About the security content of Security Update 2010-002 / Mac OS X v10.6.3
This document describes the security content of Security Update 2010-002 / Mac OS X v10.6.3.
For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.
For information about the Apple Product Security PGP Key, see "How to use the Apple Product Security PGP Key."
Where possible, CVE IDs are used to reference the vulnerabilities for further information.
To learn about other Security Updates, see "Apple Security Updates."
Security Update 2010-002 / Mac OS X v10.6.3
AppKit
CVE-ID: CVE-2010-0056
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8
Impact: Spell checking a maliciously crafted document may lead to an unexpected application termination or arbitrary code execution
Description: A buffer overflow exists in the spell checking feature used by Cocoa applications. Spell checking a maliciously crafted document may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. This issue does not affect Mac OS X v10.6 systems. Credit: Apple.
Application Firewall
CVE-ID: CVE-2009-2801
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8
Impact: Certain rules in the Application Firewall may become inactive after restart
Description: A timing issue in the Application Firewall may cause certain rules to become inactive after reboot. The issue is addressed through improved handling of Firewall rules. This issue does not affect Mac OS X v10.6 systems. Credit to Michael Kisor of OrganicOrb.com for reporting this issue.
AFP Server
CVE-ID: CVE-2010-0057
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2
Impact: When guest access is disabled, a remote user may be able to mount AFP shares as a guest
Description: An access control issue in AFP Server may allow a remote user to mount AFP shares as a guest, even if guest access is disabled. This issue is addressed through improved access control checks. Credit: Apple.
AFP Server
CVE-ID: CVE-2010-0533
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2
Impact: A remote user with guest access to an AFP share may access the contents of world-readable files outside the Public share
Description: A directory traversal issue exists in the path validation for AFP shares. A remote user may enumerate the parent directory of the share root, and read or write files within that directory that are accessible to the 'nobody' user. This issue is addressed through improved handling of file paths. Credit to Patrik Karlsson of cqure.net for reporting this issue.
Apache
CVE-ID: CVE-2009-3095
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2
Impact: A remote attacker may be able to bypass access control restrictions
Description: An input validation issue exists in Apache's handling of proxied FTP requests. A remote attacker with the ability to issue requests through the proxy may be able to bypass access control restrictions specified in the Apache configuration. This issue is addressed by updating Apache to version 2.2.14.
ClamAV
CVE-ID: CVE-2010-0058
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8
Impact: ClamAV virus definitions may not receive updates
Description: A configuration issue introduced in Security Update 2009-005 prevents freshclam from running. This may prevent virus definitions from being updated. This issue is addressed by updating freshclam's launchd plist ProgramArguments key values. This issue does not affect Mac OS X v10.6 systems. Credit to Bayard Bell, Wil Shipley of Delicious Monster, and David Ferrero of Zion Software, LLC for reporting this issue.
CoreAudio
CVE-ID: CVE-2010-0059
Available for: Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2
Impact: Playing maliciously crafted audio content may lead to an unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in the handling of QDM2 encoded audio content. Playing maliciously crafted audio content may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit to an anonymous researcher working with TippingPoint's Zero Day Initiative for reporting this issue.
CoreAudio
CVE-ID: CVE-2010-0060
Available for: Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2
Impact: Playing maliciously crafted audio content may lead to an unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in the handling of QDMC encoded audio content. Playing maliciously crafted audio content may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit to an anonymous researcher working with TippingPoint's Zero Day Initiative for reporting this issue.
CoreMedia
CVE-ID: CVE-2010-0062
Available for: Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2
Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
Description: A heap buffer overflow exists in CoreMedia's handling of H.263 encoded movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed by performing additional validation of H.263 encoded movie files. Credit to Damian Put and an anonymous researcher working with TippingPoint's Zero Day Initiative for reporting this issue.
CoreTypes
CVE-ID: CVE-2010-0063
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2
Impact: Users are not warned before opening certain potentially unsafe content types
Description: This update adds .ibplugin and .url to the system's list of content types that will be flagged as potentially unsafe under certain circumstances, such as when they are downloaded from a web page. While these content types are not automatically launched, if manually opened they could lead to the execution of a malicious JavaScript payload or arbitrary code execution. This update improves the system's ability to notify users before handling content types used by Safari. Credit to Clint Ruoho of Laconic Security for reporting this issue.
CUPS
CVE-ID: CVE-2010-0393
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2
Impact: A local user may be able to obtain system privileges
Description: A format string issue exists in the lppasswd CUPS utility. This may allow a local user to obtain system privileges. Mac OS X v10.6 systems are only affected if the setuid bit has been set on the binary. This issue is addressed by using default directories when running as a setuid process. Credit to Ronald Volgers for reporting this issue.
curl
CVE-ID: CVE-2009-2417
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2
Impact: A man-in-the-middle attacker may be able to impersonate a trusted server
Description: A canonicalization issue exists in curl's handling of NULL characters in the subject's Common Name (CN) field of X.509 certificates. This may lead to man-in-the-middle attacks against users of the curl command line tool, or applications using libcurl. This issue is addressed through improved handling of NULL characters.
curl
CVE-ID: CVE-2009-0037
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8
Impact: Using curl with -L may allow a remote attacker to read or write local files
Description: curl will follow HTTP and HTTPS redirects when used with the -L option. When curl follows a redirect, it allows file:// URLs. This may allow a remote attacker to access local files. This issue is addressed through improved validation of redirects. This issue does not affect Mac OS X v10.6 systems. Credit to Daniel Stenberg of Haxx AB for reporting this issue.
Cyrus IMAP
CVE-ID: CVE-2009-2632
Available for: Mac OS X Server v10.5.8
Impact: A local user may be able to obtain the privileges of the Cyrus user
Description: A buffer overflow exists in the handling of sieve scripts. By running a maliciously crafted sieve script, a local user may be able to obtain the privileges of the Cyrus user. This issue is addressed through improved bounds checking. This issue does not affect Mac OS X v10.6 systems.
Cyrus SASL
CVE-ID: CVE-2009-0688
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8
Impact: An unauthenticated remote attacker may cause unexpected application termination or arbitrary code execution
Description: A buffer overflow exists in the Cyrus SASL authentication module. Using Cyrus SASL authentication may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. This issue does not affect Mac OS X v10.6 systems.
DesktopServices
CVE-ID: CVE-2010-0064
Available for: Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2
Impact: Items copied in the Finder may be assigned an unexpected file owner
Description: When performing an authenticated copy in the Finder, original file ownership may be unexpectedly copied. This update addresses the issue by ensuring that copied files are owned by the user performing the copy. This issue does not affect systems prior to Mac OS X v10.6. Credit to Gerrit DeWitt of Auburn University (Auburn, AL) for reporting this issue.
DesktopServices
CVE-ID: CVE-2010-0537
Available for: Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2
Impact: A remote attacker may gain access to user data via a multi-stage attack
Description: A path resolution issue in DesktopServices is vulnerable to a multi-stage attack. A remote attacker must first entice the user to mount an arbitrarily named share, which may be done via a URL scheme. When saving a file using the default save panel in any application, and using "Go to folder" or dragging folders to the save panel, the data may be unexpectedly saved to the malicious share. This issue is addressed through improved path resolution. This issue does not affect systems prior to Mac OS X v10.6. Credit to Sidney San Martin working with DeepTech, Inc. for reporting this issue.
Disk Images
CVE-ID: CVE-2010-0065
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2
Impact: Mounting a maliciously crafted disk image may lead to an unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in the handling of bzip2 compressed disk images. Mounting a maliciously crafted disk image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit: Apple.
Disk Images
CVE-ID: CVE-2010-0497
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2
Impact: Mounting a maliciously crafted disk image may lead to arbitrary code execution
Description: A design issue exists in the handling of internet enabled disk images. Mounting an internet enabled disk image containing a package file type will open it rather than revealing it in the Finder. This file quarantine feature helps to mitigate this issue by providing a warning dialog for unsafe file types. This issue is addressed through improved handling of package file types on internet enabled disk images. Credit to Brian Mastenbrook working with TippingPoint's Zero Day Initiative for reporting this issue.
Directory Services
CVE-ID: CVE-2010-0498
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2
Impact: A local user may obtain system privileges
Description: An authorization issue in Directory Services' handling of record names may allow a local user to obtain system privileges. This issue is addressed through improved authorization checks. Credit: Apple.
Dovecot
CVE-ID: CVE-2010-0535
Available for: Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2
Impact: An authenticated user may be able to send and receive mail even if the user is not on the SACL of users who are permitted to do so
Description: An access control issue exists in Dovecot when Kerberos authentication is enabled. This may allow an authenticated user to send and receive mail even if the user is not on the service access control list (SACL) of users who are permitted to do so. This issue is addressed through improved access control checks. This issue does not affect systems prior to Mac OS X v10.6.
Event Monitor
CVE-ID: CVE-2010-0500
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2
Impact: A remote attacker may cause arbitrary systems to be added to the firewall blacklist
Description: A reverse DNS lookup is performed on remote ssh clients that fail to authenticate. A plist injection issue exists in the handling of resolved DNS names. This may allow a remote attacker to cause arbitrary systems to be added to the firewall blacklist. This issue is addressed by properly escaping resolved DNS names. Credit: Apple.
FreeRADIUS
CVE-ID: CVE-2010-0524
Available for: Mac OS X Server v10.5.8, Mac OS X Server v10.6 through v10.6.2
Impact: A remote attacker may obtain access to a network via RADIUS authentication
Description: A certificate authentication issue exists in the default Mac OS X configuration of the FreeRADIUS server. A remote attacker may use EAP-TLS with an arbitrary valid certificate to authenticate and connect to a network configured to use FreeRADIUS for authentication. This issue is addressed by disabling support for EAP-TLS in the configuration. RADIUS clients should use EAP-TTLS instead. This issue only affects Mac OS X Server systems. Credit to Chris Linstruth of Qnet for reporting this issue.
FTP Server
CVE-ID: CVE-2010-0501
Available for: Mac OS X Server v10.5.8, Mac OS X Server v10.6 through v10.6.2
Impact: Users may be able to retrieve files outside the FTP root directory
Description: A directory traversal issue exists in FTP Server. This may allow a user to retrieve files outside the FTP root directory. This issue is addressed through improved handling of file names. This issue only affects Mac OS X Server systems. Credit: Apple.
iChat Server
CVE-ID: CVE-2006-1329
Available for: Mac OS X Server v10.5.8, Mac OS X Server v10.6 through v10.6.2
Impact: A remote attacker may be able to cause a denial of service
Description: An implementation issue exists in jabberd's handling of SASL negotiation. A remote attacker may be able to terminate the operation of jabberd. This issue is addressed through improved handling of SASL negotiation. This issue only affects Mac OS X Server systems.
iChat Server
CVE-ID: CVE-2010-0502
Available for: Mac OS X Server v10.5.8, Mac OS X Server v10.6 through v10.6.2
Impact: Chat messages may not be logged
Description: A design issue exists in iChat Server's support for configurable group chat logging. iChat Server only logs messages with certain message types. This may allow a remote user to send a message through the server without it being logged. The issue is addressed by removing the capability to disable group chat logs, and logging all messages that are sent through the server. This issue only affects Mac OS X Server systems. Credit: Apple.
iChat Server
CVE-ID: CVE-2010-0503
Available for: Mac OS X Server v10.5.8
Impact: An authenticated user may be able to cause an unexpected application termination or arbitrary code execution
Description: A use-after-free issue exists in iChat Server. An authenticated user may be able to cause an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory reference tracking. This issue only affects Mac OS X Server systems, and does not affect versions 10.6 or later.
iChat Server
CVE-ID: CVE-2010-0504
Available for: Mac OS X Server v10.5.8, Mac OS X Server v10.6 through v10.6.2
Impact: An authenticated user may be able to cause an unexpected application termination or arbitrary code execution
Description: Multiple stack buffer overflow issues exist in iChat Server. An authenticated user may be able to cause an unexpected application termination or arbitrary code execution. These issues are addressed through improved memory management. These issues only affect Mac OS X Server systems. Credit: Apple.
ImageIO
CVE-ID: CVE-2010-0505
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2
Impact: Viewing a maliciously crafted JP2 image may lead to an unexpected application termination or arbitrary code execution
Description: A heap buffer overflow exists in the handling of JP2 images. Viewing a maliciously crafted JP2 image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit to Chris Ries of Carnegie Mellon University Computing Service, and researcher "85319bb6e6ab398b334509c50afce5259d42756e" working with TippingPoint's Zero Day Initiative for reporting this issue.
ImageIO
CVE-ID: CVE-2010-0041
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2
Impact: Visiting a maliciously crafted website may result in sending data from Safari's memory to the website
Description: An uninitialized memory access issue exists in ImageIO's handling of BMP images. Visiting a maliciously crafted website may result in sending data from Safari's memory to the website. This issue is addressed through improved memory initialization and additional validation of BMP images. Credit to Matthew 'j00ru' Jurczyk of Hispasec for reporting this issue.
ImageIO
CVE-ID: CVE-2010-0042
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2
Impact: Visiting a maliciously crafted website may result in sending data from Safari's memory to the website
Description: An uninitialized memory access issue exists in ImageIO's handling of TIFF images. Visiting a maliciously crafted website may result in sending data from Safari's memory to the website. This issue is addressed through improved memory initialization and additional validation of TIFF images. Credit to Matthew 'j00ru' Jurczyk of Hispasec for reporting this issue.
ImageIO
CVE-ID: CVE-2010-0043
Available for: Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2
Impact: Processing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in the handling of TIFF images. Processing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory handling. This issue does not affect systems prior to Mac OS X v10.6. Credit to Gus Mueller of Flying Meat for reporting this issue.
Image RAW
CVE-ID: CVE-2010-0506
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8
Impact: Viewing a maliciously crafted NEF image may lead to an unexpected application termination or arbitrary code execution
Description: A buffer overflow exists in Image RAW's handling of NEF images. Viewing a maliciously crafted NEF image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. This issue does not affect Mac OS X v10.6 systems. Credit: Apple.
Image RAW
CVE-ID: CVE-2010-0507
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2
Impact: Viewing a maliciously crafted PEF image may lead to an unexpected application termination or arbitrary code execution
Description: A buffer overflow exists in Image RAW's handling of PEF images. Viewing a maliciously crafted PEF image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit to Chris Ries of Carnegie Mellon University Computing Services for reporting this issue.
Libsystem
CVE-ID: CVE-2009-0689
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2
Impact: Applications that convert untrusted data between binary floating point and text may be vulnerable to an unexpected application termination or arbitrary code execution
Description: A buffer overflow exists in the floating point binary to text conversion code within Libsystem. An attacker who can cause an application to convert a floating point value into a long string, or to parse a maliciously crafted string as a floating point value, may be able to cause an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit to Maksymilian Arciemowicz of SecurityReason.com for reporting this issue.
Mail
CVE-ID: CVE-2010-0508
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2
Impact: Rules associated with a deleted mail account remain in effect
Description: When a mail account is deleted, user-defined filter rules associated with that account remain active. This may result in unexpected actions. This issue is addressed by disabling associated rules when a mail account is deleted.
Mail
CVE-ID: CVE-2010-0525
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2
Impact: Mail may use a weaker encryption key for outgoing email
Description: A logic issue exists in Mail's handling of encryption certificates. When multiple certificates for the recipient exist in the keychain, Mail may select an encryption key that is not intended for encipherment. This may lead to a security issue if the chosen key is weaker than expected. This issue is addressed by ensuring that the key usage extension within certificates is evaluated when selecting a mail encryption key. Credit to Paul Suh of ps Enable, Inc. for reporting this issue.
Mailman
CVE-ID: CVE-2008-0564
Available for: Mac OS X Server v10.5.8
Impact: Multiple vulnerabilities in Mailman 2.1.9
Description: Multiple cross-site scripting issues exist in Mailman 2.1.9. These issues are addressed by updating Mailman to version 2.1.13. Further information is available via the Mailman site at http://mail.python.org/pipermail/mailman-announce/2009-January/000128.html These issues only affect Mac OS X Server systems, and do not affect versions 10.6 or later.
MySQL
CVE-ID: CVE-2008-4456, CVE-2008-7247, CVE-2009-2446, CVE-2009-4019, CVE-2009-4030
Available for: Mac OS X Server v10.6 through v10.6.2
Impact: Multiple vulnerabilities in MySQL 5.0.82
Description: MySQL is updated to version 5.0.88 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. These issues only affect Mac OS X Server systems. Further information is available via the MySQL web site at http://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html
OS Services
CVE-ID: CVE-2010-0509
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2
Impact: A local user may be able to obtain elevated privileges
Description: A privilege escalation issue exists in SFLServer, as it runs as group 'wheel' and accesses files in users' home directories. This issue is addressed through improved privilege management. Credit to Kevin Finisterre of DigitalMunition for reporting this issue.
Password Server
CVE-ID: CVE-2010-0510
Available for: Mac OS X Server v10.5.8, Mac OS X Server v10.6 through v10.6.2
Impact: A remote attacker may be able to log in with an outdated password
Description: An implementation issue in Password Server's handling of replication may cause passwords to not be replicated. A remote attacker may be able to log in to a system using an outdated password. This issue is addressed through improved handling of password replication. This issue only affects Mac OS X Server systems. Credit to Jack Johnson of Anchorage School District for reporting this issue.
perl
CVE-ID: CVE-2008-5302, CVE-2008-5303
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8
Impact: A local user may cause arbitrary files to be deleted
Description: Multiple race condition issues exist in the rmtree function of the perl module File::Path. A local user with write access to a directory that is being deleted may cause arbitrary files to be removed with the privileges of the perl process. This issue is addressed through improved handling of symbolic links. This issue does not affect Mac OS X v10.6 systems.
PHP
CVE-ID: CVE-2009-3557, CVE-2009-3558, CVE-2009-3559, CVE-2009-4017
Available for: Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2
Impact: Multiple vulnerabilities in PHP 5.3.0
Description: PHP is updated to version 5.3.1 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the PHP website at http://www.php.net/
PHP
CVE-ID: CVE-2009-3557, CVE-2009-3558, CVE-2009-3559, CVE-2009-4142, CVE-2009-4143
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8
Impact: Multiple vulnerabilities in PHP 5.2.11
Description: PHP is updated to version 5.2.12 to address multiple vulnerabilities, the most serious of which may lead to cross-site scripting. Further information is available via the PHP website at http://www.php.net/
Podcast Producer
CVE-ID: CVE-2010-0511
Available for: Mac OS X Server v10.6 through v10.6.2
Impact: An unauthorized user may be able to access a Podcast Composer workflow
Description: When a Podcast Composer workflow is overwritten, the access restrictions are removed. This may allow an unauthorized user to access a Podcast Composer workflow. This issue is addressed through improved handling of workflow access restrictions. Podcast Composer was introduced in Mac OS X Server v10.6.
Preferences
CVE-ID: CVE-2010-0512
Available for: Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2
Impact: A network user may be able to bypass system login restrictions
Description: An implementation issue exists in the handling of system login restrictions for network accounts. If the network accounts allowed to log in to the system at the Login Window are identified by group membership only, the restriction will not be enforced, and all network users will be allowed to log in to the system. The issue is addressed through improved group restriction management in the Accounts preference pane. This issue only affects systems configured to use a network account server, and does not affect systems prior to Mac OS X v10.6. Credit to Christopher D. Grieb of University of Michigan MSIS for reporting this issue.
PS Normalizer
CVE-ID: CVE-2010-0513
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2
Impact: Viewing a maliciously crafted PostScript file may lead to an unexpected application termination or arbitrary code execution
Description: A stack buffer overflow exists in the handling of PostScript files. Viewing a maliciously crafted PostScript file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed by performing additional validation of PostScript files. On Mac OS X v10.6 systems this issue is mitigated by the -fstack-protector compiler flag. Credit: Apple.
QuickTime
CVE-ID: CVE-2010-0062
Available for: Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2
Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
Description: A heap buffer overflow exists in QuickTime's handling of H.263 encoded movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed by performing additional validation of H.263 encoded movie files. Credit to Damian Put and an anonymous researcher working with TippingPoint's Zero Day Initiative for reporting this issue.
QuickTime
CVE-ID: CVE-2010-0514
Available for: Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2
Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
Description: A heap buffer overflow exists in the handling of H.261 encoded movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed by performing additional validation of H.261 encoded movie files. Credit to Will Dormann of the CERT/CC for reporting this issue.
QuickTime
CVE-ID: CVE-2010-0515
Available for: Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2
Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
Description: A memory corruption in the handling of H.264 encoded movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed by performing additional validation of H.264 encoded movie files. Credit to an anonymous researcher working with TippingPoint's Zero Day Initiative for reporting this issue.
QuickTime
CVE-ID: CVE-2010-0516
Available for: Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2
Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
Description: A heap buffer overflow in the handling of RLE encoded movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed by performing additional validation of RLE encoded movie files. Credit to an anonymous researcher working with TippingPoint's Zero Day Initiative for reporting this issue.
QuickTime
CVE-ID: CVE-2010-0517
Available for: Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2
Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
Description: A heap buffer overflow in the handling of M-JPEG encoded movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed by performing additional validation of M-JPEG encoded movie files. Credit to Damian Put and an anonymous researcher working with TippingPoint's Zero Day Initiative for reporting this issue.
QuickTime
CVE-ID: CVE-2010-0518
Available for: Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2
Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in the handling of Sorenson encoded movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed by performing additional validation of Sorenson encoded movie files. Credit to Will Dormann of the CERT/CC for reporting this issue.
QuickTime
CVE-ID: CVE-2010-0519
Available for: Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2
Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
Description: An integer overflow exists in the handling of FlashPix encoded movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit to an anonymous researcher working with TippingPoint's Zero Day Initiative for reporting this issue.
QuickTime
CVE-ID: CVE-2010-0520
Available for: Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2
Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
Description: A heap buffer overflow exists in the handling of FLC encoded movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed by performing additional validation of FLC encoded movie files. Credit to Moritz Jodeit of n.runs AG, working with TippingPoint's Zero Day Initiative, and Nicolas Joly of VUPEN Security for reporting this issue.
QuickTime
CVE-ID: CVE-2010-0526
Available for: Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2
Impact: Viewing a maliciously crafted MPEG file may lead to an unexpected application termination or arbitrary code execution
Description: A heap buffer overflow exists in the handling of MPEG encoded movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed by performing additional validation of MPEG encoded movie files. Credit to an anonymous researcher working with TippingPoint's Zero Day Initiative for reporting this issue.
Ruby
CVE-ID: CVE-2009-2422, CVE-2009-3009, CVE-2009-4214
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2
Impact: Multiple issues in Ruby on Rails
Description: Multiple vulnerabilities exist in Ruby on Rails, the most serious of which may lead to cross-site scripting. On Mac OS X v10.6 systems, these issues are addressed by updating Ruby on Rails to version 2.3.5. Mac OS X v10.5 systems are affected only by CVE-2009-4214, and this issue is addressed through improved validation of arguments to strip_tags.
Ruby
CVE-ID: CVE-2009-1904
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2
Impact: Running a Ruby script that uses untrusted input to initialize a BigDecimal object may lead to an unexpected application termination
Description: A stack exhaustion issue exists in Ruby's handling of BigDecimal objects with very large values. Running a Ruby script that uses untrusted input to initialize a BigDecimal object may lead to an unexpected application termination. For Mac OS X v10.6 systems, this issue is addressed by updating Ruby to version 1.8.7-p173. For Mac OS v10.5 systems, this issue is addressed by updating Ruby to version 1.8.6-p369.
Server Admin
CVE-ID: CVE-2010-0521
Available for: Mac OS X Server v10.5.8, Mac OS X Server v10.6 through v10.6.2
Impact: A remote attacker may extract information from Open Directory
Description: A design issue exists in the handling of authenticated directory binding. A remote attacker may be able to anonymously extract information from Open Directory, even if the "Require authenticated binding between directory and clients" option is enabled. The issue is addressed by removing this configuration option. This issue only affects Mac OS X Server systems. Credit to Scott Gruby of Gruby Solutions, and Mathias Haack of GRAVIS Computervertriebsgesellschaft mbH for reporting this issue.
Server Admin
CVE-ID: CVE-2010-0522
Available for: Mac OS X Server v10.5.8
Impact: A former administrator may have unauthorized access to screen sharing
Description: A user who is removed from the 'admin' group may still connect to the server using screen sharing. This issue is addressed through improved handling of administrator privileges. This issue only affects Mac OS X Server systems, and does not affect version 10.6 or later. Credit: Apple.
SMB
CVE-ID: CVE-2009-2906
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2
Impact: A remote attacker may be able to cause a denial of service
Description: An infinite loop issue exists in Samba's handling of SMB 'oplock' break notifications. A remote attacker may be able to trigger an infinite loop in smbd, causing it to consume excessive CPU resources. The issue is addressed through improved handling of 'oplock' break notifications.
Tomcat
CVE-ID: CVE-2009-0580, CVE-2009-0033, CVE-2009-0783, CVE-2008-5515, CVE-2009-0781, CVE-2009-2901, CVE-2009-2902, CVE-2009-2693
Available for: Mac OS X Server v10.5.8, Mac OS X Server v10.6 through v10.6.2
Impact: Multiple vulnerabilities in Tomcat 6.0.18
Description: Tomcat is updated to version 6.0.24 to address multiple vulnerabilities, the most serious of which may lead to a cross site scripting attack. Tomcat is only provided on Mac OS X Server systems. Further information is available via the Tomcat site at http://tomcat.apache.org/
unzip
CVE-ID: CVE-2008-0888
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8
Impact: Extracting maliciously crafted zip files using the unzip command tool may lead to an unexpected application termination or code execution
Description: An uninitialized pointer issue exists is the handling of zip files. Extracting maliciously crafted zip files using the unzip command tool may lead to an unexpected application termination or arbitrary code execution. This issue is addressed by performing additional validation of zip files. This issue does not affect Mac OS X v10.6 systems.
vim
CVE-ID: CVE-2008-2712, CVE-2008-4101, CVE-2009-0316
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8
Impact: Multiple vulnerabilities in vim 7.0
Description: Multiple vulnerabilities exist in vim 7.0, the most serious of which may lead to arbitrary code execution when working with maliciously crafted files. These issues are addressed by updating to vim 7.2.102. These issues do not affect Mac OS X v10.6 systems. Further information is available via the vim website at http://www.vim.org/
Wiki Server
CVE-ID: CVE-2010-0523
Available for: Mac OS X Server v10.5.8
Impact: Uploading a maliciously crafted applet may lead to the disclosure of sensitive information
Description: Wiki Server allows users to upload active content such as Java applets. A remote attacker may obtain sensitive information by uploading a maliciously crafted applet and directing a Wiki Server user to view it. The issue is addressed by using a special one-time authentication cookie which is only useable to download a particular attachment. This issue only affects Mac OS X Server systems, and does not affect versions 10.6 or later.
Wiki Server
CVE-ID: CVE-2010-0534
Available for: Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2
Impact: An authenticated user may bypass weblog creation restrictions
Description: Wiki Server supports service access control lists (SACLs), allowing an administrator to control the publication of content. Wiki Server fails to consult the weblog SACL during the creation of a user's weblog. This may allow an authenticated user to publish content to the Wiki Server, even though publication should be disallowed by the service ACL. This issue does not affect systems prior to Mac OS X v10.6.
X11
CVE-ID: CVE-2009-2042
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2
Impact: Viewing a maliciously crafted image may lead to the disclosure of sensitive information
Description: libpng is updated to version 1.2.37 to address an issue that may result in the disclosure of sensitive information. Further information is available via the libpng site at http://www.libpng.org/pub/png/libpng.html
X11
CVE-ID: CVE-2003-0063
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2
Impact: Displaying maliciously crafted data within an xterm terminal may lead to arbitrary code execution
Description: The xterm program supports a command sequence to change the window title, and to print the window title to the terminal. The information returned is provided to the terminal as though it were keyboard input from the user. Within an xterm terminal, displaying maliciously crafted data containing such sequences may result in command injection. The issue is addressed by disabling the affected command sequence.
xar
CVE-ID: CVE-2010-0055
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8
Impact: A modified package may appear as validly signed
Description: A design issue exists in xar when validating a package signature. This may allow a modified package to appear as validly signed. This issue is fixed through improved package signature validation. This issue does not affect Mac OS X v10.6 systems. Credit: Apple.
Important: Mention of third-party websites and products is for informational purposes only and constitutes neither an endorsement nor a recommendation. Apple assumes no responsibility with regard to the selection, performance or use of information or products found at third-party websites. Apple provides this only as a convenience to our users. Apple has not tested the information found on these sites and makes no representations regarding its accuracy or reliability. There are risks inherent in the use of any information or products found on the Internet, and Apple assumes no responsibility in this regard. Please understand that a third-party site is independent from Apple and that Apple has no control over the content on that website. Please contact the vendor for additional information.