Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
  • Research
Home > Products and services > CSIRTUK advisories > 3649 - APPLE-SA-2008-06-30 Security Update 2008-004 and Mac OS X v10.5.4

CSIRTUK advisories

3649 - APPLE-SA-2008-06-30 Security Update 2008-004 and Mac OS X v10.5.4

ID: 3649
Date: 01/07/2008
Title: 3649 - APPLE-SA-2008-06-30 Security Update 2008-004 and Mac OS X v10.5.4
Platform level affected:Operating System
Hardware components affected:Apple MAC
Specific operating systems components affected: Apple Mac OS
Net-enabled software: Other
Security software:Other
Other software: Other
Remediation Summary:Update your copy of the software with the download available from the supplier.
Vendors affected:Apple
Applications affected:Mac OS X v10.5.4
Adversity source: Unknown
Attack Vector: Vulnerability exploitation
Virulence: Unknown
Warning Status: Unknown
Potential Damage: Remote execution/modification
Possible Duration: Unknown
Availability of fix: Available
Type of fix: Patch
Source: Apple
Reliability of source: Trusted
Source URL: http://support.apple.com/kb/HT1222
CVE: CVE-2008-2308; CVE-2008-2309; CVE-2008-2310; CVE-2008-2311; CVE-2008-2314; CVE-2008-2662, CVE-2008-2663, CVE-2008-2664, CVE-2008-2725, CVE-2008-0960, CVE-2008-1145; CVE-2008-1105; CVE-2005-3164, CVE-2007-1355, CVE-2007-2449, CVE-2007-2450, CVE-2007-3382,
Abstract: Apple have released security ipdate 2008-004 and Mac OS X v10.5.4 that address a number of issues.

APPLE-SA-2008-06-30 Security Update 2008-004 and Mac OS X v10.5.4

Security Update 2008-004 and Mac OS X v10.5.4 are now available and address the following issues:

Alias Manager
CVE-ID:  CVE-2008-2308
Available for:  Mac OS X v10.4.11, Mac OS X Server v10.4.11
Impact:  Resolving an alias containing maliciously crafted volume mount information may lead to an unexpected application termination or arbitrary code execution
Description:  A memory corruption issue exists in the handling of AFP volume mount information in an alias data structure. Resolving an alias containing maliciously crafted volume mount information may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of alias data structures. This issue only affects Intel- based systems running Mac OS X 10.5.1 or earlier.

CoreTypes
CVE-ID:  CVE-2008-2309
Available for:  Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.3, Mac OS X Server v10.5 through v10.5.3
Impact:  Users are not warned before opening certain potentially unsafe content types
Description:  This update adds .xht and .xhtm files to the system's list of content types that will be flagged as potentially unsafe under certain circumstances, such as when they are downloaded from a web page. While these content types are not automatically launched, if manually opened they could lead to the execution of a malicious payload. This update improves the system's ability to notify users before handling .xht and .xhtm files. On Mac OS X v10.4 this functionality is provided by the Download Validation feature. On Mac OS X v10.5 this functionality is provided by the Quarantine feature.
Credit to Brian Mastenbrook for reporting this issue.

c++filt
CVE-ID:  CVE-2008-2310
Available for:  Mac OS X v10.5 through v10.5.3, Mac OS X Server v10.5 through v10.5.3
Impact:  Passing a maliciously crafted string to c++filt may lead to an unexpected application termination or arbitrary code execution
Description:  A format string issue exists in c++filt, which is a debugging tool used to demangle C++ and Java symbols. Passing a maliciously crafted string to c++filt may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved handling of format strings. This issue does not affect systems prior to Mac OS X 10.5.

Dock
CVE-ID:  CVE-2008-2314
Available for:  Mac OS X v10.5 through v10.5.3, Mac OS X Server v10.5 through v10.5.3
Impact:  A person with physical access may be able to bypass the screen lock
Description:  When the system is set to require a password to wake from sleep or screen saver, and hot corners are set for Expose, a person with physical access may be able to access the system without entering a password. This update addresses the issue by disabling hot corners when the screen lock is active. This issue does not affect systems prior to Mac OS X 10.5. Credit to Andrew Cassell of Marine Spill Response Corporation for reporting this issue.

Launch Services
CVE-ID:  CVE-2008-2311
Available for:  Mac OS X v10.4.11, Mac OS X Server v10.4.11
Impact:  Visiting a maliciously crafted website may lead to arbitrary code execution
Description:  A race condition exists in the download validation of symbolic links, when the target of the link changes during the narrow time window of validation. If the "Open 'safe' files"
preference is enabled in Safari, visiting a maliciously crafted website may cause a file to be opened on the user's system, resulting in arbitrary code execution. This update addresses the issue by performing additional validation of downloaded files. This issue does not affect systems running Mac OS X 10.5 or later.

Net-SNMP
CVE-ID:  CVE-2008-0960
Available for:  Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.3, Mac OS X Server v10.5 through v10.5.3
Impact:  A remote attacker may be able to spoof an authenticated
SNMPv3 packet
Description:  An issue exists in Net-SNMP's SNMPv3 authentication, which may allow maliciously crafted packets to bypass the authentication check. This update addresses the issue by performing additional validation of SNMPv3 packets. Additional information is available via http://www.kb.cert.org/vuls/id/878044

Ruby
CVE-ID:  CVE-2008-2662, CVE-2008-2663, CVE-2008-2664, CVE-2008-2725,
CVE-2008-2726
Available for:  Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.3, Mac OS X Server v10.5 through v10.5.3
Impact:  Running a Ruby script that uses untrusted input to access strings or arrays may lead to an unexpected application termination or arbitrary code execution
Description:  Multiple memory corruption issues exist in Ruby's handling of strings and arrays, the most serious of which may lead to arbitrary code execution. This update addresses the issue by performing additional validation of strings and arrays.

Ruby
CVE-ID:  CVE-2008-1145
Available for:  Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.3, Mac OS X Server v10.5 through v10.5.3
Impact:  If WEBRick is running, a remote attacker may be able to access files protected by WEBrick's :NondisclosureName option
Description:  The :NondisclosureName option in the Ruby WEBrick toolkit is used to restrict access to files. Requesting a file name which uses unexpected capitalization may bypass the :NondisclosureName restriction. This update addresses the issue by additional validation of file names. Additional information is available via http://www.ruby-lang.org/en/news/2008/03/03/webrick-
file-access-vulnerability/ The directory traversal issue described in the advisory does not affect Mac OS X.

SMB File Server
CVE-ID:  CVE-2008-1105
Available for:  Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.3, Mac OS X Server v10.5 through v10.5.3
Impact:  A remote attacker may be able to cause an unexpected application termination or arbitrary code execution
Description:  A heap buffer overflow exists in the handling of SMB packets. Sending malicious SMB packets to a SMB server, or connecting to a malicious SMB server, may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking on the length of received SMB packets. Credit to Alin Rad Pop of Secunia Research for reporting this issue.

System Configuration
CVE-ID:  CVE-2008-2313
Available for:  Mac OS X v10.4.11, Mac OS X Server v10.4.11
Impact:  A local user may be able to execute arbitrary code with the privileges of new users
Description:  A local user may be able to populate the User Template directory with files that will become part of the home directory when a new user is created. This could allow arbitrary code execution with the privileges of the new user. This update addresses the issue by applying more restrictive permissions on the User Template directory.
This issue does not affect systems running Mac OS X 10.5 or later.
Credit to Andrew Mortensen of the University of Michigan for reporting this issue.

Tomcat
CVE-ID:  CVE-2005-3164, CVE-2007-1355, CVE-2007-2449, CVE-2007-2450, CVE-2007-3382, CVE-2007-3383, CVE-2007-5333, CVE-2007-3385,
CVE-2007-5461
Available for:  Mac OS X v10.4.11, Mac OS X Server v10.4.11
Impact:  Multiple vulnerabilities in Tomcat 4.1.36
Description:  Tomcat version 4.x is bundled on Mac OS X v10.4.11 systems. Tomcat on Mac OS X v10.4.11 is updated to version 4.1.37 to address several vulnerabilities, the most serious of which may lead to a cross-site scripting attack. Further information is available via the Tomcat site at http://tomcat.apache.org/ Tomcat version 6.x is bundled with Mac OS X v10.5 systems.

VPN
CVE-ID:  CVE-2007-6276
Available for:  Mac OS X v10.5 through v10.5.3, Mac OS X Server v10.5 through v10.5.3
Impact:  Remote attackers may be able to cause an unexpected application termination
Description:  A divide by zero issue exists in the virtual private network daemon's handling of load balancing information. Processing a maliciously crafted UDP packet may lead to an unexpected application termination. This issue does not lead to arbitrary code execution.
This update addresses the issue by performing additional validation of load balancing information. This issue does not affect systems prior to Mac OS X 10.5.

WebKit
CVE-ID:  CVE-2008-2307
Available for:  Mac OS X v10.5 through v10.5.3, Mac OS X Server v10.5 through v10.5.3
Impact:  Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description:  A memory corruption issue exists in WebKit's handling of JavaScript arrays. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.
This update addresses the issue through improved bounds checking.
Along with this fix, the version of Safari for Mac OS X v10.5.4 is updated to 3.1.2. For Mac OS X v10.4.11 and Windows XP / Vista, this issue is addressed in Safari v3.1.2 for those systems. Credit to James Urquhart for reporting this issue.

Security Update 2008-004 and Mac OS X v10.5.4 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/

The Software Update utility will present the update that applies to your system configuration. Only one is needed, either Security Update 2008-004 or Mac OS X v10.5.4.

For Mac OS X v10.5.3
The download file is named:  "MacOSXUpd10.5.4.dmg"
Its SHA-1 digest is:  455d911a23ba222cc962298ad8ad15b2a234ca65

For Mac OS X v10.5 - v10.5.2
The download file is named:  "MacOSXUpdCombo10.5.4.dmg"
Its SHA-1 digest is:  490962bf712b2d801d08f42ca66b8a4541e9da16

For Mac OS X Server v10.5.3
The download file is named:  "MacOSXServerUpd10.5.4.dmg"
Its SHA-1 digest is:  bfeda72164fa17564b25d205d14288fe795df127

For Mac OS X Server v10.5 - v10.5.2
The download file is named:  "MacOSXServerUpdCombo10.5.4.dmg"
Its SHA-1 digest is:  d2d2fb234333c11348eb90f91d9d1720a952605a

For Mac OS X v10.4.11 (Intel)
The download file is named:  "SecUpd2008-004Intel.dmg"
Its SHA-1 digest is:  a14f144316eb620ccd28e12887e13ec0d6f46e6a

For Mac OS X v10.4.11 (PowerPC)
The download file is named:  "SecUpd2008-004PPC.dmg"
Its SHA-1 digest is:  b5436e04ce30392bc5131272f6b7f5582bc9fe27

For Mac OS X Server v10.4.11 (Universal) The download file is named:  "SecUpdSrvr2008-004Univ.dmg"
Its SHA-1 digest is:  9b68b34f88ff8110166c1a57fd05756982f1e390

For Mac OS X Server v10.4.11 (PowerPC)
The download file is named:  "SecUpdSrvr2008-004PPC.dmg"
Its SHA-1 digest is:  35ef81cc092a74af80b2ef792c72645c636a4ae5

Information will also be posted to the Apple Security Updates web site:  http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key, and details are available at:
http://www.apple.com/support/security/pgp/



 

This advisory contains information released by the original author. Some of the information may have changed since it was released. If the issue affects you, it may be prudent to retrieve the advisory from the site of the original source to ensure that you receive the most current information concerning that problem. Reference to any specific commercial product, process, or service by trade name, trademark manufacturer, or otherwise, does not constitute or imply its endorsement, recommendation, or favouring by CPNI.

The views and opinions of authors expressed within this notice shall not be used for advertising or product endorsement purposes. CPNI shall not accept responsibility for any errors or omissions contained within this advisory. In particular, they shall not be liable for any loss or damage whatsoever, arising from or in connection with the usage of information contained within this advisory.

CSIRTUK is a member of the Forum of Incident Response and Security Teams (FIRST) and has contacts with other international Incident Response Teams (IRTs) in order to foster cooperation and coordination in incident prevention, to prompt rapid reaction to incidents, and to promote information sharing amongst its members and the community at large.

Tue, 01 Jul 2008 09:29:00 GMT
Domain affected: Technical
  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |