About Security Update 2007-007

This document describes Security Update 2007-007, which can be downloaded and installed via Software Update preferences, or from Apple Downloads.

For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.

For information about the Apple Product Security PGP Key, see "How to use the Apple Product Security PGP Key."

Where possible, CVE IDs are used to reference the vulnerabilities for further information.

To learn about other Security Updates, see "Apple Security Updates."

This article has been archived and is no longer updated by Apple.

Security Update 2007-007

  • bzip2

    CVE-ID: CVE-2005-0758

    Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.10, Mac OS X Server v10.4.10

    Impact: Running bzgrep on a file with a maliciously crafted name may lead to arbitrary code execution

    Description: A file name handling issue exists in bzgrep. By enticing a user into running bzgrep on a file with a maliciously crafted name, an attacker may trigger the issue which may lead to arbitrary code execution. This update addresses the issue through improved handling of file names.

  • CFNetwork

    CVE-ID: CVE-2007-2403

    Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.10, Mac OS X Server v10.4.10

    Impact: Clicking on an FTP URI may cause arbitrary FTP commands to be issued

    Description: By enticing a user to follow a maliciously crafted FTP URI, an attacker can cause the user's FTP client to issue arbitrary FTP commands to any accessible FTP server, using the credentials of the user. This update addresses the issue by performing additional validation of FTP URIs.

  • CFNetwork

    CVE-ID: CVE-2007-2404

    Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.10, Mac OS X Server v10.4.10

    Impact: Applications using CFNetwork to make HTTP requests may be vulnerable to a response splitting attack

    Description: An HTTP response splitting vulnerability exists in CFNetwork. By sending a maliciously crafted HTTP response to a user's HTTP request, an attacker may alter the user's consecutive responses, which could lead to cross-site scripting. This update addresses the issue through improved parsing of HTTP responses. Credit to Steven Kramer of sprintteam.nl for reporting this issue.

  • CoreAudio

    CVE-ID: CVE-2007-3745

    Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.10, Mac OS X Server v10.4.10

    Impact: Visiting a malicious website may lead to arbitrary code execution

    Description: A design issue exists in the Java interface to CoreAudio. JDirect exposes an interface that may allow freeing arbitrary memory. By enticing a user to visit a web page containing a maliciously crafted Java applet, an attacker can trigger the issue which may lead to arbitrary code execution. This update addresses the issue by performing additional security checks in the Java interface to CoreAudio.

  • CoreAudio

    CVE-ID: CVE-2007-3746

    Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.10, Mac OS X Server v10.4.10

    Impact: Visiting a malicious website may lead to arbitrary code execution

    Description: An issue exists in the Java interface to CoreAudio, which may allow reading or writing out of the bounds of the allocated heap. By enticing a user to visit a web page containing a maliciously crafted Java applet, an attacker can trigger the issue which may lead to arbitrary code execution. This update addresses the issue by performing additional bounds checking.

  • CoreAudio

    CVE-ID: CVE-2007-3747

    Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.10, Mac OS X Server v10.4.10

    Impact: Visiting a malicious website may lead to arbitrary code execution

    Description: An issue exists in the Java interface to CoreAudio, which may allow instantiation or manipulation of objects outside the bounds of the allocated heap. By enticing a user to visit a web page containing a maliciously crafted Java applet, an attacker can trigger the issue which may lead to arbitrary code execution. This update addresses the issue by performing additional security checks in the Java interface to CoreAudio.

  • cscope

    CVE-ID: CVE-2004-0996, CVE-2004-2541

    Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.10, Mac OS X Server v10.4.10

    Impact: Multiple vulnerabilities in Cscope

    Description: Cscope is updated to version 15.6 to address several vulnerabilities, the most serious of which are buffer overflow and insecure temporary file creation vulnerabilities. Further information is available via the Cscope web site at http://cscope.sourceforge.net/

  • gnuzip

    CVE-ID: CVE-2005-0758

    Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.10, Mac OS X Server v10.4.10

    Impact: Running zgrep on a file with a maliciously crafted name may lead to arbitrary code execution

    Description: A file name handling issue exists in zgrep. By enticing a user into running zgrep on a file with a maliciously crafted name, an attacker may trigger the issue which may lead to arbitrary code execution. This update addresses the issue by through improved file names handling.

  • iChat

    CVE-ID: CVE-2007-3748

    Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.10, Mac OS X Server v10.4.10

    Impact: An attacker on the local network may be able to cause a denial of service or arbitrary code execution

    Description: A buffer overflow vulnerability exists in the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) code used to create Port Mappings on home NAT gateways in iChat. By sending a maliciously crafted packet, an attacker on the local network can trigger the overflow which may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation when processing UPnP protocol packets in iChat.

  • Kerberos

    CVE-ID: CVE-2007-2442, CVE-2007-2443, CVE-2007-2798

    Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.10, Mac OS X Server v10.4.10

    Impact: Multiple vulnerabilities in the MIT krb5 Kerberos administration daemon

    Description: Multiple vulnerabilities exists in the MIT Kerberos administration daemon (kadmind), which may lead to an unexpected application termination or arbitrary code execution with system privileges. Further information on the issue and the patch applied is available via the MIT Kerberos website at http://web.mit.edu/Kerberos/ Credit to the MIT Kerberos Team for reporting these issues, which were originally discovered by Wei Wang of McAfee Avert Labs.

  • mDNSResponder

    CVE-ID: CVE-2007-3744

    Available for: Mac OS X v10.4.10, Mac OS X Server v10.4.10

    Impact: An attacker on the local network may be able to cause a denial of service or arbitrary code execution

    Description: A buffer overflow vulnerability exists in the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) code used to create Port Mappings on home NAT gateways in the Mac OS X implementation of mDNSResponder. By sending a maliciously crafted packet, an attacker on the local network can trigger the overflow which may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by removing UPnP IGD support. This issue does not affect systems prior to Mac OS X v10.4.

  • PDFKit

    CVE-ID: CVE-2007-2405

    Available for: Mac OS X v10.4.10, Mac OS X Server v10.4.10

    Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution

    Description: An integer underflow exists in Preview's handling of PDF files. By enticing a user to open a maliciously crafted PDF file, an attacker may trigger the issue which may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of PDF files. This issue does not affect systems prior to Mac OS X v10.4.

  • PHP

    CVE-ID: CVE-2007-1001, CVE-2007-1287, CVE-2007-1460, CVE-2007-1461, CVE-2007-1484, CVE-2007-1521, CVE-2007-1583, CVE-2007-1711, CVE-2007-1717

    Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.10, Mac OS X Server v10.4.10

    Impact: Multiple vulnerabilities in PHP 4.4.4

    Description: PHP is updated to version 4.4.7 to address several vulnerabilities. Further information is available via the PHP web site at http://www.php.net.

  • Quartz Composer

    CVE-ID: CVE-2007-2406

    Available for: Mac OS X v10.4.10, Mac OS X Server v10.4.10

    Impact: Viewing a maliciously crafted Quartz Composer file may lead to an unexpected application termination or arbitrary code execution

    Description: An uninitialized object pointer vulnerability exists in the handling of Quartz Composer files. By enticing a user to view a maliciously crafted Quartz Composer file, an attacker may trigger the issue which may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing proper initialization of object pointers. This issue does not affect systems prior to Mac OS X v10.4.

  • Samba

    CVE-ID: CVE-2007-2446

    Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.10, Mac OS X Server v10.4.10

    Impact: When Windows file sharing is enabled, an unauthenticated remote attacker may cause an unexpected application termination or arbitrary code execution

    Description: Multiple heap buffer overflows exist in the Samba daemon. By sending maliciously crafted MS-RPC requests, a remote attacker can trigger the overflow which may lead to arbitrary code execution. This update addresses the issue by performing additional validation of MS-RPC requests.

  • Samba

    CVE-ID: CVE-2007-2447

    Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.10, Mac OS X Server v10.4.10

    Impact: When Windows file sharing is enabled, an unauthenticated remote attacker may be able to execute arbitrary shell commands

    Description: A command injection vulnerability exists in the Samba daemon. By sending maliciously crafted MS-RPC requests, a remote attacker can trigger the command injection. This update addresses the issue by performing additional validation of MS-RPC requests. This issue does not affect the default Samba configuration.

  • Samba

    CVE-ID: CVE-2007-2407

    Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.10, Mac OS X Server v10.4.10

    Impact: When Windows file sharing is enabled, users may bypass file system quotas

    Description: An issue exists in Samba when a server process drops its privileges. This could allow the quota enforcement to be bypassed, and the file system quota to be exceeded. This update addresses the issue by properly dropping privileges. Credit to Mike Matz of Wyomissing Area School District for reporting this issue.

  • SquirrelMail

    CVE-ID: CVE-2005-3128, CVE-2006-2842, CVE-2006-3174, CVE-2006-4019, CVE-2006-6142, CVE-2007-1262, CVE-2007-2589

    Available for: Mac OS X Server v10.3.9, Mac OS X Server v10.4.10

    Impact: Multiple vulnerabilities in SquirrelMail 1.4.5

    Description: SquirrelMail is updated to version 1.4.10 to address several vulnerabilities, the most serious of which is cross-site scripting triggered by viewing HTML mail. Further information is available via the SquirrelMail web site at http://www.SquirrelMail.org/

  • Tomcat

    CVE-ID: CVE-2005-2090, CVE-2007-0450, CVE-2007-1358, CVE-2007-1860

    Available for: Mac OS X Server v10.4.10

    Impact: Multiple vulnerabilities in Tomcat

    Description: Tomcat is updated to version 4.1.36 to address several vulnerabilities, the most serious of which are cross-site scripting and information disclosure. Further information is available via the Tomcat site at http://tomcat.apache.org/ These issues do not affect systems prior to Mac OS X v10.4.

  • WebCore

    CVE-ID: CVE-2007-2408

    Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.10, Mac OS X Server v10.4.10

    Impact: Visiting a malicious website may allow Java applets to load and run even when Java is disabled

    Description: Description: Safari provides an "Enable Java" preference, which when unchecked should prevent the loading of Java applets. By default, Java applets are allowed to be loaded. Navigating to a maliciously crafted web page may allow a Java applet to be loaded without checking the preference. This update addresses the issue through a stricter check of the "Enable Java" preference. Credit to Rhys Kidd and Scott Wilde for reporting this issue.

  • WebCore

    CVE-ID: CVE-2007-0478

    Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.10, Mac OS X Server v10.4.10

    Impact: Content may be injected into HTML comments leading to cross-site scripting attacks

    Description: An issue exists in WebCore when parsing comments inside an HTML title element. This can allow an attacker to insert scripts into a web page on sites which allow the page owner to enter HTML, but not scripts. This update addresses the issue by correctly parsing comments in title elements.

  • WebCore

    CVE-ID: CVE-2007-2409

    Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.10, Mac OS X Server v10.4.10

    Impact: Visiting a malicious website may lead to the disclosure of URL contents

    Description: A design issue in WebCore allows a popup window to read the URL that is currently being viewed in the parent window. By enticing a user to visit a maliciously crafted web page, an attacker can trigger the issue, which may lead to the disclosure of information via the URL contents. This update addresses the issue through an improved cross-domain security check. Credit to Secunia Research for reporting this issue.

  • WebCore

    CVE-ID: CVE-2007-2410

    Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.10, Mac OS X Server v10.4.10

    Impact: Visiting a malicious website may allow cross-site scripting

    Description: In Safari, properties of certain global objects are not cleared when navigating to a new URL within the same window. By enticing a user to visit a maliciously crafted web page, an attacker may trigger the issue which may lead to cross-site scripting. This update addresses the issue by properly clearing global objects.

  • WebKit

    CVE-ID: CVE-2007-3742

    Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.10, Mac OS X Server v10.4.10

    Impact: Look-alike characters in a URL could be used to masquerade a website

    Description: The International Domain Name (IDN) support and Unicode fonts embedded in Safari could be used to create a URL which contains look-alike characters. These could be used in a malicious web site to direct the user to a spoofed site that visually appears to be a legitimate domain. This update addresses the issue by through an improved domain name validity check. Credit to Tomohito Yoshino of Business Architects Inc. for reporting this issue.

  • WebKit

    CVE-ID: CVE-2007-3944

    Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.10, Mac OS X Server v10.4.10

    Impact: Viewing a maliciously crafted web page may lead to arbitrary code execution

    Description: Description: Heap buffer overflows exist in the Perl Compatible Regular Expressions (PCRE) library used by the JavaScript engine in Safari. By enticing a user to visit a maliciously crafted web page, an attacker may trigger the issue, which may lead to arbitrary code execution. This update addresses the issue by performing additional validation of JavaScript regular expressions. Credit to Charlie Miller and Jake Honoroff of Independent Security Evaluators for reporting these issues.

Published Date: