Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2007.0112 -- [OSX]
Apple Security Update 2007-002
16 February 2007
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Finder
iChat
UserNotification
Publisher: Apple
Operating System: Mac OS X
Impact: Execute Arbitrary Code/Commands
Increased Privileges
Denial of Service
Access: Remote/Unauthenticated
CVE Names: CVE-2007-0710 CVE-2007-0614 CVE-2007-0197
CVE-2007-0023 CVE-2007-0021
Original Bulletin: http://docs.info.apple.com/article.html?artnum=305102
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2007-02-15 Security Update 2007-002
Security Update 2007-002 is now available and addresses the following
issues:
Finder
CVE-ID: CVE-2007-0197
Available for: Mac OS X v10.4.8, Mac OS X Server v10.4.8
Impact: Mounting a maliciously-crafted disk image may lead to an
application crash or arbitrary code execution
Description: A buffer overflow exists in Finder's handling of
volume names. By enticing a user to mount a malicious disk
image, an attacker could trigger this issue, which may lead to
an application crash or arbitrary code execution. A proof of
concept for this issue has been published on the Month of Apple
Bugs web site (MOAB-09-01-2007). This update addresses the issue
by performing additional validation of disk images. This issue
does not affect systems prior to Mac OS X v10.4. Credit to Kevin
Finisterre of DigitalMunition for reporting this issue.
iChat
CVE-ID: CVE-2007-0614, CVE-2007-0710
Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS
X v10.4.8, Mac OS X Server v10.4.8
Impact: Attackers on the local network may be able to cause
iChat to crash
Description: A null pointer dereference in iChat's Bonjour
message handling could allow a local network attacker to cause
an application crash. A proof of concept for this issue in Mac
OS X v10.4 has been published on the Month of Apple Bugs web
site (MOAB-29-01-2007). This update addresses the issues by
performing additional validation of Bonjour messages.
iChat
CVE-ID: CVE-2007-0021
Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS
X v10.4.8, Mac OS X Server v10.4.8
Impact: Visiting malicious websites may lead to an application
crash or arbitrary code execution
Description: A format string vulnerability exists in the iChat
AIM URL handler. By enticing a user to access a maliciously-crafted
AIM URL, an attacker can trigger the overflow, which may lead to an
application crash or arbitrary code execution. A proof of concept for
this issue has been published on the Month of Apple Bugs web site
(MOAB-20-01-2007). This update addresses the issue by performing
additional validation of AIM URLs.
UserNotification
CVE-ID: CVE-2007-0023
Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS
X v10.4.8, Mac OS X Server v10.4.8
Impact: Malicious local users may be able to obtain system
privileges
Description: The UserNotificationCenter process runs with
elevated privileges in the context of a local user. This may
allow a malicious local user to overwrite or modify system
files. A program that triggers this issue has been published on
the Month of Apple Bugs web site (MOAB-22-01-2007). This update
addresses the issue by having UserNotificationCenter drop its
group privileges immediately after launching.
Security Update 2007-002 may be obtained from the Software Update
pane in System Preferences, or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/
For Mac OS X v10.4.8 (PowerPC)
The download file is named: "SecUpd2007-002Ti.dmg"
Its SHA-1 digest is: 79da4e0f61288277f9896e761903abf748d2dc21
For Mac OS X v10.4.8 (Intel)
The download file is named: "SecUpd2007-002Univ.dmg"
Its SHA-1 digest is: 9a4b97853ac05ff407a8b8fe0906d916e219648b
For Mac OS X v10.3.9
The download file is named: "SecUpd2007-002Pan.dmg"
Its SHA-1 digest is: 81199248bf7218d8788663153131ab51d31320a1
Information will also be posted to the Apple Product Security
web site:
http://docs.info.apple.com/article.html?artnum=61798
This message is signed with Apple's Product Security PGP key,
and details are available at:
http://www.apple.com/support/security/pgp/
- -----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.3 (Build 2932)
iQEVAwUBRdSUVYmzP5/bU5rtAQhWywgAn97GfRUyIFuBPsx37RNG1XCo5swnVY3u
agGCzAyXtEj5D/AiyVzPLrT5Lmb2I78grI6wJDocB5k8g1HCQQsvJoMneN1iAtMH
ekwyicx5ZP0Fwh/JYBIQjcWgpVm5S5cA+A4ZOjsODU0xT+jl9SxjVZe62y95eTF0
fK/LNvKQkxpUYHbAJ5mU9JC8dUQ/m9dGlHt3nRM82or0zJNxSa3YvhSLaEXs2HBF
Zynt4xfrFXFuw9YJR2R+K7CsDypTbCbN+oL0cp4RfFdJVfZ3RVIZrCDKGjXElP3y
3tmAaP6NXJ7A1YK5jB+k30l2N+dh5yDW27AdH/17IBScUvYiauBpmQ==
=duIn
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQCVAwUBRdUkwSh9+71yA2DNAQKE+QP+NjUv7siGKwMXKx0AX166yJCttW9uC+Z8
JauAVD3k5oy20GrWaerumvrnw+mO2sIr7mSpPE9VyoV7jAdCo9cjWNCHalQZFSsK
6hbrrx2bjXdS7IJzaFE9ocmlJ7pXBSB65OPRaQ3diL3cfm76ML92gegfyREuIp4F
5Oa8Qt0YAUQ=
=cT73
-----END PGP SIGNATURE-----