Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в Apple Mac OS X
Опубликовано:30 мая 2008 г.
Источник:
SecurityVulns ID:9039
Тип:удаленная
Уровень опасности:
9/10
Описание:Обратный путь в каталогах сервера AFP, обновления Apache, повреждение памяти в AppKit, многочисленные повреждения памяти в Apple Pixlet Video, повреждение памяти через шрифты файлов PDF в Apple Type Services, утечка инфомрации через SSL, многочисленные уязвимости при работе с графикой и различными графическими и мультимедийными форматами, загрузка потенциально опасного содержимого, переполнение буфера в Help Viewer, обращение к неинициализированной памяти в iCal, обход фильтрации через Unicode, обратный путь в каталогах Image Capture, IPv6 DoS, переполнение буфера в SMTP-клиенте, и др.
Затронутые продукты:APPLE : Mac OS X 10.4
CVE:CVE-2008-1580
 CVE-2008-1578 (The sso_util program in Single Sign-On in Apple Mac OS X before 10.5.3 places passwords on the command line, which allows local users to obtain sensitive information by listing the process.)
 CVE-2008-1577
 CVE-2008-1576
 CVE-2008-1575
 CVE-2008-1574
 CVE-2008-1573 (The BMP and GIF image decoding engine in ImageIO in Apple Mac OS X before 10.5.3 allows remote attackers to obtain sensitive information (memory contents) via a crafted (1) BMP or (2) GIF image, which causes an out-of-bounds read.)
 CVE-2008-1572 (Image Capture in Apple Mac OS X before 10.5 does not properly use temporary files, which allows local users to overwrite arbitrary files, and display images that are being resized by this application.)
 CVE-2008-1571
 CVE-2008-1036 (The International Components for Unicode (ICU) library in Apple Mac OS X before 10.5.3, Red Hat Enterprise Linux 5, and other operating systems omits some invalid character sequences during conversion of some character encodings, which might allow remote attackers to conduct cross-site scripting (XSS) attacks.)
 CVE-2008-1035
 CVE-2008-1034 (Integer underflow in Help Viewer in Apple Mac OS X before 10.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted help:topic URL that triggers a buffer overflow.)
 CVE-2008-1033 (The scheduler in CUPS in Apple Mac OS X 10.5 before 10.5.3, when debug logging is enabled and a printer requires a password, allows attackers to obtain sensitive information (credentials) by reading the log data, related to "authentication environment variables.")
 CVE-2008-1032
 CVE-2008-1031
 CVE-2008-1030
 CVE-2008-1028
 CVE-2008-1027
 CVE-2008-0177
 CVE-2007-6359 (The cs_validate_page function in bsd/kern/ubc_subr.c in the xnu kernel 1228.0 and earlier in Apple Mac OS X 10.5.1 allows local users to cause a denial of service (failed assertion and system crash) via a crafted signed Mach-O binary that causes the hashes function to return NULL.)
Оригинальный текстdocumentAPPLE, About the security content of Security Update 2008-003 / Mac OS X 10.5.3 (30.05.2008)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород