About the security content of the Mac OS X 10.4.7 Update
This document describes the security content of the Mac OS X 10.4.7 Update, which can be downloaded and installed using Software Update, or from Apple Downloads.
For the protection of our customers, Apple does not disclose, discuss or confirm security issues until a full investigation has occurred, and any necessary patches or releases are available. To find out more about Apple Product Security, visit the Apple Product Security website.
For information about the Apple Product Security PGP Key, see “How to Use the Apple Product Security PGP Key”.
Where possible, CVE IDs are used to reference the vulnerabilities for further information.
To find out about other Security Updates, see “Apple Security Updates”.
Mac OS X v10.4.7 Update
AFP
CVE-ID: CVE-2006-1468
Available for: Mac OS X v10.4.6, Mac OS X Server v10.4.6
Impact: file and folder names may be disclosed to unauthorised users
Description: an issue in AFP server allows search results to include the names of files and folders for which the user performing the search has no access. This could result in information disclosure if the names themselves are sensitive information. This update addresses the issue by ensuring search results only include items for which the user is authorised. This issue does not affect systems prior to Mac OS X v10.4.
ClamAV
CVE-ID: CVE-2006-1989
Available for: Mac OS X Server v10.4.6
Impact: when virus scanning is configured to update automatically, a malicious database mirror may cause arbitrary code execution
Description: an issue in ClamAV’s automatic virus database updating may result in a stack-based buffer overflow. A malicious or spoofed ClamAV database mirror may be able to cause arbitrary code execution with the privileges of ClamAV. The Mail service, virus scanning and automatic virus database updates are turned off by default. This update addresses the issue by incorporating ClamAV 0.88.2. This issue does not affect systems prior to Mac OS X v10.4.
ImageIO
CVE-ID: CVE-2006-1469
Available for: Mac OS X v10.4.6, Mac OS X Server v10.4.6
Impact: viewing a maliciously crafted TIFF image may result in an application crash or arbitrary code execution
Description: by carefully crafting a corrupt TIFF image, an attacker can trigger a stack-based buffer overflow, which may result in an application crash or arbitrary code execution. This update addresses the issue by performing additional validation of TIFF images. This issue does not affect systems prior to Mac OS X v10.4.
launchd
CVE-ID: CVE-2006-1471
Available for: Mac OS X v10.4.6, Mac OS X Server v10.4.6
Impact: local users may gain elevated privileges
Description: a format string vulnerability in the setuid program launchd may allow an authenticated local user to execute arbitrary code with system privileges. The issue is present in launchd’s logging facility. This update addresses the issue by performing additional validation when logging messages. This issue does not affect systems prior to Mac OS X v10.4. Credit to Kevin Finisterre of DigitalMunition for reporting this issue.
OpenLDAP
CVE-ID: CVE-2006-1470
Available for: Mac OS X v10.4.6, Mac OS X Server v10.4.6
Impact: remote attackers may cause Open Directory server to crash
Description: by carefully crafting an invalid LDAP request, a remote attacker may be able to trigger an assertion in the OpenLDAP server, resulting in a denial of service. This update addresses the issue by discarding the invalid request. This issue does not affect systems prior to Mac OS X v10.4. Credit to the Mu Security research team for reporting this issue.