 |
|
|
|
| Многочисленные уязвимости безопасности в Apple Mac OS X | | Опубликовано: |  | 30 мая 2008 г. | | Источник: |  | APPLE | | SecurityVulns ID: |  | 9039 | | Тип: |  | удаленная | | Опасность: |  | 9/10 | | Описание: |  | Обратный путь в каталогах сервера AFP, обновления Apache, повреждение памяти в AppKit, многочисленные повреждения памяти в Apple Pixlet Video, повреждение памяти через шрифты файлов PDF в Apple Type Services, утечка инфомрации через SSL, многочисленные уязвимости при работе с графикой и различными графическими и мультимедийными форматами, загрузка потенциально опасного содержимого, переполнение буфера в Help Viewer, обращение к неинициализированной памяти в iCal, обход фильтрации через Unicode, обратный путь в каталогах Image Capture, IPv6 DoS, переполнение буфера в SMTP-клиенте, и др. |
| Затронутые продукты: |  | APPLE : Mac OS X 10.4 | | CVE: |  | CVE-2008-1580 | | | | CVE-2008-1578 (The sso_util program in Single Sign-On in Apple Mac OS X before 10.5.3 places passwords on the command line, which allows local users to obtain sensitive information by listing the process.) | | | | CVE-2008-1577 | | | | CVE-2008-1576 | | | | CVE-2008-1575 | | | | CVE-2008-1574 | | | | CVE-2008-1573 (The BMP and GIF image decoding engine in ImageIO in Apple Mac OS X before 10.5.3 allows remote attackers to obtain sensitive information (memory contents) via a crafted (1) BMP or (2) GIF image, which causes an out-of-bounds read.) | | | | CVE-2008-1572 (Image Capture in Apple Mac OS X before 10.5 does not properly use temporary files, which allows local users to overwrite arbitrary files, and display images that are being resized by this application.) | | | | CVE-2008-1571 | | | | CVE-2008-1036 (The International Components for Unicode (ICU) library in Apple Mac OS X before 10.5.3, Red Hat Enterprise Linux 5, and other operating systems omits some invalid character sequences during conversion of some character encodings, which might allow remote attackers to conduct cross-site scripting (XSS) attacks.) | | | | CVE-2008-1035 | | | | CVE-2008-1034 (Integer underflow in Help Viewer in Apple Mac OS X before 10.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted help:topic URL that triggers a buffer overflow.) | | | | CVE-2008-1033 (The scheduler in CUPS in Apple Mac OS X 10.5 before 10.5.3, when debug logging is enabled and a printer requires a password, allows attackers to obtain sensitive information (credentials) by reading the log data, related to "authentication environment variables.") | | | | CVE-2008-1032 | | | | CVE-2008-1031 | | | | CVE-2008-1030 | | | | CVE-2008-1028 | | | | CVE-2008-1027 | | | | CVE-2008-0177 | | | | CVE-2007-6359 (The cs_validate_page function in bsd/kern/ubc_subr.c in the xnu kernel 1228.0 and earlier in Apple Mac OS X 10.5.1 allows local users to cause a denial of service (failed assertion and system crash) via a crafted signed Mach-O binary that causes the hashes function to return NULL.) |
|
|
|
|
|
|
|
|
