10.6.1.dmg

PROVIDED AND/OR DISCOVERED BY:
1, 2, 4, 8, 10-12, 16) Reported by the vendor.
5) The vendor credits Will Dormann of CERT/CC.
6) The vendor credits Will Drewry of Google.
15) The vendor credits J. David Hester of LCG Systems National
Institutes of Health.

ORIGINAL ADVISORY:
http://support.apple.com/kb/HT3864
http://support.apple.com/kb/HT3865

OTHER REFERENCES:
SA30134:
http://secunia.com/advisories/30134/

SA34081:
http://secunia.com/advisories/34081/

SA34481:
http://secunia.com/advisories/34481/

SA34566:
http://secunia.com/advisories/34566/

SA34612:
http://secunia.com/advisories/34612/

SA35948:
http://secunia.com/advisories/35948/

SA36269:
http://secunia.com/advisories/36269/

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/

Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories

----------------------------------------------------------------------

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]