Security Update 2008-005 is er

Door: Maarten ter Horst - 14 reacties

Bij Apple doen ze kennelijk niet aan vakantie, aangezien ons vanochtend voor dag en dauw wederom een forse beveiligingsupdate in de nuchtere maag is gesplitst. De update is bedoeld voor Mac OS X Tiger, Leopard én Server en varieert van 65MB tot 180MB in grootte.

Voor de echte diehards volgt hieronder het overzicht van alle lekken en gevaren waar u tot op heden aan blootstond. Onder het genot van een kopje koffie zal ook ondergetekende daar dadelijk eens even goed voor gaan zitten. De update vind je zoals gewoonlijk in Software update onder het appeltje.

Open Scripting Architecture

CVE-ID: CVE-2008-2830

Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.4, Mac OS X Server v10.5.4

Impact: A local user may execute commands with elevated privileges

Description: A design issue exists in the Open Scripting Architecture libraries when determining whether to load scripting addition plugins into applications running with elevated privileges. Sending scripting addition commands to a privileged application may allow the execution of arbitrary code with those privileges. This update addresses the issue by not loading scripting addition plugins into applications running with system privileges. The recently reported ARDAgent and SecurityAgent issues are addressed by this update. Credit to Charles Srstka for reporting this issue.

BIND

CVE-ID: CVE-2008-1447

Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.4, Mac OS X Server v10.5.4

Impact: BIND is susceptible to DNS cache poisoning and may return forged information

Description: The Berkeley Internet Name Domain (BIND) server is distributed with Mac OS X, and is not enabled by default. When enabled, the BIND server provides translation between host names and IP addresses. A weakness in the DNS protocol may allow remote attackers to perform DNS cache poisoning attacks. As a result, systems that rely on the BIND server for DNS may receive forged information. This update addresses the issue by implementing source port randomization to improve resilience against cache poisoning attacks. For Mac OS X v10.4.11 systems, BIND is updated to version 9.3.5-P1. For Mac OS X v10.5.4 systems, BIND is updated to version 9.4.2-P1. Credit to Dan Kaminsky of IOActive for reporting this issue.

CarbonCore

CVE-ID: CVE-2008-2320

Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.4, Mac OS X Server v10.5.4

Impact: Processing long filenames may lead to an unexpected application termination or arbitrary code execution

Description: A stack buffer overflow exists in the handling of long filenames. Processing long filenames may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit to Thomas Raffetseder of the International Secure Systems Lab and Sergio ‘shadown’ Alvarez of n.runs AG for reporting this issue.

CoreGraphics

CVE-ID: CVE-2008-2321

Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.4, Mac OS X Server v10.5.4

Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

Description: CoreGraphics contains memory corruption issues in the processing of arguments. Passing untrusted input to CoreGraphics via an application, such as a web browser, may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit to Michal Zalewski of Google for reporting this issue.

CoreGraphics

CVE-ID: CVE-2008-2322

Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.4, Mac OS X Server v10.5.4

Impact: Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution

Description: An integer overflow in the handling of PDF files may result in a heap buffer overflow. Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through additional validation of PDF files. Credit to Pariente Kobi working with the iDefense VCP for reporting this issue.

Data Detectors Engine

CVE-ID: CVE-2008-2323

Available for: Mac OS X v10.5.4, Mac OS X Server v10.5.4

Impact: Viewing maliciously crafted messages with Data Detectors may lead to an unexpected application termination

Description: Data Detectors are used to extract reference information from textual content or archives. A resource consumption issue exists in Data Detectors’ handling of textual content. Viewing maliciously crafted content in an application that uses Data Detectors may lead to a denial of service, but not arbitrary code execution. This issue does not affect systems prior to Mac OS X v10.5.

Disk Utility

CVE-ID: CVE-2008-2324

Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11

Impact: A local user may obtain system privileges

Description: The “Repair Permissions” tool in Disk Utility makes /usr/bin/emacs setuid. After the Repair Permissions tool has been run, a local user may use emacs to run commands with system privileges. This update addresses the issue by correcting the permissions applied to emacs in the Repair Permissions tool. This issue does not affect systems running Mac OS X v10.5 and later. Credit to Anton Rang and Brian Timares for reporting this issue.

OpenLDAP

CVE-ID: CVE-2008-2952

Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.4, Mac OS X Server v10.5.4

Impact: A remote attacker may be able to cause an unexpected application termination

Description: An issue exists in OpenLDAP’s ASN.1 BER decoding. Processing a maliciously crafted LDAP message may trigger an assertion and lead to an unexpected application termination of the OpenLDAP daemon, slapd. This update addresses the issue by performing additional validation of LDAP messages.

OpenSSL

CVE-ID: CVE-2007-5135

Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.4, Mac OS X Server v10.5.4

Impact: A remote attacker may be able to cause an unexpected application termination or arbitrary code execution

Description: A range checking issue exists in the SSL_get_shared_ciphers() utility function within OpenSSL. In an application using this function, processing maliciously crafted packets may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking.

PHP

CVE-ID: CVE-2008-2051, CVE-2008-2050, CVE-2007-4850, CVE-2008-0599, CVE-2008-0674

Available for: Mac OS X v10.5.4, Mac OS X Server v10.5.4

Impact: Multiple vulnerabilities in PHP 5.2.5

Description: PHP is updated to version 5.2.6 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the PHP website at http://www.php.net/ PHP version 5.2.x is only provided with Mac OS X v10.5 systems.

QuickLook

CVE-ID: CVE-2008-2325

Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.4, Mac OS X Server v10.5.4

Impact: Downloading a maliciously crafted Microsoft Office file may lead to an unexpected application termination or arbitrary code execution

Description: Multiple memory corruption issues exist in QuickLook’s handling of Microsoft Office files. Downloading a maliciously crafted Microsoft Office file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. This issue does not affect systems prior to Mac OS X v10.5.

rsync

CVE-ID: CVE-2007-6199, CVE-2007-6200

Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.4, Mac OS X Server v10.5.4

Impact: Files outside the module root may be accessed or overwritten remotely

Description: Path validation issues exist in rsync’s handling of symbolic links when running in daemon mode. Placing symbolic links in an rsync module may allow files outside of the module root to be accessed or overwritten. This update addresses the issue through improved handling of symbolic links. Further information on the patches applied is available via the rsync web site at http://rsync.samba.org/

Reacties

14 reacties
  • Profielfoto
    Maurits Lagerberg

    Word gedownload:)

  • Profielfoto
    Darth Anaxes

    hmm, 2e post!
    ja ga ook direct downe

  • Profielfoto
    nicksuy1

    het BIND probleem is dan toch opgelost geraakt blijkbaar, want dit sleepte toch al eventjes aan…

  • Profielfoto
    Lucas Raggers

    Hehe, eindelijk. De bug in OpenLDAP’s ASN.1 BER decoding is ook opgelost.

  • Profielfoto
    Marius1976

    Het is maar goed dat ze daar niet aan vakantie doen, want die DNS related bug patch liet wel weer dusdanig lang op zich wachten dat nieuwsbronnen buiten de apple wereld het aangrepen om weer eens wat negatiefs over apple te schrijven.

    En het heeft ook relatief bezien wel vrij lang geduurd… dus mooi dat het gefixed is.

  • Profielfoto
    martijnvandijk

    dag en dauw

  • Profielfoto
    LEXY

    @ Lucas, ja die bug zaten we dagelijks meerdere malen tegen aan te hikken. Om gek van te worden!!! Er viel haast niet meer te werken op onze machines…
    Blij dat het nu eindelijk is verholpen, ik zat al te denken aan switchen naar Windows…!!!;)

  • Profielfoto
    Nelis Infra

    PHP

    CVE-ID: CVE-2008-2051, CVE-2008-2050, CVE-2007-4850, CVE-2008-0599, CVE-2008-0674

    Available for: Mac OS X v10.5.4, Mac OS X Server v10.5.4

    Impact: Multiple vulnerabilities in PHP 5.2.5

    Description: PHP is updated to version 5.2.6 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the PHP website at http://www.php.net/ PHP version 5.2.x is only provided with Mac OS X v10.5 systems.

    Yeehaa!

  • Profielfoto
    NTG

    @nelis: en dat betekent?

    wat zou het toch handig zijn als alle app’s met 1 app, Software update dus, kon updaten, dan had je bijvoorbeeld google en Mozilla updater niet meer nodig ??? !

  • Profielfoto
    Esquare
  • Profielfoto
    Sama

    Na de update start o.m. Mail, Schijfhulpprogramma’s en Console niet meer op:(

  • Profielfoto
    passenger

    Rechtsklikken in Safari doet Safari crashen!

    [edit]en Mail, Finder[/edit]

  • Profielfoto
    passenger

    DiskWarrior en Combo Update er overheen, kan weer rechts-klikken…

  • Profielfoto
    iAlwin

    @NTG:

    Die heb je wel hoor: AppFresh