SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   OS (UNIX)  >   Mac OS X Vendors:   Apple Computer
Mac OS X Buffer Overflow in mDNSResponder Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1018123
SecurityTracker URL:  http://securitytracker.com/id/1018123
CVE Reference:   CVE-2007-2386   (Links to External Site)
Date:  May 25 2007
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 10.4.x
Description:   A vulnerability was reported in Mac OS X mDNSResponder. A remote user on the local network can execute arbitrary code on the target system.

A remote user can send specially crafted data to trigger a buffer overflow in the UPnP Internet Gateway Device Standardized Device Control Protocol code and execute arbitrary code on the target system. The code will run with the privileges of the target service.

Versions prior to Mac OS X v10.4 are not affected.

Apple credits Michael Lynn of Juniper Networks with reporting this vulnerability.

Impact:   A remote user on the local network can execute arbitrary code on the target system.
Solution:   Apple has issued a fix as part of Security Update 2007-005, available from the Software Update pane in System Preferences, or Apple's Software Downloads web site at:

http://www.apple.com/support/downloads/

For Mac OS X v10.4.9 (PowerPC) and Mac OS X Server v10.4.9 (PowerPC)
The download file is named: "SecUpd2007-005Ti.dmg"
Its SHA-1 digest is: 8bec1c778600714d76c127446a5776b575204ade

For Mac OS X v10.4.9 (Universal) and
Mac OS X Server v10.4.9 (Universal)
The download file is named: "SecUpd2007-005Univ.dmg"
Its SHA-1 digest is: 1eca66eb30f134a667799a730fa994914acc03dd

The Apple advisory is available at:

http://docs.info.apple.com/article.html?artnum=305530

Vendor URL:  docs.info.apple.com/article.html?artnum=305530 (Links to External Site)
Cause:   Boundary error
Underlying OS:  

Message History:   This archive entry has one or more follow-up message(s) listed below.
Jun 20 2007 (Apple Issues Fix for Apple TV) Mac OS X Buffer Overflow in mDNSResponder Lets Remote Users Execute Arbitrary Code   (Apple Product Security <product-security-noreply@lists.apple.com>)
Apple has released a fix for Apple TV.



 Source Message Contents

Date:  Thu, 24 May 2007 13:08:11 -0700
Subject:  APPLE-SA-2007-05-24 Security Update 2007-005

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2007-05-24 Security Update 2007-005

Security Update 2007-005 is now available and addresses the following
issues:

Alias Manager
CVE-ID:  CVE-2007-0740
Available for:  Mac OS X v10.3.9, Mac OS X Server v10.3.9,
Mac OS X v10.4.9, Mac OS X Server v10.4.9
Impact:  Users may be misled into opening a substituted file
Description:  In certain circumstances, an implementation issue in
Alias Manager will not show identically-named files contained in
identically-named mounted disk images. By enticing a user to mount
two identically-named disk images, an attacker could
mislead the user into opening a malicious program. This update
addresses the issue by performing additional validation of
mountpaths. Credit to Greg Bolsinga of Blurb, Inc. for reporting
this issue.

BIND
CVE-ID:  CVE-2007-0493, CVE-2007-0494, CVE-2006-4095,CVE-2006-4096
Available for:  Mac OS X v10.3.9, Mac OS X Server v10.3.9,
Mac OS X v10.4.9, Mac OS X Server v10.4.9
Impact:  Multiple vulnerabilities in BIND, the most serious of
which is remote denial of service
Description:  BIND is updated to version 9.3.4. Further
information is available via the ISC web site at
http://www.isc.org/index.pl?/sw/bind/

CoreGraphics
CVE-ID:  CVE-2007-0750
Available for:  Mac OS X v10.4.9, Mac OS X Server v10.4.9
Impact:  Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description:  An integer overflow vulnerability exists in the
handling of PDF files. By enticing a user to open a maliciously
crafted PDF file, an attacker could trigger the overflow which
may lead to an unexpected application termination or arbitrary
code execution. This update addresses the issue by performing
additional validation of PDF files. This issue does not affect
systems prior to Mac OS X v10.4.

crontabs
CVE-ID:  CVE-2007-0751
Available for:  Mac OS X v10.3.9, Mac OS X Server v10.3.9,
Mac OS X v10.4.9, Mac OS X Server v10.4.9
Impact:  The daily /tmp cleanup script may lead to a denial of
service
Description:  Filesystems mounted in the /tmp directory may be
deleted when the daily cleanup script is executed, which may
lead to a denial of service. This update addresses the issues by
updating the daily cleanup script to prevent find commands from
descending into mounted filesystems.

fetchmail
CVE-ID:  CVE-2007-1558
Available for:  Mac OS X v10.3.9, Mac OS X Server v10.3.9,
Mac OS X v10.4.9, Mac OS X Server v10.4.9
Impact:  fetchmail password disclosure may be possible
Description:  fetchmail is updated to version 6.3.8 to address a
cryptographic weakness that could lead to the disclosure of fetchmail
passwords. Further information is available via the fetchmail web
site at http://fetchmail.berlios.de/fetchmail-SA-2007-01.txt

file
CVE-ID:  CVE-2007-1536
Available for:  Mac OS X v10.3.9, Mac OS X Server v10.3.9,
Mac OS X v10.4.9, Mac OS X Server v10.4.9
Impact:  Running the file command on a maliciously crafted file
may lead to an unexpected application termination or arbitrary
code execution
Description:  A heap buffer overflow vulnerability exists in the
file command line tool, which may lead to an unexpected
application termination or arbitrary code execution. This update
addresses by performing additional validation of files that are
passed to the file command.

iChat
CVE-ID:  CVE-2007-2390
Available for:  Mac OS X v10.3.9, Mac OS X Server v10.3.9,
Mac OS X v10.4.9, Mac OS X Server v10.4.9
Impact:  An attacker on the local network may be able to cause a
denial of service or arbitrary code execution
Description:  A buffer overflow vulnerability exists in the UPnP
IGD (Internet Gateway Device Standardized Device Control
Protocol) code used to create Port Mappings on home NAT gateways
in iChat. By sending a maliciously crafted packet, an attacker
on the local network can trigger the overflow which may lead to
an unexpected application termination or arbitrary code
execution. This update addresses the issue by performing
additional validation when processing UPnP protocol packets in
iChat.

mDNSResponder
CVE-ID:  CVE-2007-2386
Available for:  Mac OS X v10.4.9, Mac OS X Server v10.4.9
Impact:  An attacker on the local network may be able to cause a
denial of service or arbitrary code execution
Description:  A buffer overflow vulnerability exists in the UPnP
IGD (Internet Gateway Device Standardized Device Control
Protocol) code used to create Port Mappings on home NAT gateways
in the OS X mDNSResponder implementation. By sending a
maliciously crafted packet, an attacker on the local network can
trigger the overflow which may lead to an unexpected application
termination or arbitrary code execution. This update addresses
the issue by performing additional validation when processing
UPnP protocol packets. This issue does not affect systems prior
to Mac OS X v10.4. Credit to Michael Lynn of Juniper Networks
for reporting this issue.

PPP
CVE-ID:  CVE-2007-0752
Available for:  Mac OS X v10.4.9, Mac OS X Server v10.4.9
Impact:  A local user may obtain system privileges
Description:  An implementation issue exists in the PPP daemon
when loading plugins via the command line, which allows a local
user to obtain system privileges. This update addresses the
issue by allowing only the superuser to load plugins. This issue
does not affect systems prior to Mac OS X v10.4. Credit to an
anonymous researcher working with the iDefense VCP for reporting
this issue.

ruby
CVE-ID:  CVE-2006-5467, CVE-2006-6303
Available for:  Mac OS X v10.3.9, Mac OS X Server v10.3.9,
Mac OS X v10.4.9, Mac OS X Server v10.4.9
Impact:  Denial of service vulnerabilities in the Ruby CGI
library
Description:  Multiple denial of service issues exist in the Ruby
CGI library. By sending maliciously crafted HTTP requests to a
web application using cgi.rb, an attacker could trigger an issue
which may lead to a denial of service. This update addresses the
issues by applying the Ruby patches.

screen
CVE-ID:  CVE-2006-4573
Available for:  Mac OS X v10.3.9, Mac OS X Server v10.3.9,
Mac OS X v10.4.9, Mac OS X Server v10.4.9
Impact:  Multiple denial of service vulnerabilities in GNU Screen
Description:  The screen command line tool is updated to address
multiple denial of service vulnerabilities. Further information
is available via the GNU web site at
http://lists.gnu.org/archive/html/screen-users/2006-10/msg00028.html

texinfo
CVE-ID:  CVE-2005-3011
Available for:  Mac OS X v10.3.9, Mac OS X Server v10.3.9,
Mac OS X v10.4.9, Mac OS X Server v10.4.9
Impact:  A local user may cause another user running texinfo to
overwrite arbitrary files
Description:  A file handling issue exists in texinfo, which may
allow a local user to create or overwrite files with the
privileges of the user running texinfo. This update addresses
the issue through improved handling of temporary files.

VPN
CVE-ID:  CVE-2007-0753
Available for:  Mac OS X v10.3.9, Mac OS X Server v10.3.9,
Mac OS X v10.4.9, Mac OS X Server v10.4.9
Impact:  A local user may obtain system privileges
Description:  A format string vulnerability exists in vpnd. By
running the vpnd command with maliciously crafted arguments, a
local user can trigger the vulnerability which may lead to
arbitrary code execution with system privileges. This update
addresses the issue by performing additional validation of the
arguments passed to vpnd. Credit to Chris Anley of NGSSoftware
for reporting this issue.

Security Update 2007-005 may be obtained from the Software Update
pane in System Preferences, or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/

For Mac OS X v10.4.9 (PowerPC) and Mac OS X Server v10.4.9 (PowerPC)
The download file is named:  "SecUpd2007-005Ti.dmg"
Its SHA-1 digest is:  8bec1c778600714d76c127446a5776b575204ade

For Mac OS X v10.4.9 (Universal) and
Mac OS X Server v10.4.9 (Universal)
The download file is named:  "SecUpd2007-005Univ.dmg"
Its SHA-1 digest is:  1eca66eb30f134a667799a730fa994914acc03dd

For Mac OS X v10.3.9
The download file is named:  "SecUpd2007-005Pan.dmg"
Its SHA-1 digest is:  2dfb56137a47a9e1b335efc7aa5bf405cc8e046e

For Mac OS X Server v10.3.9
The download file is named:  "SecUpdSrvr2007-005Pan.dmg"
Its SHA-1 digest is:  5673f4e3b99cd2c27d46a80892453298f5ba43cb

Information will also be posted to the Apple Product Security
web site:
http://docs.info.apple.com/article.html?artnum=61798

This message is signed with Apple's Product Security PGP key,
and details are available at:
http://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----

iQEVAwUBRlXdLMgAoqu4Rp5tAQh72Af/RuqIfQy56WL+HA5aNEt+s+Jl0ayHuuYF
RjSf6u3qSpbDZ42TkSu0m14qoGTG0kF+kYtoBY6MMHb3Ev5to9+IO28tfjzHedC+
VTtXzPzNlR2NKl0Za8nyWQVLF7IW3atYjO2uz5OjHEQzfUrQJyI02u+JoGK1JgIZ
qGllaLNboaQS42D65jn0hs5cr1owqaGQ6J/55XIiWLdMiJ8E9E29xZU7Vp1C4E+f
fduySa2XloFl8BwO6gBSO4DjaPv0BQFf+tiprV4+2qXkAIL5H81ZfRCFH9NCPsqB
iiJI6Bng26RxLkx4W7cUlxG5ZXHOT/shUMYmFIHrC1EaoixT0x6flw==
=zZG+
-----END PGP SIGNATURE-----

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list      (Security-announce@lists.apple.com)
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2014, SecurityGlobal.net LLC