SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   OS (UNIX)  >   Mac OS X Vendors:   Apple Computer
Mac OS X Bugs in CoreGraphics and QuickDraw Manager Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1022209
SecurityTracker URL:  http://securitytracker.com/id/1022209
CVE Reference:   CVE-2009-0010, CVE-2009-0145, CVE-2009-0155, CVE-2009-0160   (Links to External Site)
Date:  May 13 2009
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 10.5.7
Description:   Several vulnerabilities were reported in Mac OS X in the CoreGraphics and QuickDraw Manager components. A remote user can cause arbitrary code to be executed on the target user's system.

A remote user can create a specially crafted PDF or PICT file that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user.

A specially crafted PDF file can trigger a memory corruption error in CoreGraphics [CVE-2009-0145].

A specially crafted PDF file can trigger an integer overflow in CoreGraphics [CVE-2009-0155]. Systems prior to Mac OS X version 10.5 are not affected. Barry K. Nathan reported this vulnerability.

A specially crafted PICT image can trigger a memory corruption error in QuickDraw Manager [CVE-2009-0160].

A specially crafted PICT image can trigger an integer overflow in QuickDraw Manager [CVE-2009-0010]. Damian Put and Sebastian Apelt reported this vulnerability via TippingPoint. Chris Ries of Carnegie Mellon University Computing Services also reported this vulnerability.

Impact:   A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution:   The vendor has issued a fix (APPLE-SA-2009-05-12 Security Update 2009-002; and Mac OS X 10.5.7), available from the Software Update pane in System Preferences, or Apple's Software Downloads web site at:

http://www.apple.com/support/downloads/

The Software Update utility will present the update that applies
to your system configuration. Only one is needed, either
Security Update 2009-002 or Mac OS X v10.5.7.

For Mac OS X v10.5.6
The download file is named: MacOSXUpd10.5.7.dmg
Its SHA-1 digest is: 0173995ad572f2bc11d802671136e5e5c1afe116

For Mac OS X v10.5 - v10.5.5
The download file is named: MacOSXUpdCombo10.5.7.dmg
Its SHA-1 digest is: 646fd1ac31c679c6a5aebe8ac74f190ab774cd38

For Mac OS X Server v10.5.6
The download file is named: MacOSXServerUpd10.5.7.dmg
Its SHA-1 digest is: 476b1f7c0e91eb8974eee84d9ee0f064964dce6d

For Mac OS X Server v10.5 - v10.5.5
The download file is named: MacOSXServerUpdCombo10.5.7.dmg
Its SHA-1 digest is: 20230891a42cb78ca38019527b708ef1549f61ae

For Mac OS X v10.4.11 (Intel)
The download file is named: SecUpd2009-002Intel.dmg
Its SHA-1 digest is: fc0143380efaf4aa7f320d1e2a84528c8e41a000

For Mac OS X v10.4.11 (PowerPC)
The download file is named: SecUpd2009-002PPC.dmg
Its SHA-1 digest is: 9e9b69c18450a1fa81484d7366a67ae97cfc52c7

For Mac OS X Server v10.4.11 (Universal)
The download file is named: SecUpdSrvr2009-002Univ.dmg
Its SHA-1 digest is: f0048c912ae939c1b5c95db5e843b4ee6cf60c21

For Mac OS X Server v10.4.11 (PowerPC)
The download file is named: SecUpdSrvr2009-002PPC.dmg
Its SHA-1 digest is: 525d90cc0d5bc00edd3f9a44e8447492a962f571

The vendor's advisory is available at:

http://support.apple.com/kb/HT3549

Vendor URL:  support.apple.com/kb/HT3549 (Links to External Site)
Cause:   Access control error, Boundary error
Underlying OS:  

Message History:   This archive entry has one or more follow-up message(s) listed below.
Jun 2 2009 (Apple Issues Fix for QuickTime for Windows) Mac OS X Bugs in CoreGraphics and QuickDraw Manager Let Remote Users Execute Arbitrary Code   (Apple Product Security <product-security-noreply@lists.apple.com>)
Apple has released a fix for QuickTime.



 Source Message Contents

Date:  Wed, 13 May 2009 01:17:08 -0400
Subject:  Mac OS X


CoreGraphics
CVE-ID:  CVE-2009-0145
Available for:  Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6
Impact:  Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description:  Multiple memory corruption issues exist in
CoreGraphics' handling of PDF files. Opening a maliciously crafted
PDF file may lead to an unexpected application termination or
arbitrary code execution. This update addresses the issues through
improved bounds and error checking.

CoreGraphics
CVE-ID:  CVE-2009-0155
Available for:  Mac OS X v10.5 through v10.5.6,
Mac OS X Server v10.5 through v10.5.6
Impact:  Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description:  An integer underflow in CoreGraphics' handling of PDF
files may result in a heap buffer overflow. Opening a maliciously
crafted PDF file may lead to an unexpected application termination or
arbitrary code execution. This update addresses the issue through
improved bounds checking. This issue does not affect systems prior to
Mac OS X v10.5. Credit to Barry K. Nathan for reporting this issue.

QuickDraw Manager
CVE-ID:  CVE-2009-0160
Available for:  Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6
Impact:  Opening a maliciously crafted PICT image may lead to an
unexpected application termination or arbitrary code execution
Description:  A memory corruption issue exists in QuickDraw's
handling of PICT images. Opening a maliciously crafted PICT image may
lead to an unexpected application termination or arbitrary code
execution. This update addresses the issue by performing additional
validation of PICT images. Credit: Apple.

QuickDraw Manager
CVE-ID:  CVE-2009-0010
Available for:  Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6
Impact:  Opening a maliciously crafted PICT image may lead to an
unexpected application termination or arbitrary code execution
Description:  An integer underflow in the handling of PICT images may
result in a heap buffer overflow. Opening a maliciously crafted PICT
file may lead to an unexpected application termination or arbitrary
code execution. This update addresses the issue by performing
additional validation of PICT images. Credit to Damian Put and
Sebastian Apelt working with TippingPoint's Zero Day Initiative, and
Chris Ries of Carnegie Mellon University Computing Services for
reporting this issue.


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2014, SecurityGlobal.net LLC