Home / mailings APPLE-SA-2008-02-11 Mac OS X v10.5.2 and Security Update 2008-001
Posted on 11 February 2008
Apple Security-announce-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2008-02-11 Mac OS X v10.5.2 and Security Update 2008-001
Mac OS X v10.5.2 and Security Update 2008-001 are now available and
address the following issues:
Directory Services
CVE-ID: CVE-2007-0355
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11
Impact: A local user may be able to execute arbitrary code with
system privileges
Description: A stack buffer overflow exists in the Service Location
Protocol (SLP) daemon, which may allow a local user to execute
arbitrary code with system privileges. This update addresses the
issue through improved bounds checking. This has been described on
the Month of Apple Bugs web site (MOAB-17-01-2007). This issue does
not affect systems running Mac OS X v10.5 or later. Credit to Kevin
Finisterre of Netragard for reporting this issue.
Foundation
CVE-ID: CVE-2008-0035
Available for: Mac OS X v10.5 - v10.5.1,
Mac OS X Server v10.5 - v10.5.1
Impact: Accessing a maliciously crafted URL may lead to an
application termination or arbitrary code execution
Description: A memory corruption issue exists in Safari's handling
of URLs. By enticing a user to access a maliciously crafted URL, an
attacker may cause an unexpected application termination or arbitrary
code execution. This update addresses the issue by performing
additional validation of URLs. This issue does not affect systems
prior to Mac OS X v10.5.
Launch Services
CVE-ID: CVE-2008-0038
Available for: Mac OS X v10.5 - v10.5.1,
Mac OS X Server v10.5 - v10.5.1
Impact: An application removed from the system may still be launched
via the Time Machine backup
Description: Launch Services is an API to open applications or their
document files or URLs in a way similar to the Finder or the Dock.
Users expect that uninstalling an application from their system will
prevent it from being launched. However, when an application has been
uninstalled from the system, Launch Services may allow it to be
launched if it is present in a Time Machine backup. This update
addresses the issue by not allowing applications to be launched
directly from a Time Machine backup. This issue does not affect
systems prior to Mac OS X v10.5. Credit to Steven Fisher of Discovery
Software Ltd. and Ian Coutier for reporting this issue.
CVE-ID: CVE-2008-0039
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11
Impact: Accessing a URL in a message may lead to arbitrary code
execution
Description: An implementation issue exists in Mail's handling of
file:// URLs, which may allow arbitrary applications to be launched
without warning when a user clicks a URL in a message. This update
addresses the issue by displaying the location of the file in Finder
rather than launching it. This issue does not affect systems running
Mac OS X v10.5 or later.
NFS
CVE-ID: CVE-2008-0040
Available for: Mac OS X v10.5 - v10.5.1,
Mac OS X Server v10.5 - v10.5.1
Impact: If the system is being used as an NFS client or server, a
remote attacker may cause an unexpected system shutdown or arbitrary
code execution
Description: A memory corruption issue exists in NFS's handling of
mbuf chains. If the system is being used as an NFS client or server,
a malicious NFS server or client may be able to cause an unexpected
system shutdown or arbitrary code execution. This update addresses
the issue through improved handling of mbuf chains. This issue does
not affect systems prior to Mac OS X v10.5. Credit to Oleg Drokin of
Sun Microsystems for reporting this issue.
Open Directory
Available for: Mac OS X v10.4.11, Mac OS X v10.4.11 Server
Impact: NTLM authentication requests may always fail
Description: This update addresses a non-security issue introduced
in Mac OS X v10.4.11. An race condition in Open Directory's Active
Directory plug-in may terminate the operation of winbindd, causing
NTLM authentications to fail. This update addresses the issue by
correcting the race condition that could terminate winbindd. This
issue only affects Mac OS X v10.4.11 systems configured for use with
Active Directory.
Parental Controls
CVE-ID: CVE-2008-0041
Available for: Mac OS X v10.5 - v10.5.1,
Mac OS X Server v10.5 - v10.5.1
Impact: Requesting to unblock a website leads to information
disclosure
Description: When set to manage web content, Parental Controls will
inadvertently contact www.apple.com when a website is unblocked. This
allows a remote user to detect the machines running Parental
Controls. This update addresses the issue by removing the outgoing
network traffic when a website is unblocked. This issue does not
affect systems prior to Mac OS X v10.5. Credit to Jesse Pearson for
reporting this issue.
Samba
CVE-ID: CVE-2007-6015
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5 - v10.5.1, Mac OS X Server v10.5 - v10.5.1
Impact: A remote attacker may cause an unexpected application
termination or arbitrary code execution
Description: A stack buffer overflow may occur in Samba when
processing certain NetBIOS Name Service requests. If a system is
explicitly configured to allow "domain logons", an unexpected
application termination or arbitrary code execution could occur when
processing a request. Mac OS X Server systems configured as domain
controllers are also affected. This update addresses the issue by
applying the Samba patch. Further information is available via the
Samba web site at http://www.samba.org/samba/history/security.html
Credit to Alin Rad Pop of Secunia Research for reporting this issue.
Terminal
CVE-ID: CVE-2008-0042
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5 - v10.5.1, Mac OS X Server v10.5 - v10.5.1
Impact: Viewing a maliciously crafted web page may lead to arbitrary
code execution
Description: An input validation issue exists in the processing of
URL schemes handled by Terminal.app. By enticing a user to visit a
maliciously crafted web page, an attacker may cause an application to
be launched with controlled command line arguments, which may lead to
arbitrary code execution. This update addresses the issue through
improved validation of URLs. Credit to Olli Leppanen of Digital Film
Finland and Brian Mastenbrook for reporting this issue.
X11
CVE-ID: CVE-2007-4568
Available for: Mac OS X v10.5 - v10.5.1,
Mac OS X Server v10.5 - v10.5.1
Impact: Multiple Vulnerabilities in X11 X Font Server (XFS) 1.0.4
Description: Multiple vulnerabilities exist in X11 X Font Server
(XFS), the most serious of which may lead to arbitrary code
execution. This update addresses the issues by updating to version
1.0.5. Further information is available via the X.Org website at
http://www.x.org/wiki/Development/Security
X11
CVE-ID: CVE-2008-0037
Available for: Mac OS X v10.5 - v10.5.1,
Mac OS X Server v10.5 - v10.5.1
Impact: Changing the settings in the Security Preferences Panel has
no effect
Description: The X11 server is not correctly reading its "Allow
connections from network client" preference. This can cause the X11
server to allow connections from network clients, even when the
preference is turned off. This update addresses the issue by ensuring
that the X11 server correctly reads this preference. This issue does
not affect systems prior to Mac OS X v10.5.
Mac OS X v10.5.2 and Security Update 2008-001 may be obtained from
the Software Update pane in System Preferences, or Apple's Software
Downloads web site:
http://www.apple.com/support/downloads/
The Software Update utility will present the update that applies
to your system configuration. Only one is needed, either
Mac OS X v10.5.2 or Security Update 2008-001.
For Mac OS X v10.5 - v10.5.1
The download file is named: "MacOSXUpdCombo10.5.2.dmg"
Its SHA-1 digest is: 524e0a707afbdeff798cdd9464d62f672136ab5a
For Mac OS X Server v10.5 - v10.5.1
The download file is named: "MacOSXServerUpdCombo10.5.2.dmg"
Its SHA-1 digest is: 1a98a5ce84795c1352e04e4ff4ef448b563a35db
For Mac OS X v10.4.11 (Universal)
The download file is named: "SecUpd2008-001Univ.dmg"
Its SHA-1 digest is: f572a0e29df4b44e124a92d5601ba45772818e02
For Mac OS X Server v10.4.11 (PowerPC)
The download file is named: "SecUpd2008-001PPC.dmg"
Its SHA-1 digest is: bf3ebc69e094000d48d94e997a4d51f25c4824e0
Information will also be posted to the Apple Security Updates
web site:
http://docs.info.apple.com/article.html?artnum=61798
This message is signed with Apple's Product Security PGP key,
and details are available at:
http://www.apple.com/support/security/pgp/