SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   OS (UNIX)  >   Apple macOS/OS X Vendors:   Apple
Mac OS X Multiple Bugs Permit Remote Code Execution, Local Privilege Escalation, Cross-Site Scripting Attacks, and Information Disclosure
SecurityTracker Alert ID:  1019106
SecurityTracker URL:  http://securitytracker.com/id/1019106
CVE Reference:   CVE-2007-3876, CVE-2007-4708, CVE-2007-4709, CVE-2007-4710, CVE-2007-5847, CVE-2007-5850, CVE-2007-5853, CVE-2007-5854, CVE-2007-5856, CVE-2007-5857, CVE-2007-5860, CVE-2007-5861, CVE-2007-5863, CVE-2007-6165   (Links to External Site)
Updated:  Dec 22 2007
Original Entry Date:  Dec 18 2007
Impact:   Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, Root access via local system, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 10.5.1 and prior versions
Description:   Multiple vulnerabilities were reported in Mac OS X. A remote user can cause arbitrary code to be executed on the target user's system. A local user can obtain system privileges on the target system. A remote user can conduct cross-site scripting attacks. A local user can obtain potentially sensitive information.

A local user can invoke the mount_smbfs and smbutil applications to trigger a stack overflow and execute arbitrary code with system privileges [CVE-2007-3876]. Versions 10.5 and later are not affected. Sean Larsson of VeriSign iDefense Labs reported this vulnerability.

A remote user can create specially crafted HTML that, when loaded by the target user, will trigger a format string flaw in the Address Book URL handler and execute arbitrary code on the target system [CVE-2007-4708]. The code will run with the privileges of the target user. Versions 10.5 and later are not affected.

A remote user can create specially crafted HTML that, when loaded by the target user, will trigger a path traversal flaw in CFNetwork and cause files to be automatically downloaded to arbitrary locations with the privileges of the target user [CVE-2007-4709]. Versions prior to 10.5 are not affected. Sean Harding reported this vulnerability.

A remote user can create an image with a specially crafted embedded ColorSync profile that, when loaded by the target user, will trigger a buffer overflow and execute arbitrary code on the target system [CVE-2007-4710]. The code will run with the privileges of the target user. Versions 10.5 and later are not affected. Tom Ferris of Adobe Secure Software Engineering Team (ASSET) reported this vulnerability.

Launch Services does not properly filter HTML code from user-supplied input before displaying the input [CVE-2007-5854]. A remote user can create a specially crafted HTML that, when loaded by a target user, will cause arbitrary scripting code to be executed by the target user's browser. The code will be able to access information on the target user's system. Michal Zalewski of Google Inc. reported this vulnerability.

A local user can exploit a race condition in the CoreFoundation CFURLWriteDataAndPropertiesToResource API to cause files to be created with insecure permissions [CVE-2007-5847]. As a result, a local user may be able to obtain potentially sensitive information. Versions 10.5 and later are not affected.

A remote user can create a specially crafted '.DS_Store file' that, when opened via Finder by the target user, will trigger a heap overflow in Desktop Services and execute arbitrary code [CVE-2007-5850]. The code will run with the privileges of the target user. Versions 10.5 and later are not affected.

A remote user can create a disk image with specially crafted GUID partition maps that, when opened by the target user, will trigger a memory corruption error in the IO Storage Family code and execute arbitrary code [CVE-2007-5853]. Versions 10.5 and later are not affected.

A remote user can create a specially crafted HTML file that, when previewed by the target user with QuickLook, will allow the remote user to initiate network requests to access potentially sensitive information [CVE-2007-5856]. Versions prior to 10.5 are not affected.

A remote user can create a specially crafted movie file that, when previewed by the target user with QuickLook, will allow URLs within the movie to be accessed [CVE-2007-5857]. Versions prior to 10.5 are not affected. Versions prior to 10.5 are not affected. Also, systems with QuickTime 7.3 are not affected. Lukhnos D. Liu of Lithoglyph Inc. reported this vulnerability.

A local user can exploit a flaw in SpinTracer's handling of output files to execute arbitrary code with system privileges [CVE-2007-5860]. Versions prior to 10.5 are not affected. Kevin Finisterre of DigitalMunition reported this vulnerability.

A remote user can create a specially crafted '.xls' file that, when downloaded by the target user, will trigger a memory corruption error in the Microsoft Office Spotlight Importer and execute arbitrary code on the target system [CVE-2007-5861]. Versions 10.5 and later are not affected.

A remote user may be able to conduct a man-in-the-middle attack to hijack a target user's Software Update download session and execute arbitrary commands on the target user's system [CVE-2007-5863]. Moritz Jodeit reported this vulnerability.

A remote user can create a specially crafted email attachment that, when opened by the target user, will execute arbitrary code on the target user's system without warning due to a flaw in Launch Services [CVE-2007-6165]. The code will run with the privileges of the target user. Versions prior to 10.5 are not affected. Xeno Kovah reported this vulnerability.

Impact:   A remote user can create HTML or a file that, when loaded by the target user, will execute arbitrary code on the target user's system.

A local user can obtain system privileges on the target system.

A remote user can access information on the target user's system.

A local user can obtain potentially sensitive information.

Solution:   The vendor has issued a fix (APPLE-SA-2007-12-17 Security Update 2007-009 v1.1), available from from the Software Update pane in System Preferences, or Apple's Software Downloads web site at:

http://www.apple.com/support/downloads/

For Mac OS X v10.5.1
The download file is named: "SecUpd2007-009.dmg"
Its SHA-1 digest is: 0ba35ef30a525792f1d4015395997b42f524dd38

For Mac OS X v10.4.11 (Universal)
The download file is named: "SecUpd2007-009Univ.dmg"
Its SHA-1 digest is: 49f52d4f647ea4a1fabef34cccac263bfd03791a

For Mac OS X v10.4.11 (PPC)
The download file is named: "SecUpd2007-009Ti.dmg"
Its SHA-1 digest is: d1c5c4bc23267dd846bb96e7be69b084579c1bba

The Apple advisories are available at:

http://docs.info.apple.com/article.html?artnum=307179
http://docs.info.apple.com/article.html?artnum=307224

[Editor's note: The original security update 2007-009 issued on December 17, 2007 contained a performance issue that may cause Safari to crash. On December 21, 2007, Apple issued the revised security update 2007-009 v1.1. Customers should apply the new update.]

Vendor URL:  docs.info.apple.com/article.html?artnum=307179 (Links to External Site)
Cause:   Access control error, Boundary error, Input validation error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2016, SecurityGlobal.net LLC