1. About.com
  2. Computing & Technology
  3. Internet / Network Security
About.com
Internet / Network Security

[SA10959] Mac OS X Security Update Fixes Multiple Vulnerabilities

Mac OS X Security Update Fixes Multiple Vulnerabilities

From 

Filed In:
  1. Internet / Network Security
TITLE:
Mac OS X Security Update Fixes Multiple Vulnerabilities

SECUNIA ADVISORY ID:
SA10959

VERIFY ADVISORY:
http://secunia.com/advisories/10959/

CRITICAL:
Moderately critical

IMPACT:
Exposure of system information, Exposure of sensitive information, DoS, System access

WHERE:
From remote

OPERATING SYSTEM:
Apple Macintosh OS X

DESCRIPTION:
Multiple vulnerabilities have been discovered in Apple Mac OS X, where some of the specified issues can be exploited to gain knowledge of sensitive information, cause a DoS (Denial of Service), and potentially compromise a vulnerable system.

  1. An unspecified vulnerability exists in the CoreFoundation notification logging.

  2. An unspecified vulnerability exists in the DiskArbitration when handling initialisation of writeable removable media.

  3. An unspecified vulnerability in exists in IPSec while checking key exchanges.

  4. An assert error in QuickTime Streaming Server can be exploited by malicious people to cause a DoS. See the following advisory for more information:
    SA10956

  5. An unspecified vulnerability exists in Safari when displaying URLs in the status bar.

  6. Multiple vulnerabilities in tcpdump can potentially be exploited by malicious people to cause a DoS or compromise a vulnerable system. See the following advisory for more information:
    SA10636

  7. A format string error in the "option_error()" function in pppd when handling command line arguments can be exploited by malicious, local users to read arbitrary memory accessible by the process. This may potentially expose PAP/CHAP authentication credentials if a system runs as a PPP server.

SOLUTION:
Apply Security Update 2004-02-23.

Mac OS X 10.3.2 Client:
http://www.info.apple.com/kbnum/n120323

Mac OS X 10.3.2 Server:
http://www.info.apple.com/kbnum/n120324

Mac OS X 10.2.8 Client:
http://www.info.apple.com/kbnum/n120277

Mac OS X 10.2.8 Server:
http://www.info.apple.com/kbnum/n120322

PROVIDED AND/OR DISCOVERED BY:
1+2) aaron
7) Dave G. of @stake and Justin Tibbs of Secure Network Operations.

ORIGINAL ADVISORY:
@stake: http://www.atstake.com/research/advisories/2004/a022304-1.txt

OTHER REFERENCES:
SA10636:
http://secunia.com/advisories/10636/

SA10956:
http://secunia.com/advisories/10956/

For further details and links please click here to see the actual Secunia Advisory: http://secunia.com/advisories/10959/

©2012 About.com. All rights reserved. 

A part of The New York Times Company.