Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:21028
HistoryDec 16, 2008 - 12:00 a.m.

About the security content of Security Update 2008-008 / Mac OS X v10.5.6

2008-12-1600:00:00
vulners.com
27

About the security content of Security Update 2008-008 / Mac OS X v10.5.6

* Last Modified: December 15, 2008
* Article: HT3338

Summary

This document describes the security content of Security Update 2008-008 / Mac OS X v10.5.6, which can be downloaded and installed via Software Update preferences, or from Apple Downloads.

For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.

For information about the Apple Product Security PGP Key, see "How to use the Apple Product Security PGP Key."

Where possible, CVE IDs are used to reference the vulnerabilities for further information.

To learn about other Security Updates, see "Apple Security Updates."
Products Affected

Security, Mac OS X 10.5
Security Update 2008-008 / Mac OS X v10.5.6

*

  ATS

  CVE-ID: CVE-2008-4236

  Available for: Mac OS X v10.5 through v10.5.5, Mac OS X Server v10.5 through v10.5.5

  Impact: Viewing or downloading a PDF file containing a maliciously crafted embedded font may lead to a denial of service

  Description: An infinite loop may occur in the Apple Type Services server's handling of embedded fonts in PDF files. Viewing or downloading a PDF file containing a maliciously crafted embedded font may lead to a denial of service. This update addresses the issue by performing additional validation of embedded fonts. This issue does not affect systems prior to Mac OS X v10.5. Credit to Michael Samarin and Mikko Vihonen of Futurice Ltd. for reporting this issue.

*

  BOM

  CVE-ID: CVE-2008-4217

  Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.5, Mac OS X Server v10.5 through v10.5.5

  Impact: Downloading or viewing a maliciously crafted CPIO archive may lead to arbitrary code execution or unexpected application termination

  Description: A signedness issue exists in BOM's handling of CPIO headers which may result in a stack buffer overflow. Downloading or viewing a maliciously crafted CPIO archive may lead to arbitrary code execution or unexpected application termination. This update addresses the issue by performing additional validation of CPIO headers. Credit: Apple.

*

  CoreGraphics

  CVE-ID: CVE-2008-3623

  Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.5, Mac OS X Server v10.5 through v10.5.5

  Impact: Viewing a maliciously crafted image may lead to an unexpected application termination or arbitrary code execution

  Description: A heap buffer overflow exists in the handling of color spaces within CoreGraphics. Viewing a maliciously crafted image may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit: Apple.

*

  CoreServices

  CVE-ID: CVE-2008-3170

  Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.5, Mac OS X Server v10.5 through v10.5.5

  Impact: Visiting a maliciously crafted website may lead to the disclosure of user credentials

  Description: Safari allows web sites to set cookies for country-specific top-level domains, which may allow a remote attacker to perform a session fixation attack and hijack a user's credentials. This update addresses the issue by performing additional validation of domain names. Credit to Alexander Clauss of iCab.de for reporting this issue.

*

  CoreTypes

  CVE-ID: CVE-2008-4234

  Available for: Mac OS X v10.5 through v10.5.5, Mac OS X Server v10.5 through v10.5.5

  Impact: Attempting to launch unsafe downloaded content may not lead to a warning

  Description: Mac OS X provides the Download Validation capability to indicate potentially unsafe files. Applications such as Safari and others use Download Validation to help warn users prior to launching files marked as potentially unsafe. This update adds to the list of potentially unsafe types. It adds the content type for files that have executable permissions and no specific application association. These files are potentially unsafe as they will launch in Terminal and their content will be executed as commands. While these files are not automatically launched, if manually opened they could lead to the execution of arbitrary code. This issue does not affect systems prior to Mac OS X v10.5.

*

  Flash Player Plug-in

  CVE-ID: CVE-2008-4818, CVE-2008-4819, CVE-2008-4820, CVE-2008-4821, CVE-2008-4822, CVE-2008-4823, CVE-2008-4824

  Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.5, Mac OS X Server v10.5 through v10.5.5

  Impact: Multiple vulnerabilities in Adobe Flash Player plug-in

  Description: Multiple issues exist in the Adobe Flash Player plug-in, the most serious of which may lead to arbitrary code execution when viewing a maliciously crafted web site. The issues are addressed by updating the Flash Player plug-in to version 9.0.151.0. Further information is available via the Adobe web site at http://www.adobe.com/support/security/bulletins/apsb08-20.html

*

  Kernel

  CVE-ID: CVE-2008-4218

  Available for: Mac OS X v10.5 through v10.5.5, Mac OS X Server v10.5 through v10.5.5

  Impact: A local user may obtain system privileges

  Description: Integer overflow issues exist within the i386_set_ldt and i386_get_ldt system calls, which may allow a local user to execute arbitrary code with system privileges. This update addresses the issues through improved bounds checking. These issues do not affect PowerPC systems. Credit to Richard Vaneeden of IOActive, Inc. for reporting these issues.

*

  Kernel

  CVE-ID: CVE-2008-4219

  Available for: Mac OS X v10.5 through v10.5.5, Mac OS X Server v10.5 through v10.5.5

  Impact: Running an executable that links dynamic libraries on an NFS share may lead to an unexpected system shutdown

  Description: An infinite loop may occur when a program located on an NFS share receives an exception. This may lead to an unexpected system shutdown. This update addresses the issue through improved handling of exceptions. Credit to Ben Loer of Princeton University for reporting this issue.

*

  Libsystem

  CVE-ID: CVE-2008-4220

  Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.5, Mac OS X Server v10.5 through v10.5.5

  Impact: Applications that use the inet_net_pton API may be vulnerable to arbitrary code execution or an unexpected application termination

  Description: An integer overflow exists in Libsystem's inet_net_pton API, which may lead to arbitrary code execution or the unexpected termination of the application using the API. This update addresses the issue through improved bounds checking. This API is not normally called with untrusted data, and no exploitable cases of this issue are known. This update is provided to help mitigate potential attacks against any application using this API.

*

  Libsystem

  CVE-ID: CVE-2008-4221

  Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.5, Mac OS X Server v10.5 through v10.5.5

  Impact: Applications that use the strptime API may be vulnerable to arbitrary code execution or unexpected application termination

  Description: A memory corruption issue exists in Libsystem's strptime API. Parsing a maliciously crafted date string may lead to arbitrary code execution or unexpected application termination. This update addresses the issue through improved memory allocation. Credit: Apple.

*

  Libsystem

  CVE-ID: CVE-2008-1391

  Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.5, Mac OS X Server v10.5 through v10.5.5

  Impact: Applications that use the strfmon API may be exposed to an unexpected application termination or arbitrary code execution

  Description: Multiple integer overflows exist in Libsystem's strfmon implementation. An application calling strfmon with large values of certain integer fields in the format string argument may unexpectedly terminate or lead to arbitrary code execution. This update addresses the issues through improved bounds checking.

*

  Managed Client

  CVE-ID: CVE-2008-4237

  Available for: Mac OS X v10.5 through v10.5.5, Mac OS X Server v10.5 through v10.5.5

  Impact: The managed screen saver settings are not applied

  Description: The method by which the software on a managed client system installs per-host configuration information does not always correctly identify the system. On a misidentified system, per-host settings are not applied, including the screen saver lock. This update addresses the issue by having Managed Client use the correct system identification. This issue does not affect systems with built-in Ethernet. Credit to John Barnes of ESRI, and Trevor Lalish-Menagh of Tamman Technologies, Inc. for reporting this issue.

*

  network_cmds

  CVE-ID: CVE-2008-4222

  Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.5, Mac OS X Server v10.5 through v10.5.5

  Impact: A remote attacker may be able to cause a denial of service if Internet Sharing is enabled

  Description: An infinite loop may occur in the handling of TCP packets in natd. By sending a maliciously crafted TCP packet, a remote attacker may be able to cause a denial of service if Internet Sharing is enabled. This update addresses the issue by performing additional validation of TCP packets. Credit to Alex Rosenberg of Ohmantics, and Gary Teter of Paizo Publishing for reporting this issue.

*

  Podcast Producer

  CVE-ID: CVE-2008-4223

  Available for: Mac OS X Server v10.5 through v10.5.5

  Impact: A remote attacker may be able to access the administrative functions of Podcast Producer

  Description: An authentication bypass issue exists in the Podcast Producer server, which may allow an unauthorized user to access administrative functions in the server. This update addresses the issue through improved handling of access restrictions. Podcast Producer was introduced in Mac OS X Server v10.5.

*

  UDF

  CVE-ID: CVE-2008-4224

  Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.5, Mac OS X Server v10.5 through v10.5.5

  Impact: Opening an ISO file may lead to an unexpected system shutdown

  Description: An input validation issue exists in the handling of malformed UDF volumes. Opening a maliciously crafted ISO file may lead to an unexpected system shutdown. This update addresses the issue through improved input validation. Credit to Mauro Notarianni of PCAX Solutions for reporting this issue.

Important: Mention of third-party websites and products is for informational purposes only and constitutes neither an endorsement nor a recommendation. Apple assumes no responsibility with regard to the selection, performance or use of information or products found at third-party websites. Apple provides this only as a convenience to our users. Apple has not tested the information found on these sites and makes no representations regarding its accuracy or reliability. There are risks inherent in the use of any information or products found on the Internet, and Apple assumes no responsibility in this regard. Please understand that a third-party site is independent from Apple and that Apple has no control over the content on that website. Please contact the vendor for additional information.

Related for SECURITYVULNS:DOC:21028