Title: Apple Mac OS X Multiple Applications Multiple Vulnerabilities
Severity: CRITICAL
Description:
Mac OS X is prone to multiple vulnerabilities. The following specific issues were reported:
- A stack-based buffer-overflow vulnerability affects the handling of images with embedded ColorSync profiles. This issue is tracked as Mitre CVE-ID: CVE-2007-0719.
- A denial-of-service vulnerability is triggered by incomplete SSL connections with the CUPS service. This issue is tracked as Mitre CVE-ID: CVE-2007-0720. As further information is available on this issue, it has been assigned to a separate record: BID 23127 (CUPS Partial SSL Connection Remote Denial of Service Vulnerability)
- An unspecified memory-corruption vulnerability affects the 'diskimages-helper' when arbitrary disk images are mounted. This issue is tracked as Mitre CVE-ID: CVE-2007-0721.
- An integer-overflow vulnerability affects the handler of AppleSingleEncoding disk images. This issue is tracked as Mitre CVE-ID: CVE-2007-0722.
- An authentication-bypass vulnerability occurs because of a flaw in the DirectoryService which allows unprivileged LDAP users to modify the local root password. This issue is tracked as Mitre CVE-ID: CVE-2007-0723.
- An information-disclosure issue arises due to insufficient controls in the IOKit HID interface. An authenticated user can exploit this issue to log arbitrary console keystrokes that may contain sensitive information. This issue is tracked as Mitre CVE-ID: CVE-2007-0724.
A denial-of-service vulnerability affects the SSH key-creation process. Specifically, prior to finishing key creation when an SSH session is first established, an attacker could connect to the server and trigger key recreation to deny service to processing relying on a trust relationship with the server. This issue does not affect operating systems that have successfully enabled SSH and have been subsequently rebooted. This issue is tracked as Mitre CVE-ID: CVE-2007-0726.
An insecure command-execution issue affects the initialization process of USB printers. This issue can be leveraged to execute insecure file operations that can create or overwrite arbitrary files on the affected computer. This issue is tracked as Mitre CVE-ID: CVE-2007-0728.
An authentication-bypass vulnerability affects the Server Manager's authentication process and can be leveraged by an attacker to alter the system configuration. This issue is tracked as Mitre CVE-ID: CVE-2007-0730.
A stack-based buffer-overflow vulnerability arises when files with overly ong ACLs are written to SMB shares created using an Apple-specific Samba module. This issue is tracked as Mitre CVE-ID: CVE-2007-0731.
An unspecified memory-corruption vulnerability arises during the handling of RAW Image files. This issue is tracked as Mitre CVE-ID: CVE-2007-0733.
An attacker can exploit these issues to execute arbitrary code, gain elevated privileges, cause denial-of-service conditions, and access or modify arbitrary data.
Mac OS X and Mac OS X Server versions 10.3.9 and 10.4 through 10.4.8 are vulnerable.
Affected Products:
- Apple Mac OS X 10.3.9
- Apple Mac OS X 10.4.0
- Apple Mac OS X 10.4.1
- Apple Mac OS X 10.4.2
- Apple Mac OS X 10.4.3
- Apple Mac OS X 10.4.4
- Apple Mac OS X 10.4.5
- Apple Mac OS X 10.4.6
- Apple Mac OS X 10.4.7
- Apple Mac OS X 10.4.8
- Apple Mac OS X Server 10.3.9
- Apple Mac OS X Server 10.4.0
- Apple Mac OS X Server 10.4.1
- Apple Mac OS X Server 10.4.2
- Apple Mac OS X Server 10.4.3
- Apple Mac OS X Server 10.4.4
- Apple Mac OS X Server 10.4.5
- Apple Mac OS X Server 10.4.6
- Apple Mac OS X Server 10.4.7
- Apple Mac OS X Server 10.4.8
References:
- Apple: APPLE-SA-2007-04-19 Security Update 2007-004
- Apple: Apple Homepage
- CVE: CVE-2007-0719
- CVE: CVE-2007-0720
- CVE: CVE-2007-0721
- CVE: CVE-2007-0722
- CVE: CVE-2007-0723
- CVE: CVE-2007-0724
- CVE: CVE-2007-0726
- CVE: CVE-2007-0728
- CVE: CVE-2007-0730
- CVE: CVE-2007-0731
- CVE: CVE-2007-0733
- US-CERT: VU#449440 Apple ColorSync buffer overflow vulnerability
- US-CERT: VU#557064 Apple Mac OS X DirectoryService may allow arbitrary users to change th
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
