Published:
17 May 2005
Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2005.0386 -- US-CERT Technical Cyber Security Alert TA05-136A
Apple Mac OS X is affected by multiple vulnerabilities
17 May 2005
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Mac OS X 10.3.9 (Panther)
Mac OS X Server 10.3.9
Publisher: US-CERT
Impact: Root Compromise
Execute Arbitrary Code/Commands
Denial of Service
Read-only Data Access
Access: Remote/Unauthenticated
CVE Names: CAN-2005-1342 CAN-2004-1343 CAN-2004-1336
CAN-2004-1335 CAN-2004-1332 CAN-2004-1308
CAN-2004-1307 CAN-2004-0688 CAN-2004-0687
CAN-2004-0594
Original Bulletin: http://docs.info.apple.com/article.html?artnum=301528
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Technical Cyber Security Alert TA05-136A
Apple Mac OS X is affected by multiple vulnerabilities
Original release date: May 16, 2005
Last revised: --
Source: US-CERT
Systems Affected
Mac OS X version 10.3.9 (Panther) and Mac OS X Server version 10.3.9
Overview
Apple has released Security Update 2005-005 to address multiple
vulnerabilities affecting Mac OS X and Mac OS X Server. The most
serious of these vulnerabilities may allow a remote attacker to
execute arbitrary code. Impacts of other vulnerabilities addressed by
the update include disclosure of information and denial of service.
I. Description
Apple Security Update 2005-005 resolves a number of vulnerabilities
affecting Mac OS X and OS X Server. Further details are available in
the following Vulnerability Notes:
VU#356070 - Apple Terminal fails to properly sanitize input for
x-man-page URI
Apple Terminal on Mac OS X fails to sanitize x-man-page URIs, allowing
a remote attacker to execute arbitrary commands.
(CAN-2005-1342)
VU#882750 - libXpm image library vulnerable to buffer overflow
libXpm image parsing code contains a buffer-overflow vulnerability
that may allow a remote attacker execute arbitrary code or cause a
denial-of-service condition.
(CAN-2004-0687)
VU#125598 - LibTIFF vulnerable to integer overflow via corrupted
directory entry count
An integer overflow in LibTIFF may allow a remote attacker to execute
arbitrary code.
(CAN-2004-1308)
VU#539110 - LibTIFF vulnerable to integer overflow in the
TIFFFetchStrip() routine
An integer overflow in LibTIFF may allow a remote attacker to execute
arbitrary code.
(CAN-2004-1307)
VU#537878 - libXpm library contains multiple integer overflow
vulnerabilities
libXpm contains multiple integer-overflow vulnerabilities that may
allow a remote attacker execute arbitrary code or cause a
denial-of-service condition.
(CAN-2004-0688)
VU#331694 - Apple Mac OS X chpass/chfn/chsh utilities do not properly
validate external programs
Mac OS X Directory Service utilities do not properly validate code
paths to external programs, potentially allowing a local attacker to
execute arbitrary code.
(CAN-2004-1335)
VU#582934 - Apple Mac OS X Foundation framework vulnerable to buffer
overflow via incorrect handling of an environmental variable
A buffer overflow in Mac OS X's Foundation Framework's processing of
environment variables may lead to elevated privileges.
(CAN-2004-1336)
VU#706838 - Apple Mac OS X vulnerable to buffer overflow via vpnd
daemon
Apple Mac OS X contains a buffer overflow in vpnd that could allow a
local, authenticated attacker to execute arbitrary code with root
privileges.
(CAN-2004-1343)
VU#258390 - Apple Mac OS X with Bluetooth enabled may allow file
exchange without prompting users
Apple Mac OS X with Bluetooth support may unintentionally allow files
to be exchanged with other systems by default.
(CAN-2004-1332)
VU#354486 - Apple Mac OS X Server Netinfo Setup Tool fails to validate
command line parameters
Apple Mac OS X Server NeST tool contains a vulnerability in the
processing of command line arguments that could allow a local attacker
to execute arbitrary code.
(CAN-2004-0594)
Please note that Apple Security Update 2005-005 addresses additional
vulnerabilities not described above. As further information becomes
available, we will publish individual Vulnerability Notes.
II. Impact
The impacts of these vulnerabilities vary, for information about
specific impacts please see the Vulnerability Notes. Potential
consequences include remote execution of arbitrary code or commands,
disclosure of sensitive information, and denial of service.
III. Solution
Install an Update
Install the update as described in Apple Security Update 2005-005.
Appendix A. References
* US-CERT Vulnerability Note VU#582934 -
<http://www.kb.cert.org/vuls/id/582934>
* US-CERT Vulnerability Note VU#258390 -
<http://www.kb.cert.org/vuls/id/258390>
* US-CERT Vulnerability Note VU#331694 -
<http://www.kb.cert.org/vuls/id/331694>
* US-CERT Vulnerability Note VU#706838 -
<http://www.kb.cert.org/vuls/id/706838>
* US-CERT Vulnerability Note VU#539110 -
<http://www.kb.cert.org/vuls/id/539110>
* US-CERT Vulnerability Note VU#354486 -
<http://www.kb.cert.org/vuls/id/354486>
* US-CERT Vulnerability Note VU#882750 -
<http://www.kb.cert.org/vuls/id/882750>
* US-CERT Vulnerability Note VU#537878 -
<http://www.kb.cert.org/vuls/id/537878>
* US-CERT Vulnerability Note VU#125598 -
<http://www.kb.cert.org/vuls/id/125598>
* US-CERT Vulnerability Note VU#356070 -
<http://www.kb.cert.org/vuls/id/356070>
* Apple Security Update 2005-005 -
<http://docs.info.apple.com/article.html?artnum=301528>
_________________________________________________________________
These vulnerabilities were discovered by several people and reported
in Apple Security Update 2005-005. Please see the Vulnerability Notes
for individual reporter acknowledgements.
_________________________________________________________________
Feedback can be directed to the authors: Jeffrey Gennari and Jason
Rafail.
_________________________________________________________________
Copyright 2005 Carnegie Mellon University. Terms of use
Revision History
May 16, 2005: Initial release
Last updated May 16, 2005
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBQojwRBhoSezw4YfQAQKb1gf/a7XQAZQR+t5+FpzRoUrJyVIg3Mf1IISP
yS5GLgfwC+4GuDEd/BA51+591OhNAWa1hO2JAUQwJ799VL7vAY6vbDW84c+S0eQ+
J+FHgddUsuvRtmsXCg2Fin1JRG4hCqBQ9q2S0h4+fM7yWSdLOY7xeAAwPOwG+bsU
AVjDMNiPACHxw7CNQ8qpPXFfo3qrV+oj55F62TbR0fujtil6yQR3lE9wSeiuLs/i
KgQFZlHMEoAwQnghwLk7eQLkzGD9eAZ+pZ7Ny0AvF7avhGflh2nFNe2acFoJ2Iw7
/gMXj/uN/ZpDssS37y38LIvyA3kIQrSlEW7iKf1wi2eQ3ntjyv/9NA==
=uqBU
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQCVAwUBQok7Xyh9+71yA2DNAQJaLwP+KYhlgUJ8GiVKU5jwNcQrQD7W1DzMQEC3
/PsibQ+q1s/HMNbbVE80qlRfpPJSiYW4BwkkEvRyR2zYoG49zbltOyQRrm+ERIJS
gwUQ0PhIAnAEXDzhlPRkI2cLwakZ85rqesfWesRv04kk+tPoG/qq4ajeveyCd6eL
smZtUD8VIFU=
=namb
-----END PGP SIGNATURE-----