Languages

Archived - About Security Update 2007-005

This article has been archived and is no longer updated by Apple.

This document describes Security Update 2007-005, which can be downloaded and installed via Software Update preferences, or from Apple Downloads.

For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.

For information about the Apple Product Security PGP Key, see "How to use the Apple Product Security PGP Key."

Where possible, CVE IDs are used to reference the vulnerabilities for further information.

To learn about other Security Updates, see "Apple Security Updates."

Security Update 2007-005

  • Alias Manager

    CVE-ID: CVE-2007-0740

    Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9

    Impact: Users may be misled into opening a substituted file

    Description: In certain circumstances, an implementation issue in Alias Manager will not show identically-named files contained in identically-named mounted disk images. By enticing a user to mount two identically-named disk images, an attacker could mislead the user into opening a malicious program. This update addresses the issue by performing additional validation of mountpaths. Credit to Greg Bolsinga of Blurb, Inc. for reporting this issue.

  • BIND

    CVE-ID: CVE-2007-0493, CVE-2007-0494, CVE-2006-4095, CVE-2006-4096

    Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9

    Impact: Multiple vulnerabilities in BIND, the most serious of which is remote denial of service

    Description: BIND is updated to version 9.3.4. Further information is available via the ISC web site at http://www.isc.org/index.pl?/sw/bind/

  • CoreGraphics

    CVE-ID: CVE-2007-0750

    Available for: Mac OS X v10.4.9, Mac OS X Server v10.4.9

    Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution

    Description: An integer overflow vulnerability exists in the handling of PDF files. By enticing a user to open a maliciously crafted PDF file, an attacker could trigger the overflow which may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of PDF files. This issue does not affect systems prior to Mac OS X v10.4.

  • crontabs

    CVE-ID: CVE-2007-0751

    Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9

    Impact: The daily /tmp cleanup script may lead to a denial of service

    Description: Filesystems mounted in the /tmp directory may be deleted when the daily cleanup script is executed, which may lead to a denial of service. This update addresses the issues by updating the daily cleanup script to prevent find commands from descending into mounted filesystems.

  • fetchmail

    CVE-ID: CVE-2007-1558

    Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9

    Impact: fetchmail password disclosure may be possible

    Description: fetchmail is updated to version 6.3.8 to address a cryptographic weakness that could lead to the disclosure of fetchmail passwords. Further information is available via the fetchmail web site at http://fetchmail.berlios.de/fetchmail-SA-2007-01.txt

  • file

    CVE-ID: CVE-2007-1536

    Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9

    Impact: Running the file command on a maliciously crafted file may lead to an unexpected application termination or arbitrary code execution

    Description: A heap buffer overflow vulnerability exists in the file command line tool, which may lead to an unexpected application termination or arbitrary code execution. This update addresses by performing additional validation of files that are passed to the file command.

  • iChat

    CVE-ID: CVE-2007-2390

    Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9

    A remote attacker may be able to cause a denial of service or arbitrary code execution

    Description: A buffer overflow vulnerability exists in the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) code used to create Port Mappings on home NAT gateways in iChat. By sending a maliciously crafted packet, a remote attacker can trigger the overflow which may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation when processing UPnP protocol packets in iChat.

  • mDNSResponder

    CVE-ID: CVE-2007-2386

    Available for: Mac OS X v10.4.9, Mac OS X Server v10.4.9

    A remote attacker may be able to cause a denial of service or arbitrary code execution

    Description: A buffer overflow vulnerability exists in the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) code used to create Port Mappings on home NAT gateways in the OS X mDNSResponder implementation. By sending a maliciously crafted packet, a remote attacker can trigger the overflow which may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation when processing UPnP protocol packets. This issue does not affect systems prior to Mac OS X v10.4. Credit to Michael Lynn of Juniper Networks for reporting this issue.

  • PPP

    CVE-ID: CVE-2007-0752

    Available for: Mac OS X v10.4.9, Mac OS X Server v10.4.9

    Impact: A local user may obtain system privileges

    Description: An implementation issue exists in the PPP daemon when loading plugins via the command line, which allows a local user to obtain system privileges. This update addresses the issue through validation of user privileges. This issue does not affect systems prior to Mac OS X v10.4. Credit to an anonymous researcher working with the iDefense VCP for reporting this issue.

  • ruby

    CVE-ID: CVE-2006-5467, CVE-2006-6303

    Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9

    Impact: Denial of service vulnerabilities in the Ruby CGI library

    Description: Multiple denial of service issues exist in the Ruby CGI library. By sending maliciously crafted HTTP requests to a web application using cgi.rb, an attacker could trigger an issue which may lead to a denial of service. This update addresses the issues by applying the Ruby patches.

  • screen

    CVE-ID: CVE-2006-4573

    Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9

    Impact: Multiple denial of service vulnerabilities in GNU Screen

    Description: The screen command line tool is updated to address multiple denial of service vulnerabilities. Further information is available via the GNU web site at http://lists.gnu.org/archive/html/screen-users/2006-10/msg00028.html

  • texinfo

    CVE-ID: CVE-2005-3011

    Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9

    Impact: A vulnerability in texinfo may allow arbitrary files to be overwritten

    Description: A file handling issue exists in texinfo, which may allow a local user to create or overwrite files with the privileges of the user running texinfo. This update addresses the issue through improved handling of temporary files.

  • VPN

    CVE-ID: CVE-2007-0753

    Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9,Mac OS X v10.4.9, Mac OS X Server v10.4.9

    Impact: A local user may obtain system privileges

    Description: A format string vulnerability exists in vpnd. By running the vpnd command with maliciously crafted arguments, a local user can trigger the vulnerability which may lead to arbitrary code execution with system privileges. This update addresses the issue by performing additional validation of the arguments passed to vpnd. Credit to Chris Anley of NGSSoftware for reporting this issue.

Note: Security Update 2007-005 v1.1 was released to remove a configuration file that prevented the BIND service from automatically starting after applying the security update. The BIND service is not enabled on default configurations, and is mainly used with a Server system. For systems using BIND which applied Security Update 2007-005, manually re-enabling the BIND service will correct the issue. Security Update 2007-005 v1.1 made no changes to the security content of Security Update 2007-005. Systems that have applied Security Update 2007-005 do not need to apply Security Update 2007-005 v1.1.

Last Modified: Feb 20, 2012
  • Last Modified: Feb 20, 2012
  • Article: TA24732
  • Views:

    1533

Additional Product Support Information