Published:
17 May 2005
Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2005.0386 -- US-CERT Technical Cyber Security Alert TA05-136A Apple Mac OS X is affected by multiple vulnerabilities 17 May 2005 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Mac OS X 10.3.9 (Panther) Mac OS X Server 10.3.9 Publisher: US-CERT Impact: Root Compromise Execute Arbitrary Code/Commands Denial of Service Read-only Data Access Access: Remote/Unauthenticated CVE Names: CAN-2005-1342 CAN-2004-1343 CAN-2004-1336 CAN-2004-1335 CAN-2004-1332 CAN-2004-1308 CAN-2004-1307 CAN-2004-0688 CAN-2004-0687 CAN-2004-0594 Original Bulletin: http://docs.info.apple.com/article.html?artnum=301528 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Technical Cyber Security Alert TA05-136A Apple Mac OS X is affected by multiple vulnerabilities Original release date: May 16, 2005 Last revised: -- Source: US-CERT Systems Affected Mac OS X version 10.3.9 (Panther) and Mac OS X Server version 10.3.9 Overview Apple has released Security Update 2005-005 to address multiple vulnerabilities affecting Mac OS X and Mac OS X Server. The most serious of these vulnerabilities may allow a remote attacker to execute arbitrary code. Impacts of other vulnerabilities addressed by the update include disclosure of information and denial of service. I. Description Apple Security Update 2005-005 resolves a number of vulnerabilities affecting Mac OS X and OS X Server. Further details are available in the following Vulnerability Notes: VU#356070 - Apple Terminal fails to properly sanitize input for x-man-page URI Apple Terminal on Mac OS X fails to sanitize x-man-page URIs, allowing a remote attacker to execute arbitrary commands. (CAN-2005-1342) VU#882750 - libXpm image library vulnerable to buffer overflow libXpm image parsing code contains a buffer-overflow vulnerability that may allow a remote attacker execute arbitrary code or cause a denial-of-service condition. (CAN-2004-0687) VU#125598 - LibTIFF vulnerable to integer overflow via corrupted directory entry count An integer overflow in LibTIFF may allow a remote attacker to execute arbitrary code. (CAN-2004-1308) VU#539110 - LibTIFF vulnerable to integer overflow in the TIFFFetchStrip() routine An integer overflow in LibTIFF may allow a remote attacker to execute arbitrary code. (CAN-2004-1307) VU#537878 - libXpm library contains multiple integer overflow vulnerabilities libXpm contains multiple integer-overflow vulnerabilities that may allow a remote attacker execute arbitrary code or cause a denial-of-service condition. (CAN-2004-0688) VU#331694 - Apple Mac OS X chpass/chfn/chsh utilities do not properly validate external programs Mac OS X Directory Service utilities do not properly validate code paths to external programs, potentially allowing a local attacker to execute arbitrary code. (CAN-2004-1335) VU#582934 - Apple Mac OS X Foundation framework vulnerable to buffer overflow via incorrect handling of an environmental variable A buffer overflow in Mac OS X's Foundation Framework's processing of environment variables may lead to elevated privileges. (CAN-2004-1336) VU#706838 - Apple Mac OS X vulnerable to buffer overflow via vpnd daemon Apple Mac OS X contains a buffer overflow in vpnd that could allow a local, authenticated attacker to execute arbitrary code with root privileges. (CAN-2004-1343) VU#258390 - Apple Mac OS X with Bluetooth enabled may allow file exchange without prompting users Apple Mac OS X with Bluetooth support may unintentionally allow files to be exchanged with other systems by default. (CAN-2004-1332) VU#354486 - Apple Mac OS X Server Netinfo Setup Tool fails to validate command line parameters Apple Mac OS X Server NeST tool contains a vulnerability in the processing of command line arguments that could allow a local attacker to execute arbitrary code. (CAN-2004-0594) Please note that Apple Security Update 2005-005 addresses additional vulnerabilities not described above. As further information becomes available, we will publish individual Vulnerability Notes. II. Impact The impacts of these vulnerabilities vary, for information about specific impacts please see the Vulnerability Notes. Potential consequences include remote execution of arbitrary code or commands, disclosure of sensitive information, and denial of service. III. Solution Install an Update Install the update as described in Apple Security Update 2005-005. Appendix A. References * US-CERT Vulnerability Note VU#582934 - <http://www.kb.cert.org/vuls/id/582934> * US-CERT Vulnerability Note VU#258390 - <http://www.kb.cert.org/vuls/id/258390> * US-CERT Vulnerability Note VU#331694 - <http://www.kb.cert.org/vuls/id/331694> * US-CERT Vulnerability Note VU#706838 - <http://www.kb.cert.org/vuls/id/706838> * US-CERT Vulnerability Note VU#539110 - <http://www.kb.cert.org/vuls/id/539110> * US-CERT Vulnerability Note VU#354486 - <http://www.kb.cert.org/vuls/id/354486> * US-CERT Vulnerability Note VU#882750 - <http://www.kb.cert.org/vuls/id/882750> * US-CERT Vulnerability Note VU#537878 - <http://www.kb.cert.org/vuls/id/537878> * US-CERT Vulnerability Note VU#125598 - <http://www.kb.cert.org/vuls/id/125598> * US-CERT Vulnerability Note VU#356070 - <http://www.kb.cert.org/vuls/id/356070> * Apple Security Update 2005-005 - <http://docs.info.apple.com/article.html?artnum=301528> _________________________________________________________________ These vulnerabilities were discovered by several people and reported in Apple Security Update 2005-005. Please see the Vulnerability Notes for individual reporter acknowledgements. _________________________________________________________________ Feedback can be directed to the authors: Jeffrey Gennari and Jason Rafail. _________________________________________________________________ Copyright 2005 Carnegie Mellon University. Terms of use Revision History May 16, 2005: Initial release Last updated May 16, 2005 - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBQojwRBhoSezw4YfQAQKb1gf/a7XQAZQR+t5+FpzRoUrJyVIg3Mf1IISP yS5GLgfwC+4GuDEd/BA51+591OhNAWa1hO2JAUQwJ799VL7vAY6vbDW84c+S0eQ+ J+FHgddUsuvRtmsXCg2Fin1JRG4hCqBQ9q2S0h4+fM7yWSdLOY7xeAAwPOwG+bsU AVjDMNiPACHxw7CNQ8qpPXFfo3qrV+oj55F62TbR0fujtil6yQR3lE9wSeiuLs/i KgQFZlHMEoAwQnghwLk7eQLkzGD9eAZ+pZ7Ny0AvF7avhGflh2nFNe2acFoJ2Iw7 /gMXj/uN/ZpDssS37y38LIvyA3kIQrSlEW7iKf1wi2eQ3ntjyv/9NA== =uqBU - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 If you believe that your computer system has been compromised or attacked in any way, we encourage you to let us know by completing the secure National IT Incident Reporting Form at: http://www.auscert.org.au/render.html?it=3192 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQCVAwUBQok7Xyh9+71yA2DNAQJaLwP+KYhlgUJ8GiVKU5jwNcQrQD7W1DzMQEC3 /PsibQ+q1s/HMNbbVE80qlRfpPJSiYW4BwkkEvRyR2zYoG49zbltOyQRrm+ERIJS gwUQ0PhIAnAEXDzhlPRkI2cLwakZ85rqesfWesRv04kk+tPoG/qq4ajeveyCd6eL smZtUD8VIFU= =namb -----END PGP SIGNATURE-----