Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2008.0761 -- [OSX]
Security Update 2008-005
1 August 2008
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Open Scripting Architecture
BIND
CarbonCore
CoreGraphics
Data Detectors Engine
Disk Utility
OpenLDAP
OpenSSL
PHP
QuickLook
rsync
Publisher: Apple
Operating System: Mac OS X
Mac OS X Server
Impact: Execute Arbitrary Code/Commands
Increased Privileges
Provide Misleading Information
Read-only Data Access
Overwrite Arbitrary Files
Denial of Service
Access: Remote/Unauthenticated
Existing Account
CVE Names: CVE-2008-2952 CVE-2008-2830 CVE-2008-2325
CVE-2008-2324 CVE-2008-2323 CVE-2008-2322
CVE-2008-2321 CVE-2008-2320 CVE-2008-2051
CVE-2008-2050 CVE-2008-1447 CVE-2008-0674
CVE-2008-0599 CVE-2007-6200 CVE-2007-6199
CVE-2007-5135 CVE-2007-4850
Original Bulletin: http://support.apple.com/kb/HT1222
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2008-07-31 Security Update 2008-005
Security Update 2008-005 is now available and addresses the following
issues:
Open Scripting Architecture
CVE-ID: CVE-2008-2830
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.4, Mac OS X Server v10.5.4
Impact: A local user may execute commands with elevated privileges
Description: A design issue exists in the Open Scripting
Architecture libraries when determining whether to load scripting
addition plugins into applications running with elevated privileges.
Sending scripting addition commands to a privileged application may
allow the execution of arbitrary code with those privileges. This
update addresses the issue by not loading scripting addition plugins
into applications running with system privileges. The recently
reported ARDAgent and SecurityAgent issues are addressed by this
update. Credit to Charles Srstka for reporting this issue.
BIND
CVE-ID: CVE-2008-1447
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.4, Mac OS X Server v10.5.4
Impact: BIND is susceptible to DNS cache poisoning and may return
forged information
Description: The Berkeley Internet Name Domain (BIND) server is
distributed with Mac OS X, and is not enabled by default. When
enabled, the BIND server provides translation between host names and
IP addresses. A weakness in the DNS protocol may allow remote
attackers to perform DNS cache poisoning attacks. As a result,
systems that rely on the BIND server for DNS may receive forged
information. This update addresses the issue by implementing source
port randomization to improve resilience against cache poisoning
attacks. For Mac OS X v10.4.11 systems, BIND is updated to version
9.3.5-P1. For Mac OS X v10.5.4 systems, BIND is updated to version
9.4.2-P1. Credit to Dan Kaminsky of IOActive for reporting this
issue.
CarbonCore
CVE-ID: CVE-2008-2320
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.4, Mac OS X Server v10.5.4
Impact: Processing long filenames may lead to an unexpected
application termination or arbitrary code execution
Description: A stack buffer overflow exists in the handling of long
filenames. Processing long filenames may lead to an unexpected
application termination or arbitrary code execution. This update
addresses the issue through improved bounds checking. Credit to
Thomas Raffetseder of the International Secure Systems Lab and Sergio
'shadown' Alvarez of n.runs AG for reporting this issue.
CoreGraphics
CVE-ID: CVE-2008-2321
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.4, Mac OS X Server v10.5.4
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: CoreGraphics contains memory corruption issues in the
processing of arguments. Passing untrusted input to CoreGraphics via
an application, such as a web browser, may lead to an unexpected
application termination or arbitrary code execution. This update
addresses the issue through improved bounds checking. Credit to
Michal Zalewski of Google for reporting this issue.
CoreGraphics
CVE-ID: CVE-2008-2322
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.4, Mac OS X Server v10.5.4
Impact: Viewing a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: An integer overflow in the handling of PDF files may
result in a heap buffer overflow. Viewing a maliciously crafted PDF
file may lead to an unexpected application termination or arbitrary
code execution. This update addresses the issue through additional
validation of PDF files. Credit to Pariente Kobi working with the
iDefense VCP for reporting this issue.
Data Detectors Engine
CVE-ID: CVE-2008-2323
Available for: Mac OS X v10.5.4, Mac OS X Server v10.5.4
Impact: Viewing maliciously crafted messages with Data Detectors may
lead to an unexpected application termination
Description: Data Detectors are used to extract reference
information from textual content or archives. A resource consumption
issue exists in Data Detectors' handling of textual content. Viewing
maliciously crafted content in an application that uses Data
Detectors may lead to a denial of service, but not arbitrary code
execution. This issue does not affect systems prior to Mac OS X
v10.5.
Disk Utility
CVE-ID: CVE-2008-2324
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11
Impact: A local user may obtain system privileges
Description: The "Repair Permissions" tool in Disk Utility makes
/usr/bin/emacs setuid. After the Repair Permissions tool has been
run, a local user may use emacs to run commands with system
privileges. This update addresses the issue by correcting the
permissions applied to emacs in the Repair Permissions tool. This
issue does not affect systems running Mac OS X v10.5 and later.
Credit to Anton Rang and Brian Timares for reporting this issue.
OpenLDAP
CVE-ID: CVE-2008-2952
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.4, Mac OS X Server v10.5.4
Impact: A remote attacker may be able to cause an unexpected
application termination
Description: An issue exists in OpenLDAP's ASN.1 BER decoding.
Processing a maliciously crafted LDAP message may trigger an
assertion and lead to an unexpected application termination of the
OpenLDAP daemon, slapd. This update addresses the issue by performing
additional validation of LDAP messages.
OpenSSL
CVE-ID: CVE-2007-5135
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.4, Mac OS X Server v10.5.4
Impact: A remote attacker may be able to cause an unexpected
application termination or arbitrary code execution
Description: A range checking issue exists in the
SSL_get_shared_ciphers() utility function within OpenSSL. In an
application using this function, processing maliciously crafted
packets may lead to an unexpected application termination or
arbitrary code execution. This update addresses the issue through
improved bounds checking.
PHP
CVE-ID: CVE-2008-2051, CVE-2008-2050, CVE-2007-4850, CVE-2008-0599,
CVE-2008-0674
Available for: Mac OS X v10.5.4, Mac OS X Server v10.5.4
Impact: Multiple vulnerabilities in PHP 5.2.5
Description: PHP is updated to version 5.2.6 to address multiple
vulnerabilities, the most serious of which may lead to arbitrary code
execution. Further information is available via the PHP website at
http://www.php.net/ PHP version 5.2.x is only provided with Mac OS X
v10.5 systems.
QuickLook
CVE-ID: CVE-2008-2325
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.4, Mac OS X Server v10.5.4
Impact: Downloading a maliciously crafted Microsoft Office file may
lead to an unexpected application termination or arbitrary code
execution
Description: Multiple memory corruption issues exist in QuickLook's
handling of Microsoft Office files. Downloading a maliciously crafted
Microsoft Office file may lead to an unexpected application
termination or arbitrary code execution. This update addresses the
issue through improved bounds checking. This issue does not affect
systems prior to Mac OS X v10.5.
rsync
CVE-ID: CVE-2007-6199, CVE-2007-6200
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.4, Mac OS X Server v10.5.4
Impact: Files outside the module root may be accessed or overwritten
remotely
Description: Path validation issues exist in rsync's handling of
symbolic links when running in daemon mode. Placing symbolic links in
an rsync module may allow files outside of the module root to be
accessed or overwritten. This update addresses the issue through
improved handling of symbolic links. Further information on the
patches applied is available via the rsync web site at
http://rsync.samba.org/
Security Update 2008-005 may be obtained from the Software Update
pane in System Preferences, or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/
For Mac OS X v10.5.4 and Mac OS X Server 10.5.4
The download file is named: "SecUpd2008-005.dmg"
Its SHA-1 digest is: 9c4fd4ee59965819427445f6de172c42b223e6e1
For Mac OS X v10.4.11 (Intel)
The download file is named: "SecUpd2008-005Intel.dmg"
Its SHA-1 digest is: 1ff3242935c98325769b33148a2a8b1e72db567c
For Mac OS X v10.4.11 (PPC)
The download file is named: "SecUpd2008-005PPC.dmg"
Its SHA-1 digest is: 2f56ea4311d5b85de3c494f6fee46360e5b7317e
For Mac OS X Server v10.4.11 (Universal)
The download file is named: "SecUpdSrvr2008-005Univ.dmg"
Its SHA-1 digest is: 256401659308a634cee06b00d1a6ae9dc20b5467
For Mac OS X Server v10.4.11 (PPC)
The download file is named: "SecUpdSrvr2008-005PPC.dmg"
Its SHA-1 digest is: d310d471bd39df92cb5580e18f356a222824d7d2
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
http://www.apple.com/support/security/pgp/
- -----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.3 (Build 2932)
iQEVAwUBSJJ9c3kodeiKZIkBAQiWmggAmx3HBLe2vwoDmCr+ycU+orkLNDvRW0zJ
Kq8rJZNRC4HwoDvAdduzNcwL9vudnJqcY0ZEGaXp6USRPjvioFUZJNUoDG/1goj5
E6q9velCEgu67WBT66ampy9oyqaHFP5YdWKKDg4AvGeFiJqgplFsBEaCqr7xigoh
T+xbPAzWt5aXp8rlAnZPhEFbK7ZAQEGEtoc5UnSdTlm4mwDdMRszG8JhgpoiII72
8LIjZpf7cMf0neUua2pvGDNITHoZfNWg2a11CyIDilIPUj7Vl4Rhfw6b+bcSK6Po
FMS1ZF0D9I58j6KLQ2LuSr0lB0Xd1tfsZGlCNdWQzK5RH/UrmbEMXg==
=k/dw
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQCVAwUBSJKIcih9+71yA2DNAQIk8QQAk4xVN2ijp3tJ1obJiYyV1/NKymfxT945
Ab/d5YZBarfxJXPVabOVbvu7aANsg8ceA8TQa6UvT4eyn/a+b2j5s9rTuvvso3RP
Jhdw3mnUQBDtkl14aZirAwa3WcwihagqDSZYXadXzGcN5K0JEO9GNSAAHrYQvcmZ
j9NxG8A6exg=
=vY0g
-----END PGP SIGNATURE-----