This article has been archived and is no longer updated by Apple.

About the security content of Mac OS X 10.5.2 and Security Update 2008-001

This document describes the security content of Mac OS X 10.5.2 and Security Update 2008-001, which can be downloaded and installed via Software Update preferences, or from Apple Downloads.

For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.

For information about the Apple Product Security PGP Key, see "How to use the Apple Product Security PGP Key."

Where possible, CVE IDs are used to reference the vulnerabilities for further information.

To learn about other Security Updates, see "Apple Security Updates."

Mac OS X v10.5.2 / Security Update 2008-001

Directory Services

CVE-ID: CVE-2007-0355

Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11

Impact: A local user may be able to execute arbitrary code with system privileges.

Description: A stack buffer overflow exists in the Service Location Protocol (SLP) daemon, which may allow a local user to execute arbitrary code with system privileges. This update addresses the issue through improved bounds checking. This has been described on the Month of Apple Bugs web site (MOAB-17-01-2007). This issue does not affect systems running Mac OS X v10.5 or later. Credit to Kevin Finisterre of Netragard for reporting this issue.

Foundation

CVE-ID: CVE-2008-0035

Available for: Mac OS X v10.5 and v10.5.1, Mac OS X Server v10.5 and v10.5.1

Impact: Accessing a maliciously crafted URL may lead to an application termination or arbitrary code execution.

Description: A memory corruption issue exists in Safari's handling of URLs. By enticing a user to access a maliciously crafted URL, an attacker may cause an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of URLs. This issue does not affect systems prior to Mac OS X v10.5.

Launch Services

CVE-ID: CVE-2008-0038

Available for: Mac OS X v10.5 and v10.5.1, Mac OS X Server v10.5 and v10.5.1

Impact: An application removed from the system may still be launched via the Time Machine backup.

Description: Launch Services is an API to open applications or their document files or URLs in a way similar to the Finder or the Dock. Users expect that uninstalling an application from their system will prevent it from being launched. However, when an application has been uninstalled from the system, Launch Services may allow it to be launched if it is present in a Time Machine backup. This update addresses the issue by not allowing applications to be launched directly from a Time Machine backup. This issue does not affect systems prior to Mac OS X v10.5. Credit to Steven Fisher of Discovery Software Ltd. and Ian Coutier for reporting this issue.

Mail

CVE-ID: CVE-2008-0039

Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11

Impact: Accessing a URL in a message may lead to arbitrary code execution.

Description: An implementation issue exists in Mail's handling of file:// URLs, which may allow arbitrary applications to be launched without warning when a user clicks a URL in a message. This update addresses the issue by displaying the location of the file in Finder rather than launching it. This issue does not affect systems running Mac OS X v10.5 or later.

NFS

CVE-ID: CVE-2008-0040

Available for: Mac OS X v10.5 and v10.5.1, Mac OS X Server v10.5 and v10.5.1

Impact: If the system is being used as an NFS client or server, a remote attacker may cause an unexpected system shutdown or arbitrary code execution.

Description: A memory corruption issue exists in NFS's handling of mbuf chains. If the system is being used as an NFS client or server, a malicious NFS server or client may be able to cause an unexpected system shutdown or arbitrary code execution. This update addresses the issue through improved handling of mbuf chains. This issue does not affect systems prior to Mac OS X v10.5. Credit to Oleg Drokin of Sun Microsystems for reporting this issue.

Open Directory

Available for: Mac OS X v10.4.11, Mac OS X v10.4.11 Server

Impact: NTLM authentication requests may always fail.

Description: This update addresses a non-security issue introduced in Mac OS X v10.4.11. A race condition in Open Directory's Active Directory plug-in may terminate the operation of winbindd, causing NTLM authentications to fail. This update addresses the issue by correcting the race condition that could terminate winbindd. This issue only affects Mac OS X v10.4.11 systems configured for use with Active Directory.

Parental Controls

CVE-ID: CVE-2008-0041

Available for: Mac OS X v10.5 and v10.5.1, Mac OS X Server v10.5 and v10.5.1

Impact: Requesting to unblock a website leads to information disclosure.

Description: When set to manage web content, Parental Controls will inadvertently contact www.apple.com when a website is unblocked. This allows a remote user to detect the machines running Parental Controls. This update addresses the issue by removing the outgoing network traffic when a website is unblocked. This issue does not affect systems prior to Mac OS X v10.5. Credit to Jesse Pearson for reporting this issue.

Samba

CVE-ID: CVE-2007-6015

Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 and v10.5.1, Mac OS X Server v10.5 and v10.5.1

Impact: A remote attacker may cause an unexpected application termination or arbitrary code execution.

Description: A stack buffer overflow may occur in Samba when processing certain NetBIOS Name Service requests. If a system is explicitly configured to allow "domain logons," an unexpected application termination or arbitrary code execution could occur when processing a request. Mac OS X Server systems configured as domain controllers are also affected. This update addresses the issue by applying the Samba patch. Further information is available via the Samba web site at http://www.samba.org/samba/history/security.html Credit to Alin Rad Pop of Secunia Research for reporting this issue.

Terminal

CVE-ID: CVE-2008-0042

Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 and v10.5.1, Mac OS X Server v10.5 and v10.5.1

Impact: Viewing a maliciously crafted web page may lead to arbitrary code execution.

Description: An input validation issue exists in the processing of URL schemes handled by Terminal.app. By enticing a user to visit a maliciously crafted web page, an attacker may cause an application to be launched with controlled command line arguments, which may lead to arbitrary code execution. This update addresses the issue through improved validation of URLs. Credit to Olli Leppanen of Digital Film Finland and Brian Mastenbrook for reporting this issue.

X11

CVE-ID: CVE-2007-4568

Available for: Mac OS X v10.5 and v10.5.1, Mac OS X Server v10.5 and v10.5.1

Impact: Multiple Vulnerabilities exist in X11 X Font Server (XFS) 1.0.4.

Description: Multiple vulnerabilities in X11 X Font Server (XFS), the most serious of which may lead to arbitrary code execution. This update addresses the issue by updating to version 1.0.5. Further information is available via the X.Org website at http://www.x.org/wiki/Development/Security.

X11

CVE-ID: CVE-2008-0037

Available for: Mac OS X v10.5 and v10.5.1, Mac OS X Server v10.5 and v10.5.1

Impact: Changing the settings in the Security Preferences Panel has no effect.

Description: The X11 server is not reading correctly its "Allow connections from network client" preference, which can cause the X11 server to allow connections from network clients, even when the preference is turned off. This update addresses the issue by ensuring the X11 server reads its preferences correctly. This issue does not affect systems prior to Mac OS X v10.5.

Important: Information about products not manufactured by Apple is provided for information purposes only and does not constitute Apple’s recommendation or endorsement. Please contact the vendor for additional information.

Published Date: