Site Network: Beskerming.com | Skiifwrald.com | Jongsma & Jongsma

Security for All

Sûnnet Beskerming is a company with a focus and a drive to provide Information Security services for all those who want to stay safe and secure in an online world.

Username: | Password: Contact us to request an account

OS X 10.5 - Remote hacker automatic control

Version: 10.5.1 and prior.
Technical Details:

Numerous issues addressed, including:

Directory Services - Stack buffer overflow leading to local arbitrary code execution - originally disclosed in January 2007.
Foundation - Arbitrary code execution or application denial of service due to accessing malformed URLs. (10.5 only)
Launch Services - Applications removed from a system may still be launched via the Time Machine backup version.
Mail - Accessing a file:// URL from within a message may lead to arbitrary code execution. (10.4 only)
NFS - Arbitrary code execution opportunity if the system is being used as either a NFS client or server due to poor handling of mbuf chains.
Open Directory - NTLM authentication attempts may continuously fail, even with accurate parameters. This is due to a race condition in the service.
Parental Controls - Information disclosure when requesting to unblock a website, as the machine will inadvertently contact apple.com as part of the unblocking process.
Samba - Stack buffer overflow leading to arbitrary code execution.
Terminal - Arbitrary code execution when viewing malicious URLs in Terminal.
X11 - Multiple vulnerabilities, leading to arbitrary code execution in the worst case.

Description:

Apple Computer have released Security Update 2008-001 and OS X 10.5.2, addressing a number of serious security problems.

OS X 10.4 is also vulnerable to the above issues - the update is presented as Security Update 2008-001 for those users.

Mitigation:

It is recommended that users apply the update, via the Software Update option in the Apple Menu, or via the Apple Download link, below. If installing via the Software Update option, it will only download the applicable Update (Intel / PPC / !0.5 / 10.4).

Updates:

http://www.apple.com/support/downloads/

Source:

http://docs.info.apple.com/article.html?artnum=61798

Exploits:

External Tracking Data:

CVE-ID: CVE-2007-0355 (Directory Services), CVE-ID: CVE-2008-0035 (Foundation), CVE-ID: CVE-2008-0038 (Launch Services), CVE-ID: CVE-2008-0039 (Mail), CVE-ID: CVE-2008-0040 (NFS), CVE-ID: CVE-2008-0041 (Parental Controls), CVE-ID: CVE-2007-6015 (Samba), CVE-ID: CVE-2008-0042 (Terminal), CVE-ID: CVE-2007-4568 (X11), CVE-ID: CVE-2008-0037 (X11)

Social bookmark this page