Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2009.1281
Apple Security Update 2009-005
11 September 2009
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Alias Manager
CarbonCore
ClamAV
ColorSync
CoreGraphics
CUPS
Flash Player plug-in
ImageIO
Launch Services
MySQL
PHP
SMB
Wiki Server
Publisher: Apple
Operating System: Mac OS X
Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Execute Arbitrary Code/Commands -- Remote with User Interaction
Root Compromise -- Console/Physical
Increased Privileges -- Existing Account
Denial of Service -- Remote/Unauthenticated
Cross-site Scripting -- Remote with User Interaction
Denial of Service -- Remote with User Interaction
Unauthorised Access -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2009-2814 CVE-2009-2813 CVE-2009-2812
CVE-2009-2811 CVE-2009-2809 CVE-2009-2807
CVE-2009-2805 CVE-2009-2804 CVE-2009-2803
CVE-2009-2800 CVE-2009-2468 CVE-2009-1870
CVE-2009-1869 CVE-2009-1868 CVE-2009-1867
CVE-2009-1866 CVE-2009-1865 CVE-2009-1864
CVE-2009-1863 CVE-2009-1862 CVE-2009-1372
CVE-2009-1371 CVE-2009-1272 CVE-2009-1271
CVE-2009-1270 CVE-2009-1241 CVE-2009-0949
CVE-2009-0789 CVE-2009-0591 CVE-2009-0590
CVE-2008-6680 CVE-2008-5498 CVE-2008-2079
Reference: AA-2009.0109
AA-2009.0066
AA-2009.0045
AA-2009.0025
ESB-2009.0529
ESB-2009.0523
ESB-2009.0409
ESB-2009.0360
AA-2008.0106
ASB-2009.1026.4
Original Bulletin:
http://support.apple.com/kb/HT3865
Comment: Apple Security Update 2009-005 is for Mac OS X v10.5.8 and v10.4.11
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2009-09-10-2 Security Update 2009-005
Security Update 2009-005 is now available and addresses the
following:
Alias Manager
CVE-ID: CVE-2009-2800
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.8, Mac OS X Server v10.5.8
Impact: Opening a maliciously crafted alias file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow exists in the handling of alias
files. Opening a maliciously crafted alias file may lead to an
unexpected application termination or arbitrary code execution. This
update addresses the issue through improved bounds checking. This
issue does not affect Mac OS X v10.6 systems. Credit: Apple.
CarbonCore
CVE-ID: CVE-2009-2803
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.8, Mac OS X Server v10.5.8
Impact: Opening a file with a maliciously crafted resource fork may
lead to an unexpected application termination or arbitrary code
execution
Description: A memory corruption issue exists in the Resource
Manager's handling of resource forks. Opening a file with a
maliciously crafted resource fork may lead to an unexpected
application termination or arbitrary code execution. This update
addresses the issue through improved validation of resource forks.
This issue does not affect Mac OS X v10.6 systems. Credit: Apple.
ClamAV
CVE-ID: CVE-2009-1241, CVE-2009-1270, CVE-2008-6680, CVE-2009-1371,
CVE-2009-1372
Available for: Mac OS X Server v10.5.8
Impact: Multiple vulnerabilities in ClamAV 0.94.2
Description: Multiple vulnerabilities exist in ClamAV 0.94.2, the
most serious of which may lead to arbitrary code execution. This
update addresses the issues by updating ClamAV to version 0.95.2.
ClamAV is distributed only with Mac OS X Server systems. Further
information is available via the ClamAV website at
http://www.clamav.net/ These issues do not affect Mac OS X v10.6
systems.
ColorSync
CVE-ID: CVE-2009-2804
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.8, Mac OS X Server v10.5.8
Impact: Viewing a maliciously crafted image with an embedded
ColorSync profile may lead to an unexpected application termination
or arbitrary code execution
Description: An integer overflow exists in the handling of images
with an embedded ColorSync profile, which may lead to a heap buffer
overflow. Opening a maliciously crafted image with an embedded
ColorSync profile may lead to an unexpected application termination
or arbitrary code execution. This update addresses the issue by
performing additional validation of ColorSync profiles. This issue
does not affect Mac OS X v10.6 systems. Credit: Apple.
CoreGraphics
CVE-ID: CVE-2009-2805
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.8, Mac OS X Server v10.5.8
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: An integer overflow in CoreGraphics' handling of PDF
files may result in a heap buffer overflow. Opening a PDF file
containing a maliciously crafted JBIG2 stream may lead to an
unexpected application termination or arbitrary code execution. This
update addresses the issue through improved bounds checking. Credit
to Will Dormann of CERT/CC for reporting this issue. This issue does
not affect Mac OS X v10.6 systems.
CoreGraphics
CVE-ID: CVE-2009-2468
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.8, Mac OS X Server v10.5.8
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: A heap buffer overflow exists in the drawing of long
text strings. Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution. This
update addresses the issue through improved bounds checking. This
issue does not affect Mac OS X v10.6 systems. Credit to Will Drewry
of Google Inc. for reporting this issue.
CUPS
CVE-ID: CVE-2009-0949
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.8, Mac OS X Server v10.5.8
Impact: A remote attacker may be able to deny access to the Printer
Sharing service
Description: A null pointer dereference exists in CUPS. By
repeatedly sending maliciously crafted scheduler requests, a remote
attacker may be able to deny access to the Printer Sharing service.
This update addresses the issue through improved validation of
scheduler requests. This issue does not affect Mac OS X v10.6
systems. Credit to Anibal Sacco of the CORE IMPACT Exploit Writing
Team (EWT) at Core Security Technologies for reporting this issue.
CUPS
CVE-ID: CVE-2009-2807
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8
Impact: An uprivileged local user may be able to obtain system
privileges
Description: A heap buffer overflow exists in the CUPS USB backend.
This may allow a local user to obtain system privileges. This update
addresses the issue through improved bounds checking. This issue does
not affect systems prior to Mac OS X v10.5, or Mac OS X v10.6
systems.
Flash Player plug-in
CVE-ID: CVE-2009-1862, CVE-2009-1863, CVE-2009-1864, CVE-2009-1865,
CVE-2009-1866, CVE-2009-1867, CVE-2009-1868, CVE-2009-1869,
CVE-2009-1870
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.8, Mac OS X Server v10.5.8
Impact: Multiple vulnerabilities in Adobe Flash Player plug-in
Description: Multiple issues exist in the Adobe Flash Player plug-
in, the most serious of which may lead to arbitrary code execution
when viewing a maliciously crafted web site. The issues are addressed
by updating the Flash Player plug-in on Mac OS v10.5.8 to version
10.0.32.18, and to version 9.0.246.0 on Mac OS X v10.4.11 systems.
For Mac OS X v10.6 systems, these issues are addressed in Mac OS X
v10.6.1. Further information is available via the Adobe web site at
http://www.adobe.com/support/security/bulletins/apsb09-10.html
ImageIO
CVE-ID: CVE-2009-2809
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.8, Mac OS X Server v10.5.8
Impact: Viewing a maliciously crafted PixarFilm encoded TIFF image
may lead to an unexpected application termination or arbitrary code
execution
Description: Multiple memory corruption issues exist in ImageIO's
handling of PixarFilm encoded TIFF images. Viewing a maliciously
crafted PixarFilm encoded TIFF image may lead to an unexpected
application termination or arbitrary code execution. This update
addresses the issue through additional validation of PixarFilm
encoded TIFF images. This issue does not affect Mac OS X v10.6
systems. Credit: Apple.
Launch Services
CVE-ID: CVE-2009-2811
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8
Impact: Attempting to open unsafe downloaded content may not lead to
a warning
Description: This update adds '.fileloc' to the system's list of
content types that will be flagged as potentially unsafe under
certain circumstances, such as when they are downloaded from an
e-mail. While these content types are not automatically opened, if
manually opened they could lead to the execution of a malicious
payload. This update improves the system's ability to notify users
before handling '.fileloc' files. This issue does not affect Mac OS X
v10.6 systems. Credit: Apple.
Launch Services
CVE-ID: CVE-2009-2812
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8
Impact: Visiting a malicious website may lead to arbitrary code
execution
Description: When an application is downloaded, Launch Services
analyzes its exported document types. A design issue in the handling
of the exported document types may cause Launch Services to associate
a safe file extension with an unsafe Uniform Type Identifier (UTI).
Visiting a malicious website may cause an unsafe file type to be
opened automatically. This update addresses the issue through
improved handling of exported document types from untrusted
applications. This issue does not affect systems prior to Mac OS X
v10.5, or Mac OS X v10.6 systems. Credit: Apple.
MySQL
CVE-ID: CVE-2008-2079
Available for: Mac OS X Server v10.5.8
Impact: MySQL is updated to version 5.0.82
Description: MySQL is updated to version 5.0.82 to address an
implementation issue that allows a local user to obtain elevated
privileges. This issue only affects Mac OS X Server systems. This
issue does not affect Mac OS X v10.6 systems. Further information is
available via the MySQL web site at
http://dev.mysql.com/doc/refman/5.0/en/news-5-0-82.html
PHP
CVE-ID: CVE-2009-1271, CVE-2009-1272, CVE-2009-0590, CVE-2009-0591,
CVE-2009-0789, CVE-2008-5498
Available for: Mac OS X v10.5, Mac OS X Server v10.5.8
Impact: Multiple vulnerabilities in PHP 5.2.8
Description: PHP is updated to version 5.2.10 to address multiple
vulnerabilities, the most serious of which may lead to arbitrary code
execution. Further information is available via the PHP website at
http://www.php.net/ These issues do not affect Mac OS X v10.6
systems.
SMB
CVE-ID: CVE-2009-2813
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8
Impact: Enabling Windows File Sharing may share folders unexpectedly
Description: An unchecked error condition exists in Samba. A user
who does not have a configured home directory, and connects to the
Windows File Sharing service, will be able to access the contents of
the file system, subject to local file system permissions. This
update addresses the issue by improving the handling of path
resolution errors. This issue does not affect systems prior to Mac OS
X v10.5, or Mac OS X v10.6 systems. Credit to J. David Hester of LCG
Systems National Institutes of Health for reporting this issue.
Wiki Server
CVE-ID: CVE-2009-2814
Available for: Mac OS X Server v10.5.8
Impact: A remote attacker may gain access to Wiki Server user
accounts
Description: A cross site scripting issue exists in the Wiki
Server's handling of search requests containing non-UTF-8 encoded
data. This may allow a remote attacker to access a Wiki server with
the credentials of the Wiki Server user performing the search. This
update addresses the issue by setting UTF-8 as the default character
set in HTTP responses. This issue does not affect systems prior to
Mac OS X v10.5, or Mac OS X v10.6 systems. Credit: Apple.
Security Update 2009-005 may be obtained from the Software Update
pane in System Preferences, or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/
For Mac OS X v10.5.8
The download file is named: SecUpd2009-005.dmg
Its SHA-1 digest is: d43cff3c40a0917757f6b1ec59286146ee62dfde
For Mac OS X Server v10.5.8
The download file is named: SecUpdSrvr2009-005.dmg
Its SHA-1 digest is: 3490619467bda4c925ac7cb7843d3d1395984d71
For Mac OS X v10.4.11 (Intel)
The download file is named: SecUpd2009-005Intel.dmg
Its SHA-1 digest is: 39abe0dec8fbb8f08e0bff5f77b7dcf3b2ae908b
For Mac OS X v10.4.11 (PPC)
The download file is named: SecUpd2009-005PPC.dmg
Its SHA-1 digest is: 77ca15c58ad4d8ddd84e570860e664d3425a2144
For Mac OS X Server v10.4.11 (Universal)
The download file is named: SecUpdSrvr2009-005Univ.dmg
Its SHA-1 digest is: 1e1c64af2df0023d4b49d544ba3a639fa3e070b6
For Mac OS X Server v10.4.11 (PPC)
The download file is named: SecUpdSrvr2009-005PPC.dmg
Its SHA-1 digest is: e467f309e59206e140e0d48c76b3ec2f83e56919
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (Darwin)
iQEcBAEBAgAGBQJKqVrZAAoJEHkodeiKZIkBGNoH/3a6WCcxV2Ro3sQe9/zRt0AZ
AxxFM1Xi9nfm6KvNtCdt2XVgpFtpSWboJOd1qP6uyNgY5kPt2Njcfwe7f/tz6fi+
KOT0DPTh4tuWCCTUQq+8j4bUQ+TS+c+3lGrTjrMbBhtlp3nzS7TEhNAUBFM62bN1
jSb2Tw0AQ2vM/m6z167zoyKosGdIFys4ACFaHKEjBCNMgb30079ZMA0JPzyFaGE0
JFGKBxdjPOI/EVqD8Jl1VpqHfX5PtgCQ6dfbZvgTdbqlCiN/mzteRgaWjvUdMgDy
Q7TBmSdUWH5JSymr8WmiOf66qXAIl3dV/IaeQmIX0kb3zt8xAQseO1MQxo7vEtg=
=DWqn
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iD8DBQFKqY8vNVH5XJJInbgRAv0SAJ4kIpnPVmddHhBqoUmWzjuWHt3qNACdFak7
xK87ojKtrVJPS+9ipg8qydU=
=Epxl
-----END PGP SIGNATURE-----