Languages

Archived - About the security content of Security Update 2008-004 and Mac OS X 10.5.4

This document describes the security content of Security Update 2008-004 and Mac OS X 10.5.4, which can be downloaded and installed via Software Update preferences, or from Apple Downloads.

For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.

For information about the Apple Product Security PGP Key, see "How to use the Apple Product Security PGP Key."

Where possible, CVE IDs are used to reference the vulnerabilities for further information.

To learn about other Security Updates, see "Apple Security Updates."

 

This article has been archived and is no longer updated by Apple.

Security Update 2008-004 and Mac OS X v10.5.4

  • Alias Manager

    CVE-ID: CVE-2008-2308

    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11

    Impact: Resolving an alias containing maliciously crafted volume mount information may lead to an unexpected application termination or arbitrary code execution

    Description: A memory corruption issue exists in the handling of AFP volume mount information in an alias data structure. Resolving an alias containing maliciously crafted volume mount information may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of alias data structures. This issue only affects Intel-based systems running Mac OS X 10.5.1 or earlier.

  • CoreTypes

    CVE-ID: CVE-2008-2309

    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.3, Mac OS X Server v10.5 through v10.5.3

    Impact: Users are not warned before opening certain potentially unsafe content types

    Description: This update adds .xht and .xhtm files to the system's list of content types that will be flagged as potentially unsafe under certain circumstances, such as when they are downloaded from a web page. While these content types are not automatically launched, if manually opened they could lead to the execution of a malicious payload. This update improves the system's ability to notify users before handling .xht and .xhtm files. On Mac OS X v10.4 this functionality is provided by the Download Validation feature. On Mac OS X v10.5 this functionality is provided by the Quarantine feature. Credit to Brian Mastenbrook for reporting this issue.

  • c++filt

    CVE-ID: CVE-2008-2310

    Available for: Mac OS X v10.5 through v10.5.3, Mac OS X Server v10.5 through v10.5.3

    Impact: Passing a maliciously crafted string to c++filt may lead to an unexpected application termination or arbitrary code execution

    Description: A format string issue exists in c++filt, which is a debugging tool used to demangle C++ and Java symbols. Passing a maliciously crafted string to c++filt may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved handling of format strings. This issue does not affect systems prior to Mac OS X 10.5.

  • Dock

    CVE-ID: CVE-2008-2314

    Available for: Mac OS X v10.5 through v10.5.3, Mac OS X Server v10.5 through v10.5.3

    Impact: A person with physical access may be able to bypass the screen lock

    Description: When the system is set to require a password to wake from sleep or screen saver, and Exposé hot corners are set, a person with physical access may be able to access the system without entering a password. This update addresses the issue by disabling hot corners when the screen lock is active. This issue does not affect systems prior to Mac OS X 10.5. Credit to Andrew Cassell of Marine Spill Response Corporation for reporting this issue.

  • Launch Services

    CVE-ID: CVE-2008-2311

    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11

    Impact: Visiting a maliciously crafted website may lead to arbitrary code execution

    Description: A race condition exists in the download validation of symbolic links, when the target of the link changes during the narrow time window of validation. If the "Open 'safe' files" preference is enabled in Safari, visiting a maliciously crafted website may cause a file to be opened on the user's system, resulting in arbitrary code execution. This update addresses the issue by performing additional validation of downloaded files. This issue does not affect systems running Mac OS X 10.5 or later.

  • Net-SNMP

    CVE-ID: CVE-2008-0960

    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.3, Mac OS X Server v10.5 through v10.5.3

    Impact: A remote attacker may be able to spoof an authenticated SNMPv3 packet

    Description: An issue exists in Net-SNMP's SNMPv3 authentication, which may allow maliciously crafted packets to bypass the authentication check. This update addresses the issue by performing additional validation of SNMPv3 packets. Additional information is available via http://www.kb.cert.org/vuls/id/878044

  • Ruby

    CVE-ID: CVE-2008-2662, CVE-2008-2663, CVE-2008-2664, CVE-2008-2725, CVE-2008-2726

    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.3, Mac OS X Server v10.5 through v10.5.3

    Impact: Running a Ruby script that uses untrusted input to access strings or arrays may lead to an unexpected application termination or arbitrary code execution

    Description: Multiple memory corruption issues exist in Ruby's handling of strings and arrays, the most serious of which may lead to arbitrary code execution. This update addresses the issue by performing additional validation of strings and arrays.

  • Ruby

    CVE-ID: CVE-2008-1145

    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.3, Mac OS X Server v10.5 through v10.5.3

    Impact: If WEBRick is running, a remote attacker may be able to access files protected by WEBrick's :NondisclosureName option

    Description: The :NondisclosureName option in the Ruby WEBrick toolkit is used to restrict access to files. Requesting a file name which uses unexpected capitalization may bypass the :NondisclosureName restriction. This update addresses the issue by additional validation of file names. Additional information is available via http://www.ruby-lang.org/en/news/2008/03/03/webrick-file-access-vulnerability/ The directory traversal issue described in the advisory does not affect Mac OS X.

  • SMB File Server

    CVE-ID: CVE-2008-1105

    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.3, Mac OS X Server v10.5 through v10.5.3

    Impact: A remote attacker may be able to cause an unexpected application termination or arbitrary code execution

    Description: A heap buffer overflow exists in the handling of SMB packets. Sending malicious SMB packets to a SMB server, or connecting to a malicious SMB server, may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking on the length of received SMB packets. Credit to Alin Rad Pop of Secunia Research for reporting this issue.

  • System Configuration

    CVE-ID: CVE-2008-2313

    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11

    Impact: A local user may be able to execute arbitrary code with the privileges of new users

    Description: A local user may be able to populate the User Template directory with files that will become part of the home directory when a new user is created. This could allow arbitrary code execution with the privileges of the new user. This update addresses the issue by applying more restrictive permissions on the User Template directory. This issue does not affect systems running Mac OS X 10.5 or later. Credit to Andrew Mortensen of the University of Michigan for reporting this issue.

  • Tomcat

    CVE-ID: CVE-2005-3164, CVE-2007-1355, CVE-2007-2449, CVE-2007-2450, CVE-2007-3382, CVE-2007-3383, CVE-2007-5333, CVE-2007-3385, CVE-2007-5461

    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11

    Impact: Multiple vulnerabilities in Tomcat 4.1.36

    Description: Tomcat version 4.x is bundled on Mac OS X v10.4.11 systems. Tomcat on Mac OS X v10.4.11 is updated to version 4.1.37 to address several vulnerabilities, the most serious of which may lead to a cross-site scripting attack. Further information is available via the Tomcat site at http://tomcat.apache.org/ Tomcat version 6.x is bundled with Mac OS X v10.5 systems.

  • VPN

    CVE-ID: CVE-2007-6276

    Available for: Mac OS X v10.5 through v10.5.3, Mac OS X Server v10.5 through v10.5.3

    Impact: Remote attackers may be able to cause an unexpected application termination

    Description: A divide by zero issue exists in the virtual private network daemon's handling of load balancing information. Processing a maliciously crafted UDP packet may lead to an unexpected application termination. This issue does not lead to arbitrary code execution. This update addresses the issue by performing additional validation of load balancing information. This issue does not affect systems prior to Mac OS X 10.5.

  • WebKit

    CVE-ID: CVE-2008-2307

    Available for: Mac OS X v10.5 through v10.5.3, Mac OS X Server v10.5 through v10.5.3

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: A memory corruption issue exists in WebKit's handling of JavaScript arrays. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Along with this fix, the version of Safari for Mac OS X v10.5.4 is updated to 3.1.2. For Mac OS X v10.4.11 and Windows XP / Vista, this issue is addressed in Safari v3.1.2 for those systems. Credit to James Urquhart for reporting this issue.

Important: Mention of third-party websites and products is for informational purposes only and constitutes neither an endorsement nor a recommendation. Apple assumes no responsibility with regard to the selection, performance or use of information or products found at third-party websites. Apple provides this only as a convenience to our users. Apple has not tested the information found on these sites and makes no representations regarding its accuracy or reliability. There are risks inherent in the use of any information or products found on the Internet, and Apple assumes no responsibility in this regard. Please understand that a third-party site is independent from Apple and that Apple has no control over the content on that website. Please contact the vendor for additional information.
Last Modified: Nov 5, 2011
Helpful?
Yes
No
  • Last Modified: Nov 5, 2011
  • Article: HT2163
  • Views:

    null

Additional Product Support Information

Start a Discussion
in Apple Support Communities
See all questions on this article See all questions I have asked