Languages

Archived - About Security Update 2006-001

This article has been archived and is no longer updated by Apple.

This document describes Security Update 2006-001, which can be downloaded and installed via Software Update preferences, or from Apple Downloads.

For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.

For information about the Apple Product Security PGP Key, see "How to use the Apple Product Security PGP Key."

Where possible, CVE IDs are used to reference the vulnerabilities for further information.

To learn about other Security Updates, see "Apple Security Updates."

Security Update 2006-001

  • apache_mod_php

    CVE-ID: CVE-2005-3319, CVE-2005-3353, CVE-2005-3391, CVE-2005-3392

    Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.5, Mac OS X Server v10.4.5

    Impact: Multiple security issues in PHP 4.4

    Description: PHP 4.4.1 fixes several security issues in the Apache module and scripting environment. Details of the fixes are available via the PHP web site (www.php.net). PHP ships with Mac OS X but is disabled by default.

  • automount

    CVE-ID: CVE-2006-0384

    Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.5, Mac OS X Server v10.4.5

    Impact: Malicious network servers may cause a denial of service or arbitrary code execution

    Description: File servers on the local network may be able to cause Mac OS X systems to mount file systems with reserved names. This could cause the systems to become unresponsive, or possibly allow arbitrary code delivered from the file servers to run on the target system.

  • BOM

    CVE-ID: CVE-2006-0391

    Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.5, Mac OS X Server v10.4.5

    Impact: Directory traversal may occur while unpacking archives with BOM

    Description: The BOM framework handles the unpacking of certain types of archives. This framework is vulnerable to a directory traversal attack that can allow archived files to be unpacked into arbitrary locations that are writable by the current user. This update addresses the issue by properly sanitizing those paths. Credit to Stéphane Kardas of CERTA for reporting this issue.

  • Directory Services

    CVE-ID: CVE-2005-2713, CVE-2005-2714

    Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.5, Mac OS X Server v10.4.5

    Impact: Malicious local users may create and manipulate files as root

    Description: The passwd program is vulnerable to temporary file attacks. This could lead to privilege elevation. This update addresses the issue by anticipating a hostile environment and by creating temporary files securely. Credit to Ilja van Sprundel of Suresec LTD, vade79, and iDefense (idefense.com) for reporting this issue.

  • FileVault

    CVE-ID: CVE-2006-0386

    Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.5, Mac OS X Server v10.4.5

    Impact: FileVault may permit access to files during when it is first enabled

    Description: User directories are mounted in an unsafe fashion when a FileVault image is created. This update secures the method in which a FileVault image is created.

  • IPSec

    CVE-ID: CVE-2006-0383

    Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.5, Mac OS X Server v10.4.5

    Impact: Remote denial of service against VPN connections

    Description: Incorrect handling of error conditions for virtual private networks based on IPSec may allow a remote attacker to cause a service interruption. This update addresses the issues by correctly handling the conditions that may cause crashes. Credit to OUSPG from the University of Oulu, NISCC, and CERT-FI for coordinating and reporting this issue.

  • LibSystem

    CVE-ID: CVE-2005-3706

    Available for: Mac OS X v10.4.5, Mac OS X Server v10.4.5

    Impact: Attackers may cause crashes or arbitrary code execution depending upon the application

    Description: An attacker able to cause an application to make requests for large amounts of memory may also be able to trigger a heap buffer overflow. This could cause the targeted application to crash or execute arbitrary code. This update addresses the issue by correctly handling these memory requests. This issue does not affect systems prior to Mac OS X v10.4. Credit to Neil Archibald of Suresec LTD for reporting this issue.

  • Mail

    CVE-ID: CVE-2006-0395

    Available for: Mac OS X v10.4.5, Mac OS X Server v10.4.5

    Impact: Download Validation fails to warn about unsafe file types

    Description: In Mac OS X v10.4 Tiger, when an email attachment is double-clicked in Mail, Download Validation is used to warn the user if the file type is not "safe". Certain techniques can be used to disguise the file's type so that Download Validation is bypassed. This update addresses the issue by presenting Download Validation with the entire file, providing more information for Download Validation to detect unknown or unsafe file types in attachments.

  • perl

    CVE-ID: CVE-2005-4217

    Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9

    Impact: Perl programs may fail to drop privileges

    Description: When a perl program running as root attempts to switch to another user ID, the operation may fail without notification to the program. This may cause a program to continue to run with root privileges, assuming they have been dropped. This can cause security issues in third-party tools. This update addresses the issue by preventing such applications from continuing if the operation fails. This issue does not affect Mac OS X v10.4 or later systems. Credit to Jason Self for reporting this issue.

  • rsync

    CVE-ID: CVE-2005-3712

    Available for: Mac OS X v10.4.5, Mac OS X Server v10.4.5

    Impact: Authenticated users may cause an rsync server to crash or execute arbitrary code

    Description: A heap-based buffer overflow may be triggered when the rsync server is used with the flag that allows extended attributes to be transferred. It may be possible for a malicious user with access to an rsync server to cause denial of service or code execution. This update addresses the problem by ensuring that the destination buffer is large enough to hold the extended attributes. This issue does not affect systems prior to Mac OS X v10.4. Credit to Jan-Derk Bakker for reporting this issue.

  • Safari

    CVE-ID: CVE-2006-0390/CVE-2005-4504

    Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.5, Mac OS X Server v10.4.5

    Impact: Viewing a maliciously-crafted web page may result in arbitrary code execution

    Description: A heap-based buffer overflow in WebKit's handling of certain HTML could allow a malicious web site to cause a crash or execute arbitrary code as the user viewing the site. This update addresses the issue by preventing the condition causing the overflow. Credit to Suresec LTD for reporting this issue.

  • Safari

    CVE-ID: CVE-2006-0387

    Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.5, Mac OS X Server v10.4.5

    Impact: Viewing a malicious web page may cause arbitrary code execution

    Description: By preparing a web page including specially-crafted JavaScript, an attacker may trigger a stack buffer overflow that could lead to arbitrary code execution with the privileges of the user. This update addresses the issue by performing additional bounds checking.

  • Safari

    CVE-ID: CVE-2006-0388

    Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.5, Mac OS X Server v10.4.5

    Impact: Remote web sites can redirect to local resources, allowing JavaScript to execute in the local domain

    Description: Safari's security model prevents remote resources from causing redirection to local resources. An issue involving HTTP redirection can cause the browser to access a local file, bypassing certain restrictions. This update addresses the issue by preventing cross-domain HTTP redirects.

  • Safari, LaunchServices

    CVE-ID: CVE-2006-0848

    Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.5, Mac OS X Server v10.4.5

    Impact: Viewing a malicious web site may result in arbitrary code execution

    Description: It is possible to construct a file which appears to be a safe file type, such as an image or movie, but is actually an application. When the "Open `safe' files after downloading" option is enabled in Safari's General preferences, visiting a malicious web site may result in the automatic download and execution of such a file. A proof-of-concept has been detected on public web sites that demonstrates the automatic execution of shell scripts. This update addresses the issue by performing additional download validation so that the user is warned (in Mac OS X v10.4.5) or the download is not automatically opened (in Mac OS X v10.3.9).

  • Syndication

    CVE-ID: CVE-2006-0389

    Available for: Mac OS X v10.4.5, Mac OS X Server v10.4.5

    Impact: Subscriptions to malicious RSS content can lead to cross-site scripting

    Description: Syndication (Safari RSS) may allow JavaScript code embedded in feeds to run within the context of the RSS reader document, allowing malicious feeds to circumvent Safari's security model. This update addresses the issue by properly removing JavaScript code from feeds. Syndication is only available in Mac OS X v10.4 and later.

The following security enhancements are also included in this update:

  • FileVault. AES-128 encrypted FileVault disk images are now created with more restrictive operating system permissions. Credit to Eric Hall of DarkArt Consulting Services for reporting this issue.

  • iChat. A malicious application named Leap.A that attempts to propagate using iChat has been detected. With this update for Mac OS X v10.4.5 and Mac OS X Server v10.4.5, iChat now uses Download Validation to warn of unknown or unsafe file types during file transfers.

You should use caution when opening files that are obtained from the network. See Safety tips for handling email attachments and content downloaded from the Internet.

Last Modified: Feb 20, 2012
  • Last Modified: Feb 20, 2012
  • Article: TA23971
  • Views:

    1944

Additional Product Support Information