• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: Apple Mac OS X Multiple Security Vulnerabilities

Severity: HIGH

Description:

Apple Mac OS X is prone to multiple security vulnerabilities.

These issue affect Mac OS X and various applications including AFP Server, Bluetooth, Bom, DHCP, Image RAW, ImageIO, Launch Services, OpenSSH, and WebKit. A remote attacker may exploit these issues to execute arbitrary code and/or trigger a denial-of-service condition.

The following specific issues were reported:

- An information-disclosure vulnerability affects AFP Server. This issue occurs because the search process returns information that includes files and directories for which the initiating user has no access. This issue affects Mac OS X version 10.3.9. This issue is tracked by Mitre CVE identifier CVE-2006-1472.

- An integer-overflow vulnerability affects AFP Server. This issue can be triggered by an authenticated user with access to the AFP server. This issue affects Mac OS X versions 10.3.9 and 10.4.7. This issue is tracked by Mitre CVE identifier CVE-2006-1473.

- An unauthorized-access vulnerability affects AFP Server. This issue occurs because the reconnect keys storied during a network outage are stored in a world-readable location. An attacker could exploit this issue to impersonate another user over AFP. This issue affects only Mac OS X server versions 10.3.9 and 10.4.7. This issue is tracked by Mitre CVE identifier CVE-2006-3495.

- A denial-of-service vulnerability affects AFP Server. This issue occurs when the AFP server receives a maliciously crafted request. This issue affects Mac OS X versions 10.3.9 and 10.4.7. This issue is tracked by Mitre CVE identifier CVE-2006-3496

- A buffer-overflow vulnerability affects Bom. This issue occurs when the application processes a specially crafted Zip archive. Successful exploits of this issue will result in arbitrary code execution; failed exploit attempts will likely cause denial-of-service conditions. This issue affects Mac OS X versions 10.3.9 and 10.4.7. This issue is tracked by Mitre CVE identifier CVE-2006-3497.

- A buffer-overflow vulnerability affects DHCP. This issue occurs when the service handles a maliciously crafted BOOTP request. A remote attacker may be able to exploit this issue to execute arbitrary code. This issue affects Mac OS X versions 10.3.9 and 10.4.7. This issue is tracked by Mitre CVE identifier CVE-2006-3498.

- A privilege-escalation vulnerability affects the dynamic linker. This issue occurs because local system users may specify dynamic linker options that cause output to standard error. This output may then be used in other privileged applications resulting in denial-of-service conditions or privilege escalation. This issue affects Mac OS X versions 10.3.9 and 10.4.7. This issue is tracked by Mitre CVE identifier CVE-2006-3499.

- A privilege-escalation vulnerability affects the dynamic linker. This issue occurs because the linker processes user-specified data without proper sanitization. This may aid in privilege-escalation. This issue affects Mac OS X version 10.4.7. This issue is tracked by Mitre CVE identifier CVE-2006-3500.

- A buffer-overflow vulnerability affects Image RAW. This issue occurs when a specially crafted RAW image is processed. An attacker can exploit this issue to execute arbitrary code in the context of the affected process. This issue affects Mac OS X 10.4.7. This issue is tracked by Mitre CVE identifier CVE-2006-0392.

- An integer-overflow vulnerability affects ImageIO. This issue occurs when a specially crafted Radiance image is processed. An attacker can exploit this issue to execute arbitrary code in the context of the affected process. This issue affects Mac OS X 10.4.7. This issue is tracked by Mitre CVE identifier CVE-2006-3501

- An undetected memory-allocation vulnerability affects ImageIO. This issue occurs when a specially crafted GIF image is processed. An attacker can exploit this issue to execute arbitrary code in the context of the affected process. This issue affects Mac OS X 10.4.7. This issue is tracked by Mitre CVE identifier CVE-2006-3502

- An integer-overflow vulnerability affects ImageIO. This issue occurs when a specially crafted GIF image is processed. An attacker can exploit this issue to execute arbitrary code in the context of the affected process. This issue affects Mac OS X 10.4.7. This issue is tracked by Mitre CVE identifier CVE-2006-3503.

- An arbitrary JavaScript-execution vulnerability affects LaunchServices. This issue occurs because the application may improperly mark JavaScript as 'safe' when it is not. This may result in the automatic execution of the code during downloading. This issue affects Mac OS X version 10.4.7. This issue is tracked by Mitre CVE identifier CVE-2006-3504.

- A denial-of-service vulnerability affects OpenSSH. This issue occurs when the process attempts to authenticate a nonexistent account. Repeated attempts may result in denial-of-service conditions. This issue may also reveal valid user accounts because the application does not hang on valid account names. This issue affects Mac OS X version 10.4.7. This issue is tracked by Mitre CVE identifier CVE-2006-0393.

- A denial-of-service vulnerability affects WebKit. This issue occurs because a maliciously crafted HTML document may cause a previously deallocated object to be accessed. This may result in denial-of-service conditions; arbitrary code execution may also be possible. This issue affects Mac OS X versions 10.3.9 and 10.4.7. This issue is tracked by Mitre CVE identifier CVE-2006-3505.

This record will be divided into separate BIDs when further analysis is complete.

Affected Products:

• Apple Mac OS X 10.0.0
• Apple Mac OS X 10.0.03
• Apple Mac OS X 10.0.1
• Apple Mac OS X 10.0.2
• Apple Mac OS X 10.0.3
• Apple Mac OS X 10.0.3
• Apple Mac OS X 10.0.4
• Apple Mac OS X 10.1.0
• Apple Mac OS X 10.1.0
• Apple Mac OS X 10.1.1
• Apple Mac OS X 10.1.2
• Apple Mac OS X 10.1.3
• Apple Mac OS X 10.1.4
• Apple Mac OS X 10.1.5
• Apple Mac OS X 10.2.0
• Apple Mac OS X 10.2.1
• Apple Mac OS X 10.2.2
• Apple Mac OS X 10.2.3
• Apple Mac OS X 10.2.4
• Apple Mac OS X 10.2.5
• Apple Mac OS X 10.2.6
• Apple Mac OS X 10.2.7
• Apple Mac OS X 10.2.8
• Apple Mac OS X 10.3.0
• Apple Mac OS X 10.3.1
• Apple Mac OS X 10.3.2
• Apple Mac OS X 10.3.3
• Apple Mac OS X 10.3.4
• Apple Mac OS X 10.3.5
• Apple Mac OS X 10.3.6
• Apple Mac OS X 10.3.7
• Apple Mac OS X 10.3.8
• Apple Mac OS X 10.3.9
• Apple Mac OS X 10.4.0
• Apple Mac OS X 10.4.1
• Apple Mac OS X 10.4.2
• Apple Mac OS X 10.4.3
• Apple Mac OS X 10.4.4
• Apple Mac OS X 10.4.5
• Apple Mac OS X 10.4.6
• Apple Mac OS X 10.4.7
• Apple Mac OS X Server 10.0.0
• Apple Mac OS X Server 10.1.0
• Apple Mac OS X Server 10.1.1
• Apple Mac OS X Server 10.1.2
• Apple Mac OS X Server 10.1.3
• Apple Mac OS X Server 10.1.4
• Apple Mac OS X Server 10.1.5
• Apple Mac OS X Server 10.2.0
• Apple Mac OS X Server 10.2.1
• Apple Mac OS X Server 10.2.2
• Apple Mac OS X Server 10.2.3
• Apple Mac OS X Server 10.2.4
• Apple Mac OS X Server 10.2.5
• Apple Mac OS X Server 10.2.6
• Apple Mac OS X Server 10.2.7
• Apple Mac OS X Server 10.2.8
• Apple Mac OS X Server 10.3.0
• Apple Mac OS X Server 10.3.1
• Apple Mac OS X Server 10.3.2
• Apple Mac OS X Server 10.3.3
• Apple Mac OS X Server 10.3.4
• Apple Mac OS X Server 10.3.5
• Apple Mac OS X Server 10.3.6
• Apple Mac OS X Server 10.3.7
• Apple Mac OS X Server 10.3.8
• Apple Mac OS X Server 10.3.9
• Apple Mac OS X Server 10.4.0
• Apple Mac OS X Server 10.4.1
• Apple Mac OS X Server 10.4.2
• Apple Mac OS X Server 10.4.3
• Apple Mac OS X Server 10.4.4
• Apple Mac OS X Server 10.4.5
• Apple Mac OS X Server 10.4.6
• Apple Mac OS X Server 10.4.7
• Apple iPhone 1
• Apple iPhone 1.0.1
• Apple iPhone 1.0.2
• Apple iPhone 1.1.1
• Apple iPod Touch 1.1
• Apple iPod Touch 1.1.1

References:

• Apple: Apple Security Updates
• Apple: Mac OS X Home Page
• CVE: CVE-2006-0392
• CVE: CVE-2006-0393
• CVE: CVE-2006-1472
• CVE: CVE-2006-1473
• CVE: CVE-2006-3495
• CVE: CVE-2006-3496
• CVE: CVE-2006-3497
• CVE: CVE-2006-3498
• CVE: CVE-2006-3499
• CVE: CVE-2006-3500
• CVE: CVE-2006-3501
• CVE: CVE-2006-3502
• CVE: CVE-2006-3503
• CVE: CVE-2006-3504
• CVE: CVE-2006-3505
• US-CERT: VU#172244 - Apple Mac OS X ImageIO vulnerable to integer overflow via specially
• US-CERT: VU#514740 - Apple Mac OS X Bom vulnerable to memory corruption via specially cra
• US-CERT: VU#566132 - Apple Mac OS X WebKit may allow code execution when visiting a malic
• US-CERT: VU#605908 - Apple Mac OS X ImageIO vulnerable to integer overflow via specially
• US-CERT: VU#651844 - Apple Mac OS X ImageIO contains undetected memory failure in GIF ima
• US-CERT: VU#776628 - Apple Mac OS X bootpd vulnerable to stack-based buffer overflow
• US-CERT: Vulnerability Note VU#708340 - Apple Mac OS X AFP server may disclose file and f

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.