-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                   ESB-2005.0311 -- APPLE-SA-2005-04-15
                             Mac OS X v10.3.9
                               18 April 2005

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Mac OS X kernel
                   Safari
Publisher:         Apple
Operating System:  Mac OS X
Impact:            Execute Arbitrary Code/Commands
                   Increased Privileges
                   Denial of Service
                   Reduced Security
Access:            Remote/Unauthenticated
CVE Names:         CAN-2005-0976 CAN-2005-0975 CAN-2005-0974
                   CAN-2005-0973 CAN-2005-0972 CAN-2005-0971
                   CAN-2005-0970 CAN-2005-0969

Original Bulletin: http://docs.info.apple.com/article.html?artnum=61798

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2005-04-15 Mac OS X v10.3.9

Mac OS X v10.3.9 and Mac OS X Server v10.3.9 are now available and
deliver the following security enhancements:

Kernel
CVE ID:  CAN-2005-0969
Impact:  A kernel input validation issue can lead to a local denial
of service
Description:  The Kernel contains syscall emulation functionality
that was never used in Mac OS X.  Insufficient validation of an input
parameter list could result in a heap overflow and a local denial of
service through a kernel panic.  The issue is addressed by removing
the syscall emulation functionality.  Credit to Dino Dai Zovi for
reporting this issue.

Kernel
CVE ID:  CAN-2005-0970
Impact:  Permitting SUID/SGID scripts to be installed could lead to
privilege escalation.
Description:  Mac OS X inherited the ability to run SUID/SGID scripts
from FreeBSD.  Apple does not distribute any SUID/SGID scripts, but
the system would allow them to be installed or created.  This update
removes the ability of Mac OS X to run SUID/SGID scripts.  Credit to
Bruce Murphy of rattus.net and Justin Walker for reporting this
issue.

Kernel
CVE ID:  CAN-2005-0971
CERT:  VU#212190
Impact:  A Kernel stack overflow in the semop() system call could
lead to a local privilege escalation.
Description:  The incorrect handling of system call arguments could
be used to obtain elevated privileges.  This update includes a fix to
check access to the kernel object.

Kernel
CVE ID:  CAN-2005-0972
CERT:  VU#185702
Impact:  An integer overflow in the searchfs() system call could
allow an unprivileged local user to execute arbitrary code with
elevated privileges
Description:  The searchfs() system call contains an integer overflow
vulnerability that could allow an unprivileged local user to execute
arbitrary code with elevated privileges.  This update adds input
validation on the parameters passed to searchfs() to correct the
issue.

Kernel
CVE ID:  CAN-2005-0973
Impact:  Local system users can cause a system resource starvation
Description:  A vulnerability in the handling of values passed to the
setsockopt() call could allow unprivileged local users to exhaust
available memory.  Credit to Robert Stump <rds3792@cs.rit.com> for
reporting this issue.

Kernel
CVE ID:  CAN-2005-0974
CERT:  VU#713614
Impact:  Local system users can cause a local denial of service
Description:  A vulnerability in the nfs_mount() call due to
insufficient checks on input values could allow unprivileged local
users to create a denial of service via a kernel panic.

Kernel
CVE ID:  CAN-2005-0975
Impact:  Local system users can cause a temporary interruption of
system operation
Description:  A vulnerability in the parsing of certain executable
files could allow unprivileged local users to temporarily suspend
system operations.  Credit to Neil Archibald for reporting this
issue.

Safari
CVE ID:  CAN-2005-0976
Impact:  Remote sites could cause html and javascript to run in the
local domain.
Description:  This update closes a vulnerability that allowed remote
websites to load javascript to execute in the local domain.  Credit
to David Remahl for reporting this issue.

Note:  It is Apple's standard practice to provide security fixes via
a Security Update.  On occasion, when a security fix is required to a
core system component such as the Kernel, it will be released in a
Software Update.

Mac OS X v10.3.9 and Mac OS X Server v10.3.9 may be obtained from the
Software Update pane in System Preferences, or Apple's Software
Downloads web site: http://www.apple.com/support/downloads/

For Mac OS X v10.3.9
If updating from Mac OS X v10.3.8:
The download file is named:  "MacOSXUpdate10.3.9.dmg"
Its SHA-1 digest is:  94ca918ce07f7318488cb5d3a0c754bb3a8c7b07

For Mac OS X v10.3.9
If updating from Mac OS X v10.3 to v10.3.7:
The download file is named:  "MacOSXUpdateCombo10.3.9.dmg"
Its SHA-1 digest is:  f74f7e76e7a04ec623046934980edbba8c4798c4

For Mac OS X Server v10.3.9
If updating from Mac OS X Server v10.3.8:
The download file is named:  "MacOSXServerUpdate10.3.9.dmg"
Its SHA-1 digest is:  2a7ac87fa36f5883f1ccb8ef5ab83b2e840896bc

For Mac OS X Server v10.3.9
If updating from Mac OS X Server v10.3 to v10.3.7:
The download file is named:  "MacOSXSrvrUpdCombo10.3.9.dmg"
Its SHA-1 digest is:  17d125118ca3b278b7558488364d0aacaf826dbd

Information will also be posted to the Apple Product Security
web site:
http://docs.info.apple.com/article.html?artnum=61798

This message is signed with Apple's Product Security PGP key,
and details are available at:
http://www.apple.com/support/security/pgp/

- -----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQEVAwUBQmAk3Zyw5owIz4TQAQIx8gf/XNQ+PrURNg0sdQsTEhxoz/9z1xnwXcHY
A8mSrx3eGUpfwGGJFoF13R18bzSuhqO60ldbdOGCU8mgHHBbFQBWONsejttb6TIe
79vczBVMf6ZbpSXUQLCLnsXjgiwfQMMQ+bVrQCfwg4KBeyd+Fb48DxQr1YBLlHY0
bznupfN3O6+ERlpFRV/A9TCFkHQ8gu0pbJlLBVb+ZJA1Jyzo54pN/W/uVYmnywkt
an+0q067+RpNDEGXjTNoCROeUIWs3vwGiA1f1Bt3xfeXDTTECJwHIxUpPLmYB91u
g3NUEPqy6B/7QG4PNvwTPFkRntM4Gh//XpfXM1/n5W4sVJK0ohpYEg==
=+WPr
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

If you believe that your computer system has been compromised or attacked in 
any way, we encourage you to let us know by completing the secure National IT 
Incident Reporting Form at:

        http://www.auscert.org.au/render.html?it=3192

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================

-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQCVAwUBQmMv+Sh9+71yA2DNAQLkGwQAnPHWt7cHCCv7R86UGzNFD01WAPq6ST3c
MunPt8jhpMv/KfEoMRE41bkrO5AJgjcFJELEWoA/T0nvgDj1ve/f2qCT4FmQcpuf
3bd2fGT9w0geqv3/oJJpi6svdAk8UD+rwgEXVz9V5B9aNfmOLtaOyKcGAptuy0O2
e8i2ekiv2HQ=
=Q5hl
-----END PGP SIGNATURE-----