Mac OS X 10.6.3 Includes 69 Security Fixes

| Snow Leopard

Apple released Mac OS X 10.6.3 earlier Monday. In addition to the many bug fixes and other improvements, the update also includes no fewer than 69 security fixes, many of which fall in the category of serious issues. The issues range from buffer flow errors that could allow the bad guys to take over your Mac to an issue that could allow an unauthorized user to publish something through the Wiki engine built into Mac OS X.

The extensive list of security fixes:

  • AppKit

    CVE-ID: CVE-2010-0056

    Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8

    Impact: Spell checking a maliciously crafted document may lead to an unexpected application termination or arbitrary code execution

    Description: A buffer overflow exists in the spell checking feature used by Cocoa applications. Spell checking a maliciously crafted document may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. This issue does not affect Mac OS X v10.6 systems. Credit: Apple.

  • Application Firewall

    CVE-ID: CVE-2009-2801

    Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8

    Impact: Certain rules in the Application Firewall may become inactive after restart

    Description: A timing issue in the Application Firewall may cause certain rules to become inactive after reboot. The issue is addressed through improved handling of Firewall rules. This issue does not affect Mac OS X v10.6 systems. Credit to Michael Kisor of OrganicOrb.com for reporting this issue.

  • AFP Server

    CVE-ID: CVE-2010-0057

    Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2

    Impact: When guest access is disabled, a remote user may be able to mount AFP shares as a guest

    Description: An access control issue in AFP Server may allow a remote user to mount AFP shares as a guest, even if guest access is disabled. This issue is addressed through improved access control checks. Credit: Apple.

  • AFP Server

    CVE-ID: CVE-2010-0533

    Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2

    Impact: A remote user with guest access to an AFP share may access the contents of world-readable files outside the Public share

    Description: A directory traversal issue exists in the path validation for AFP shares. A remote user may enumerate the parent directory of the share root, and read or write files within that directory that are accessible to the ‘nobody’ user. This issue is addressed through improved handling of file paths. Credit to Patrik Karlsson of cqure.net for reporting this issue.

  • Apache

    CVE-ID: CVE-2009-3095

    Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2

    Impact: A remote attacker may be able to bypass access control restrictions

    Description: An input validation issue exists in Apache’s handling of proxied FTP requests. A remote attacker with the ability to issue requests through the proxy may be able to bypass access control restrictions specified in the Apache configuration. This issue is addressed by updating Apache to version 2.2.14.

  • ClamAV

    CVE-ID: CVE-2010-0058

    Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8

    Impact: ClamAV virus definitions may not receive updates

    Description: A configuration issue introduced in Security Update 2009-005 prevents freshclam from running. This may prevent virus definitions from being updated. This issue is addressed by updating freshclam’s launchd plist ProgramArguments key values. This issue does not affect Mac OS X v10.6 systems. Credit to Bayard Bell, Wil Shipley of Delicious Monster, and David Ferrero of Zion Software, LLC for reporting this issue.

  • CoreAudio

    CVE-ID: CVE-2010-0059

    Available for: Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2

    Impact: Playing maliciously crafted audio content may lead to an unexpected application termination or arbitrary code execution

    Description: A memory corruption issue exists in the handling of QDM2 encoded audio content. Playing maliciously crafted audio content may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit to an anonymous researcher working with TippingPoint’s Zero Day Initiative for reporting this issue.

  • CoreAudio

    CVE-ID: CVE-2010-0060

    Available for: Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2

    Impact: Playing maliciously crafted audio content may lead to an unexpected application termination or arbitrary code execution

    Description: A memory corruption issue exists in the handling of QDMC encoded audio content. Playing maliciously crafted audio content may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit to an anonymous researcher working with TippingPoint’s Zero Day Initiative for reporting this issue.

  • CoreMedia

    CVE-ID: CVE-2010-0062

    Available for: Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2

    Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution

    Description: A heap buffer overflow exists in CoreMedia’s handling of H.263 encoded movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed by performing additional validation of H.263 encoded movie files. Credit to Damian Put working with TippingPoint’s Zero Day Initiative for reporting this issue.

  • CoreTypes

    CVE-ID: CVE-2010-0063

    Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2

    Impact: Users are not warned before opening certain potentially unsafe content types

    Description: This update adds .ibplugin and .url to the system’s list of content types that will be flagged as potentially unsafe under certain circumstances, such as when they are downloaded from a web page. While these content types are not automatically launched, if manually opened they could lead to the execution of a malicious JavaScript payload or arbitrary code execution. This update improves the system’s ability to notify users before handling content types used by Safari. Credit to Clint Ruoho of Laconic Security for reporting this issue.

  • CUPS

    CVE-ID: CVE-2010-0393

    Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2

    Impact: A local user may be able to obtain system privileges

    Description: A format string issue exists in the lppasswd CUPS utility. This may allow a local user to obtain system privileges. Mac OS X v10.6 systems are only affected if the setuid bit has been set on the binary. This issue is addressed by using default directories when running as a setuid process. Credit to Ronald Volgers for reporting this issue.

  • curl

    CVE-ID: CVE-2009-2417

    Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2

    Impact: A man-in-the-middle attacker may be able to impersonate a trusted server

    Description: A canonicalization issue exists in curl’s handling of NULL characters in the subject’s Common Name (CN) field of X.509 certificates. This may lead to man-in-the-middle attacks against users of the curl command line tool, or applications using libcurl. This issue is addressed through improved handling of NULL characters.

  • curl

    CVE-ID: CVE-2009-0037

    Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8

    Impact: Using curl with -L may allow a remote attacker to read or write local files

    Description: curl will follow HTTP and HTTPS redirects when used with the -L option. When curl follows a redirect, it allows file:// URLs. This may allow a remote attacker to access local files. This issue is addressed through improved validation of redirects. This issue does not affect Mac OS X v10.6 systems. Credit to Daniel Stenberg of Haxx AB for reporting this issue.

  • Cyrus IMAP

    CVE-ID: CVE-2009-2632

    Available for: Mac OS X Server v10.5.8

    Impact: A local user may be able to obtain the privileges of the Cyrus user

    Description: A buffer overflow exists in the handling of sieve scripts. By running a maliciously crafted sieve script, a local user may be able to obtain the privileges of the Cyrus user. This issue is addressed through improved bounds checking. This issue does not affect Mac OS X v10.6 systems.

  • Cyrus SASL

    CVE-ID: CVE-2009-0688

    Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8

    Impact: An unauthenticated remote attacker may cause unexpected application termination or arbitrary code execution

    Description: A buffer overflow exists in the Cyrus SASL authentication module. Using Cyrus SASL authentication may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. This issue does not affect Mac OS X v10.6 systems.

  • DesktopServices

    CVE-ID: CVE-2010-0064

    Available for: Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2

    Impact: Items copied in the Finder may be assigned an unexpected file owner

    Description: When performing an authenticated copy in the Finder, original file ownership may be unexpectedly copied. This update addresses the issue by ensuring that copied files are owned by the user performing the copy. This issue does not affect systems prior to Mac OS X v10.6. Credit to Gerrit DeWitt of Auburn University (Auburn, AL) for reporting this issue.

  • DesktopServices

    CVE-ID: CVE-2010-0537

    Available for: Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2

    Impact: A remote attacker may gain access to user data via a multi-stage attack

    Description: A path resolution issue in DesktopServices is vulnerable to a multi-stage attack. A remote attacker must first entice the user to mount an arbitrarily named share, which may be done via a URL scheme. When saving a file using the default save panel in any application, and using “Go to folder” or dragging folders to the save panel, the data may be unexpectedly saved to the malicious share. This issue is addressed through improved path resolution. This issue does not affect systems prior to Mac OS X v10.6. Credit to Sidney San Martin working with DeepTech, Inc. for reporting this issue.

  • Disk Images

    CVE-ID: CVE-2010-0065

    Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2

    Impact: Mounting a maliciously crafted disk image may lead to an unexpected application termination or arbitrary code execution

    Description: A memory corruption issue exists in the handling of bzip2 compressed disk images. Mounting a maliciously crafted disk image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit: Apple.

  • Disk Images

    CVE-ID: CVE-2010-0497

    Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2

    Impact: Mounting a maliciously crafted disk image may lead to arbitrary code execution

    Description: A design issue exists in the handling of internet enabled disk images. Mounting an internet enabled disk image containing a package file type will open it rather than revealing it in the Finder. This file quarantine feature helps to mitigate this issue by providing a warning dialog for unsafe file types. This issue is addressed through improved handling of package file types on internet enabled disk images. Credit to Brian Mastenbrook working with TippingPoint’s Zero Day Initiative for reporting this issue.

  • Directory Services

    CVE-ID: CVE-2010-0498

    Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2

    Impact: A local user may obtain system privileges

    Description: An authorization issue in Directory Services’ handling of record names may allow a local user to obtain system privileges. This issue is addressed through improved authorization checks. Credit: Apple.

  • Dovecot

    CVE-ID: CVE-2010-0535

    Available for: Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2

    Impact: An authenticated user may be able to send and receive mail even if the user is not on the SACL of users who are permitted to do so

    Description: An access control issue exists in Dovecot when Kerberos authentication is enabled. This may allow an authenticated user to send and receive mail even if the user is not on the service access control list (SACL) of users who are permitted to do so. This issue is addressed through improved access control checks. This issue does not affect systems prior to Mac OS X v10.6.

  • Event Monitor

    CVE-ID: CVE-2010-0500

    Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2

    Impact: A remote attacker may cause arbitrary systems to be added to the firewall blacklist

    Description: A reverse DNS lookup is performed on remote ssh clients that fail to authenticate. A plist injection issue exists in the handling of resolved DNS names. This may allow a remote attacker to cause arbitrary systems to be added to the firewall blacklist. This issue is addressed by properly escaping resolved DNS names. Credit: Apple.

  • FreeRADIUS

    CVE-ID: CVE-2010-0524

    Available for: Mac OS X Server v10.5.8, Mac OS X Server v10.6 through v10.6.2

    Impact: A remote attacker may obtain access to a network via RADIUS authentication

    Description: A certificate authentication issue exists in the default Mac OS X configuration of the FreeRADIUS server. A remote attacker may use EAP-TLS with an arbitrary valid certificate to authenticate and connect to a network configured to use FreeRADIUS for authentication. This issue is addressed by disabling support for EAP-TLS in the configuration. RADIUS clients should use EAP-TTLS instead. This issue only affects Mac OS X Server systems. Credit to Chris Linstruth of Qnet for reporting this issue.

  • FTP Server

    CVE-ID: CVE-2010-0501

    Available for: Mac OS X Server v10.5.8, Mac OS X Server v10.6 through v10.6.2

    Impact: Users may be able to retrieve files outside the FTP root directory

    Description: A directory traversal issue exists in FTP Server. This may allow a user to retrieve files outside the FTP root directory. This issue is addressed through improved handling of file names. This issue only affects Mac OS X Server systems. Credit: Apple.

  • iChat Server

    CVE-ID: CVE-2006-1329

    Available for: Mac OS X Server v10.5.8, Mac OS X Server v10.6 through v10.6.2

    Impact: A remote attacker may be able to cause a denial of service

    Description: An implementation issue exists in jabberd’s handling of SASL negotiation. A remote attacker may be able to terminate the operation of jabberd. This issue is addressed through improved handling of SASL negotiation. This issue only affects Mac OS X Server systems.

  • iChat Server

    CVE-ID: CVE-2010-0502

    Available for: Mac OS X Server v10.5.8, Mac OS X Server v10.6 through v10.6.2

    Impact: Chat messages may not be logged

    Description: A design issue exists in iChat Server’s support for configurable group chat logging. iChat Server only logs messages with certain message types. This may allow a remote user to send a message through the server without it being logged. The issue is addressed by removing the capability to disable group chat logs, and logging all messages that are sent through the server. This issue only affects Mac OS X Server systems. Credit: Apple.

  • iChat Server

    CVE-ID: CVE-2010-0503

    Available for: Mac OS X Server v10.5.8

    Impact: An authenticated user may be able to cause an unexpected application termination or arbitrary code execution

    Description: A use-after-free issue exists in iChat Server. An authenticated user may be able to cause an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory reference tracking. This issue only affects Mac OS X Server systems, and does not affect versions 10.6 or later.

  • iChat Server

    CVE-ID: CVE-2010-0504

    Available for: Mac OS X Server v10.5.8, Mac OS X Server v10.6 through v10.6.2

    Impact: An authenticated user may be able to cause an unexpected application termination or arbitrary code execution

    Description: Multiple stack buffer overflow issues exist in iChat Server. An authenticated user may be able to cause an unexpected application termination or arbitrary code execution. These issues are addressed through improved memory management. These issues only affect Mac OS X Server systems. Credit: Apple.

  • ImageIO

    CVE-ID: CVE-2010-0505

    Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2

    Impact: Viewing a maliciously crafted JP2 image may lead to an unexpected application termination or arbitrary code execution

    Description: A heap buffer overflow exists in the handling of JP2 images. Viewing a maliciously crafted JP2 image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit to Chris Ries of Carnegie Mellon University Computing Service, and researcher “85319bb6e6ab398b334509c50afce5259d42756e” working with TippingPoint’s Zero Day Initiative for reporting this issue.

  • ImageIO

    CVE-ID: CVE-2010-0041

    Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2

    Impact: Visiting a maliciously crafted website may result in sending data from Safari’s memory to the website

    Description: An uninitialized memory access issue exists in ImageIO’s handling of BMP images. Visiting a maliciously crafted website may result in sending data from Safari’s memory to the website. This issue is addressed through improved memory initialization and additional validation of BMP images. Credit to Matthew ‘j00ru’ Jurczyk of Hispasec for reporting this issue.

  • ImageIO

    CVE-ID: CVE-2010-0042

    Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2

    Impact: Visiting a maliciously crafted website may result in sending data from Safari’s memory to the website

    Description: An uninitialized memory access issue exists in ImageIO’s handling of TIFF images. Visiting a maliciously crafted website may result in sending data from Safari’s memory to the website. This issue is addressed through improved memory initialization and additional validation of TIFF images. Credit to Matthew ‘j00ru’ Jurczyk of Hispasec for reporting this issue.

  • ImageIO

    CVE-ID: CVE-2010-0043

    Available for: Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2

    Impact: Processing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution

    Description: A memory corruption issue exists in the handling of TIFF images. Processing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory handling. This issue does not affect systems prior to Mac OS X v10.6. Credit to Gus Mueller of Flying Meat for reporting this issue.

  • Image RAW

    CVE-ID: CVE-2010-0506

    Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8

    Impact: Viewing a maliciously crafted NEF image may lead to an unexpected application termination or arbitrary code execution

    Description: A buffer overflow exists in Image RAW’s handling of NEF images. Viewing a maliciously crafted NEF image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. This issue does not affect Mac OS X v10.6 systems. Credit: Apple.

  • Image RAW

    CVE-ID: CVE-2010-0507

    Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2

    Impact: Viewing a maliciously crafted PEF image may lead to an unexpected application termination or arbitrary code execution

    Description: A buffer overflow exists in Image RAW’s handling of PEF images. Viewing a maliciously crafted PEF image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit to Chris Ries of Carnegie Mellon University Computing Services for reporting this issue.

  • Libsystem

    CVE-ID: CVE-2009-0689

    Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2

    Impact: Applications that convert untrusted data between binary floating point and text may be vulnerable to an unexpected application termination or arbitrary code execution

    Description: A buffer overflow exists in the floating point binary to text conversion code within Libsystem. An attacker who can cause an application to convert a floating point value into a long string, or to parse a maliciously crafted string as a floating point value, may be able to cause an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit to Maksymilian Arciemowicz of SecurityReason.com for reporting this issue.

  • Mail

    CVE-ID: CVE-2010-0508

    Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2

    Impact: Rules associated with a deleted mail account remain in effect

    Description: When a mail account is deleted, user-defined filter rules associated with that account remain active. This may result in unexpected actions. This issue is addressed by disabling associated rules when a mail account is deleted.

  • Mail

    CVE-ID: CVE-2010-0525

    Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2

    Impact: Mail may use a weaker encryption key for outgoing email

    Description: A logic issue exists in Mail’s handling of encryption certificates. When multiple certificates for the recipient exist in the keychain, Mail may select an encryption key that is not intended for encipherment. This may lead to a security issue if the chosen key is weaker than expected. This issue is addressed by ensuring that the key usage extension within certificates is evaluated when selecting a mail encryption key. Credit to Paul Suh of ps Enable, Inc. for reporting this issue.

  • Mailman

    CVE-ID: CVE-2008-0564

    Available for: Mac OS X Server v10.5.8

    Impact: Multiple vulnerabilities in Mailman 2.1.9

    Description: Multiple cross-site scripting issues exist in Mailman 2.1.9. These issues are addressed by updating Mailman to version 2.1.13. Further information is available via the Mailman site at http://mail.python.org/pipermail/mailman-announce/2009-January/000128.html These issues only affect Mac OS X Server systems, and do not affect versions 10.6 or later.

  • MySQL

    CVE-ID: CVE-2008-4456, CVE-2008-7247, CVE-2009-2446, CVE-2009-4019, CVE-2009-4030

    Available for: Mac OS X Server v10.6 through v10.6.2

    Impact: Multiple vulnerabilities in MySQL 5.0.82

    Description: MySQL is updated to version 5.0.88 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. These issues only affect Mac OS X Server systems. Further information is available via the MySQL web site at http://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html

  • OS Services

    CVE-ID: CVE-2010-0509

    Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2

    Impact: A local user may be able to obtain elevated privileges

    Description: A privilege escalation issue exists in SFLServer, as it runs as group ‘wheel’ and accesses files in users’ home directories. This issue is addressed through improved privilege management. Credit to Kevin Finisterre of DigitalMunition for reporting this issue.

  • Password Server

    CVE-ID: CVE-2010-0510

    Available for: Mac OS X Server v10.5.8, Mac OS X Server v10.6 through v10.6.2

    Impact: A remote attacker may be able to log in with an outdated password

    Description: An implementation issue in Password Server’s handling of replication may cause passwords to not be replicated. A remote attacker may be able to log in to a system using an outdated password. This issue is addressed through improved handling of password replication. This issue only affects Mac OS X Server systems. Credit to Jack Johnson of Anchorage School District for reporting this issue.

  • perl

    CVE-ID: CVE-2008-5302, CVE-2008-5303

    Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8

    Impact: A local user may cause arbitrary files to be deleted

    Description: Multiple race condition issues exist in the rmtree function of the perl module File::Path. A local user with write access to a directory that is being deleted may cause arbitrary files to be removed with the privileges of the perl process. This issue is addressed through improved handling of symbolic links. This issue does not affect Mac OS X v10.6 systems.

  • PHP

    CVE-ID: CVE-2009-3557, CVE-2009-3558, CVE-2009-3559, CVE-2009-4017

    Available for: Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2

    Impact: Multiple vulnerabilities in PHP 5.3.0

    Description: PHP is updated to version 5.3.1 to address multiple vulnerabilities, the most serious of which may lead to arbitary code execution. Further information is available via the PHP website at http://www.php.net/

  • PHP

    CVE-ID: CVE-2009-3557, CVE-2009-3558, CVE-2009-3559, CVE-2009-4142, CVE-2009-4143

    Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8

    Impact: Multiple vulnerabilities in PHP 5.2.11

    Description: PHP is updated to version 5.2.12 to address multiple vulnerabilities, the most serious of which may lead to cross-site scripting. Further information is available via the PHP website at http://www.php.net/

  • Podcast Producer

    CVE-ID: CVE-2010-0511

    Available for: Mac OS X Server v10.6 through v10.6.2

    Impact: An unauthorized user may be able to access a Podcast Composer workflow

    Description: When a Podcast Composer workflow is overwritten, the access restrictions are removed. This may allow an unauthorized user to access a Podcast Composer workflow. This issue is addressed through improved handling of workflow access restrictions. Podcast Composer was introduced in Mac OS X Server v10.6.

  • Preferences

    CVE-ID: CVE-2010-0512

    Available for: Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2

    Impact: A network user may be able to bypass system login restrictions

    Description: An implementation issue exists in the handling of system login restrictions for network accounts. If the network accounts allowed to log in to the system at the Login Window are identified by group membership only, the restriction will not be enforced, and all network users will be allowed to log in to the system. The issue is addressed through improved group restriction management in the Accounts preference pane. This issue only affects systems configured to use a network account server, and does not affect systems prior to Mac OS X v10.6. Credit to Christopher D. Grieb of University of Michigan MSIS for reporting this issue.

  • PS Normalizer

    CVE-ID: CVE-2010-0513

    Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2

    Impact: Viewing a maliciously crafted PostScript file may lead to an unexpected application termination or arbitrary code execution

    Description: A stack buffer overflow exists in the handling of PostScript files. Viewing a maliciously crafted PostScript file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed by performing additional validation of PostScript files. On Mac OS X v10.6 systems this issue is mitigated by the -fstack-protector compiler flag. Credit: Apple.

  • QuickTime

    CVE-ID: CVE-2010-0062

    Available for: Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2

    Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution

    Description: A heap buffer overflow exists in QuickTime’s handling of H.263 encoded movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed by performing additional validation of H.263 encoded movie files. Credit to Damian Put working with TippingPoint’s Zero Day Initiative for reporting this issue.

  • QuickTime

    CVE-ID: CVE-2010-0514

    Available for: Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2

    Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution

    Description: A heap buffer overflow exists in the handling of H.261 encoded movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed by performing additional validation of H.261 encoded movie files. Credit to Will Dormann of the CERT/CC for reporting this issue.

  • QuickTime

    CVE-ID: CVE-2010-0515

    Available for: Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2

    Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution

    Description: A memory corruption in the handling of H.264 encoded movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed by performing additional validation of H.264 encoded movie files.

  • QuickTime

    CVE-ID: CVE-2010-0516

    Available for: Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2

    Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution

    Description: A heap buffer overflow in the handling of RLE encoded movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed by performing additional validation of RLE encoded movie files. Credit to an anonymous researcher working with TippingPoint’s Zero Day Initiative for reporting this issue.

  • QuickTime

    CVE-ID: CVE-2010-0517

    Available for: Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2

    Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution

    Description: A heap buffer overflow in the handling of M-JPEG encoded movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed by performing additional validation of M-JPEG encoded movie files. Credit to Damian Put working with TippingPoint’s Zero Day Initiative for reporting this issue.

  • QuickTime

    CVE-ID: CVE-2010-0518

    Available for: Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2

    Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution

    Description: A memory corruption issue exists in the handling of Sorenson encoded movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed by performing additional validation of Sorenson encoded movie files. Credit to Will Dormann of the CERT/CC for reporting this issue.

  • QuickTime

    CVE-ID: CVE-2010-0519

    Available for: Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2

    Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution

    Description: An integer overflow exists in the handling of FlashPix encoded movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit to an anonymous researcher working with TippingPoint’s Zero Day Initiative for reporting this issue. 

  • QuickTime

    CVE-ID: CVE-2010-0520

    Available for: Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2

    Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution

    Description: A heap buffer overflow exists in the handling of FLC encoded movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed by performing additional validation of FLC encoded movie files. Credit to Moritz Jodeit of n.runs AG, working with TippingPoint’s Zero Day Initiative, and Nicolas Joly of VUPEN Security for reporting this issue.

  • QuickTime

    CVE-ID: CVE-2010-0526

    Available for: Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2

    Impact: Viewing a maliciously crafted MPEG file may lead to an unexpected application termination or arbitrary code execution

    Description: A heap buffer overflow exists in the handling of MPEG encoded movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed by performing additional validation of MPEG encoded movie files. Credit to an anonymous researcher working with TippingPoint’s Zero Day Initiative for reporting this issue.

  • Ruby

    CVE-ID: CVE-2009-2422, CVE-2009-3009, CVE-2009-4214

    Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2

    Impact: Multiple issues in Ruby on Rails

    Description: Multiple vulnerabilities exist in Ruby on Rails, the most serious of which may lead to cross-site scripting. On Mac OS X v10.6 systems, these issues are addressed by updating Ruby on Rails to version 2.3.5. Mac OS X v10.5 systems are affected only by CVE-2009-4214, and this issue is addressed through improved validation of arguments to strip_tags.

  • Ruby

    CVE-ID: CVE-2009-1904

    Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2

    Impact: Running a Ruby script that uses untrusted input to initialize a BigDecimal object may lead to an unexpected application termination

    Description: A stack exhaustion issue exists in Ruby’s handling of BigDecimal objects with very large values. Running a Ruby script that uses untrusted input to initialize a BigDecimal object may lead to an unexpected application termination. For Mac OS X v10.6 systems, this issue is addressed by updating Ruby to version 1.8.7-p173. For Mac OS v10.5 systems, this issue is addressed by updating Ruby to version 1.8.6-p369.

  • Server Admin

    CVE-ID: CVE-2010-0521

    Available for: Mac OS X Server v10.5.8, Mac OS X Server v10.6 through v10.6.2

    Impact: A remote attacker may extract information from Open Directory

    Description: A design issue exists in the handling of authenticated directory binding. A remote attacker may be able to anonymously extract information from Open Directory, even if the “Require authenticated binding between directory and clients” option is enabled. The issue is addressed by removing this configuration option. This issue only affects Mac OS X Server systems. Credit to Scott Gruby of Gruby Solutions, and Mathias Haack of GRAVIS Computervertriebsgesellschaft mbH for reporting this issue.

  • Server Admin

    CVE-ID: CVE-2010-0522

    Available for: Mac OS X Server v10.5.8

    Impact: A former administrator may have unauthorized access to screen sharing

    Description: A user who is removed from the ‘admin’ group may still connect to the server using screen sharing. This issue is addressed through improved handling of administrator privileges. This issue only affects Mac OS X Server systems, and does not affect version 10.6 or later. Credit: Apple.

  • SMB

    CVE-ID: CVE-2009-2906

    Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2

    Impact: A remote attacker may be able to cause a denial of service

    Description: An infinite loop issue exists in Samba’s handling of SMB ‘oplock’ break notifications. A remote attacker may be able to trigger an infinite loop in smbd, causing it to consume excessive CPU resources. The issue is addressed through improved handling of ‘oplock’ break notifications.

  • Tomcat

    CVE-ID: CVE-2009-0580, CVE-2009-0033, CVE-2009-0783, CVE-2008-5515, CVE-2009-0781, CVE-2009-2901, CVE-2009-2902, CVE-2009-2693

    Available for: Mac OS X Server v10.5.8, Mac OS X Server v10.6 through v10.6.2

    Impact: Multiple vulnerabilities in Tomcat 6.0.18

    Description: Tomcat is updated to version 6.0.24 to address multiple vulnerabilities, the most serious of which may lead to a cross site scripting attack. Tomcat is only provided on Mac OS X Server systems. Further information is available via the Tomcat site at http://tomcat.apache.org/

  • unzip

    CVE-ID: CVE-2008-0888

    Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8

    Impact: Extracting maliciously crafted zip files using the unzip command tool may lead to an unexpected application termination or code execution

    Description: An uninitialized pointer issue exists is the handling of zip files. Extracting maliciously crafted zip files using the unzip command tool may lead to an unexpected application termination or arbitrary code execution. This issue is addressed by performing additional validation of zip files. This issue does not affect Mac OS X v10.6 systems.

  • vim

    CVE-ID: CVE-2008-2712, CVE-2008-4101, CVE-2009-0316

    Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8

    Impact: Multiple vulnerabilities in vim 7.0

    Description: Multiple vulnerabilities exist in vim 7.0, the most serious of which may lead to arbitrary code execution when working with maliciously crafted files. These issues are addressed by updating to vim 7.2.102. These issues do not affect Mac OS X v10.6 systems. Further information is available via the vim website at http://www.vim.org/

  • Wiki Server

    CVE-ID: CVE-2010-0523

    Available for: Mac OS X Server v10.5.8

    Impact: Uploading a maliciously crafted applet may lead to the disclosure of sensitive information

    Description: Wiki Server allows users to upload active content such as Java applets. A remote attacker may obtain sensitive information by uploading a maliciously crafted applet and directing a Wiki Server user to view it. The issue is addressed by using a special one-time authentication cookie which is only useable to download a particular attachment. This issue only affects Mac OS X Server systems, and does not affect versions 10.6 or later.

  • Wiki Server

    CVE-ID: CVE-2010-0534

    Available for: Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2

    Impact: An authenticated user may bypass weblog creation restrictions

    Description: Wiki Server supports service access control lists (SACLs), allowing an administrator to control the publication of content. Wiki Server fails to consult the weblog SACL during the creation of a user’s weblog. This may allow an authenticated user to publish content to the Wiki Server, even though publication should be disallowed by the service ACL. This issue does not affect systems prior to Mac OS X v10.6.

  • X11

    CVE-ID: CVE-2009-2042

    Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2

    Impact: Viewing a maliciously crafted image may lead to the disclosure of sensitive information

    Description: libpng is updated to version 1.2.37 to address an issue that may result in the disclosure of sensitive information. Further information is available via the libpng site at http://www.libpng.org/pub/png/libpng.html

  • X11

    CVE-ID: CVE-2003-0063

    Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2

    Impact: Displaying maliciously crafted data within an xterm terminal may lead to arbitrary code execution

    Description: The xterm program supports a command sequence to change the window title, and to print the window title to the terminal. The information returned is provided to the terminal as though it were keyboard input from the user. Within an xterm terminal, displaying maliciously crafted data containing such sequences may result in command injection. The issue is addressed by disabling the affected command sequence.

  • xar

    CVE-ID: CVE-2010-0055

    Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8

    Impact: A modified package may appear as validly signed

    Description: A design issue exists in xar when validating a package signature. This may allow a modified package to appear as validly signed. This issue is fixed through improved package signature validation. This issue does not affect Mac OS X v10.6 systems. Credit: Apple.

Sign Up for the Newsletter

Join the TMO Express Daily Newsletter to get the latest Mac headlines in your e-mail every weekday.

Comments

Dean Lewis

Well, look at all those people who reported or allowed TippingPoint to report. Funny, I don’t see Charlie Miller’s name up there. What was that about white hats and black hats again, Charlie?

Jesusa Martija

update always

Log-in to comment