Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2005.0311 -- APPLE-SA-2005-04-15 Mac OS X v10.3.9 18 April 2005 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Mac OS X kernel Safari Publisher: Apple Operating System: Mac OS X Impact: Execute Arbitrary Code/Commands Increased Privileges Denial of Service Reduced Security Access: Remote/Unauthenticated CVE Names: CAN-2005-0976 CAN-2005-0975 CAN-2005-0974 CAN-2005-0973 CAN-2005-0972 CAN-2005-0971 CAN-2005-0970 CAN-2005-0969 Original Bulletin: http://docs.info.apple.com/article.html?artnum=61798 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2005-04-15 Mac OS X v10.3.9 Mac OS X v10.3.9 and Mac OS X Server v10.3.9 are now available and deliver the following security enhancements: Kernel CVE ID: CAN-2005-0969 Impact: A kernel input validation issue can lead to a local denial of service Description: The Kernel contains syscall emulation functionality that was never used in Mac OS X. Insufficient validation of an input parameter list could result in a heap overflow and a local denial of service through a kernel panic. The issue is addressed by removing the syscall emulation functionality. Credit to Dino Dai Zovi for reporting this issue. Kernel CVE ID: CAN-2005-0970 Impact: Permitting SUID/SGID scripts to be installed could lead to privilege escalation. Description: Mac OS X inherited the ability to run SUID/SGID scripts from FreeBSD. Apple does not distribute any SUID/SGID scripts, but the system would allow them to be installed or created. This update removes the ability of Mac OS X to run SUID/SGID scripts. Credit to Bruce Murphy of rattus.net and Justin Walker for reporting this issue. Kernel CVE ID: CAN-2005-0971 CERT: VU#212190 Impact: A Kernel stack overflow in the semop() system call could lead to a local privilege escalation. Description: The incorrect handling of system call arguments could be used to obtain elevated privileges. This update includes a fix to check access to the kernel object. Kernel CVE ID: CAN-2005-0972 CERT: VU#185702 Impact: An integer overflow in the searchfs() system call could allow an unprivileged local user to execute arbitrary code with elevated privileges Description: The searchfs() system call contains an integer overflow vulnerability that could allow an unprivileged local user to execute arbitrary code with elevated privileges. This update adds input validation on the parameters passed to searchfs() to correct the issue. Kernel CVE ID: CAN-2005-0973 Impact: Local system users can cause a system resource starvation Description: A vulnerability in the handling of values passed to the setsockopt() call could allow unprivileged local users to exhaust available memory. Credit to Robert Stump <rds3792@cs.rit.com> for reporting this issue. Kernel CVE ID: CAN-2005-0974 CERT: VU#713614 Impact: Local system users can cause a local denial of service Description: A vulnerability in the nfs_mount() call due to insufficient checks on input values could allow unprivileged local users to create a denial of service via a kernel panic. Kernel CVE ID: CAN-2005-0975 Impact: Local system users can cause a temporary interruption of system operation Description: A vulnerability in the parsing of certain executable files could allow unprivileged local users to temporarily suspend system operations. Credit to Neil Archibald for reporting this issue. Safari CVE ID: CAN-2005-0976 Impact: Remote sites could cause html and javascript to run in the local domain. Description: This update closes a vulnerability that allowed remote websites to load javascript to execute in the local domain. Credit to David Remahl for reporting this issue. Note: It is Apple's standard practice to provide security fixes via a Security Update. On occasion, when a security fix is required to a core system component such as the Kernel, it will be released in a Software Update. Mac OS X v10.3.9 and Mac OS X Server v10.3.9 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ For Mac OS X v10.3.9 If updating from Mac OS X v10.3.8: The download file is named: "MacOSXUpdate10.3.9.dmg" Its SHA-1 digest is: 94ca918ce07f7318488cb5d3a0c754bb3a8c7b07 For Mac OS X v10.3.9 If updating from Mac OS X v10.3 to v10.3.7: The download file is named: "MacOSXUpdateCombo10.3.9.dmg" Its SHA-1 digest is: f74f7e76e7a04ec623046934980edbba8c4798c4 For Mac OS X Server v10.3.9 If updating from Mac OS X Server v10.3.8: The download file is named: "MacOSXServerUpdate10.3.9.dmg" Its SHA-1 digest is: 2a7ac87fa36f5883f1ccb8ef5ab83b2e840896bc For Mac OS X Server v10.3.9 If updating from Mac OS X Server v10.3 to v10.3.7: The download file is named: "MacOSXSrvrUpdCombo10.3.9.dmg" Its SHA-1 digest is: 17d125118ca3b278b7558488364d0aacaf826dbd Information will also be posted to the Apple Product Security web site: http://docs.info.apple.com/article.html?artnum=61798 This message is signed with Apple's Product Security PGP key, and details are available at: http://www.apple.com/support/security/pgp/ - -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 iQEVAwUBQmAk3Zyw5owIz4TQAQIx8gf/XNQ+PrURNg0sdQsTEhxoz/9z1xnwXcHY A8mSrx3eGUpfwGGJFoF13R18bzSuhqO60ldbdOGCU8mgHHBbFQBWONsejttb6TIe 79vczBVMf6ZbpSXUQLCLnsXjgiwfQMMQ+bVrQCfwg4KBeyd+Fb48DxQr1YBLlHY0 bznupfN3O6+ERlpFRV/A9TCFkHQ8gu0pbJlLBVb+ZJA1Jyzo54pN/W/uVYmnywkt an+0q067+RpNDEGXjTNoCROeUIWs3vwGiA1f1Bt3xfeXDTTECJwHIxUpPLmYB91u g3NUEPqy6B/7QG4PNvwTPFkRntM4Gh//XpfXM1/n5W4sVJK0ohpYEg== =+WPr - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 If you believe that your computer system has been compromised or attacked in any way, we encourage you to let us know by completing the secure National IT Incident Reporting Form at: http://www.auscert.org.au/render.html?it=3192 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQCVAwUBQmMv+Sh9+71yA2DNAQLkGwQAnPHWt7cHCCv7R86UGzNFD01WAPq6ST3c MunPt8jhpMv/KfEoMRE41bkrO5AJgjcFJELEWoA/T0nvgDj1ve/f2qCT4FmQcpuf 3bd2fGT9w0geqv3/oJJpi6svdAk8UD+rwgEXVz9V5B9aNfmOLtaOyKcGAptuy0O2 e8i2ekiv2HQ= =Q5hl -----END PGP SIGNATURE-----