• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: Apple Mac OS X 2008-006 Multiple Security Vulnerabilities

Severity: CRITICAL

Description:

Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2008-006.

The security update addresses a total of 17 new vulnerabilities that affect the Apple Type Services, Directory Services, Finder, ImageIO, Kernel, Login Windows, SearchKit, System Configuration, System Preferences, Time Machine, VideoConference, and Wiki Server components of Mac OS X. The advisory also contains security updates for 17 previously reported issues.

The following new issues were reported:

1. A heap-based buffer-overflow vulnerability affects Apple Type Services (ATS) when handling PostScript font names. An attacker can exploit this issue by tricking a victim into viewing a specially crafted document. A successful exploit will allow attacker-supplied code to run in the context of the current user. This issue is tracked by CVE-2008-2305 and affects Mac OS X 10.4.11, Mac OS X Server 10.4.11, Mac OS X 10.5 through 10.5.4, and Mac OS X Server 10.5 through 10.5.4.

2. An information-disclosure vulnerability affects the Login Window of Directory Services. An attacker can exploit this issue by submitting wildcard characters to the user name field. A successful exploit will disclose a list of user names from Active Directory. This issue is tracked by CVE-2008-2329 and affects Mac OS X 10.5 through 10.5.4, and Mac OS X Server 10.5 through 10.5.4.

3. The 'slapconfig' tool (used for configuring OpenLDAP) in Directory Services creates temporary files in an insecure manner. A local attacker can exploit this issue to cause the currently entered password to be saved to an attacker-controlled file. This issue is tracked by CVE-2008-2330 and affects Mac OS X Server 10.4.11, and Mac OS X Server 10.5 through 10.5.4.

4. A weakness affects Finder that could result in a false sense of security. Specifically, a 'Get Info' window may not display the correct filesystem 'Sharing & Permissions' after changes have been made. This may result in a false sense of security and aid in further attacks. This issue is tracked by CVE-2008-2331 and affects Mac OS X 10.5 through 10.5.4, and Mac OS X Server 10.5 through 10.5.4.

5. A denial-of-service vulnerability affects Finder when searching for a remote disk. An attacker with access to the local network may be able to trigger a NULL-pointer dereference, causing Finder to crash. This issue is tracked by CVE-2008-3613 and affects Mac OS X 10.5 through 10.5.4, and Mac OS X Server 10.5 through 10.5.4.

6. A remote memory-corruption vulnerability affects ImageIO when handling specially crafted TIFF images. An attacker can exploit this issue by sending a malicious image to an unsuspecting victim. A successful exploit will allow attacker-supplied code to run in the context of the current user. Failed exploit attempts will likely cause denial-of-service conditions. This issue is tracked by CVE-2008-2332 and affects Mac OS X 10.4.11, Mac OS X Server 10.4.11, Mac OS X 10.5 through 10.5.4, and Mac OS X Server 10.5 through 10.5.4.

7. A remote memory-corruption vulnerability affects ImageIO when handling embedded ICC profiles in JPEG images. An attacker can exploit this issue by sending a malicious image to an unsuspecting victim. A successful exploit will allow arbitrary code to run in the context of the current user. Failed exploit attempts will likely cause denial-of-service conditions. This issue is tracked by CVE-2008-3608 and affects Mac OS X 10.4.11, Mac OS X Server 10.4.11, Mac OS X 10.5 through 10.5.4, and Mac OS X Server 10.5 through 10.5.4.

8. An unauthorized-access vulnerability affects Kernel because credentials are not always flushed when a vnode is recycled. A local attacker may be able to exploit this issue to read or write to a file they normally do not have permission to access. This issue is tracked by CVE-2008-3609 and affects Mac OS X 10.5 through 10.5.4, and Mac OS X Server 10.5 through 10.5.4.

9. An authorization-bypass vulnerability affects Login Window when the Guest account is enabled or another account has no password. A race condition occurs when processing login attempts to either of those accounts. This may present the attacker with a list of all valid accounts and allow login to any account on the list. This issue is tracked by CVE-2008-3610 and affects Mac OS X 10.5 through 10.5.4, and Mac OS X Server 10.5 through 10.5.4.

10. An authorization-bypass vulnerability affects Login Window when a user changes their password. Specifically, if a password change fails, an error message is displayed, but the current password is not cleared (this is not obvious to the user). An attacker with physical access to the computer can reset the password. This issue is tracked by CVE-2008-3611 and affects Mac OS X 10.4.11, and Mac OS X Server 10.4.11.

11. An integer-overflow vulnerability affects SearchKit because it fails to properly validate user-supplied input. A successful attack will allow arbitrary attacker-supplied code to run. Failed exploit attempts will likely cause denial-of-service conditions. This issue is tracked by CVE-2008-3616 and affects Mac OS X 10.4.11, Mac OS X Server 10.4.11, Mac OS X 10.5 through 10.5.4, and Mac OS X Server 10.5 through 10.5.4.

12. An information-disclosure vulnerability affects System Configuration because it stores PPP passwords unencrypted in a world-readable file. A local attacker can exploit this issue to gain access as an arbitrary PPP user. This issue is tracked by CVE-2008-2312 and affects Mac OS X 10.4.11, and Mac OS X Server 10.4.11.

13. A weakness affects System Preferences that may result in a false sense of security when passwords for VNC viewers are enabled. The problem occurs because the user interface allows passwords to exceed eight characters, but only the first eight characters are actually used in the password. This may lead to a false sense of security because passwords will not have the same complexity. This issue is tracked by CVE-2008-3617 and affects Mac OS X 10.5 through 10.5.4, and Mac OS X Server 10.5 through 10.5.4.

14. A weakness affects System Preferences because the File Sharing pane fails to properly display all access privileges. This may result in a false sense of security because not all shared folders, and who can access them, are displayed. This issue is tracked by CVE-2008-3618 and affects Mac OS X 10.5 through 10.5.4.

15. An information-disclosure vulnerability affects Time Machine because it stores log files with read access to other users. A local attacker can exploit this issue to obtain potentially sensitive information that may aid in further attacks. This issue is tracked by CVE-2008-3619 and affects Mac OS X 10.5 through 10.5.4, and Mac OS X Server 10.5 through 10.5.4.

16. A memory-corruption vulnerability affects VideoConference when handling H.264-encoded media. An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious file. A successful exploit will allow attacker-supplied code to run in the context of the current user. Failed exploit attempts will likely cause denial-of-service conditions. This issue is tracked by CVE-2008-3621 and affects Mac OS X 10.4.11, Mac OS X Server 10.4.11, Mac OS X 10.5 through 10.5.4, and Mac OS X Server 10.5 through 10.5.4.

17. A remote code-execution vulnerability affects Wiki Server because it may execute JavaScript that is embedded in a message. An attacker can exploit this issue by submitting a message to the mailing list hosted on the Wiki Server. A successful exploit will allow attacker-supplied JavaScript to run in the context of the vulnerable site. This issue is tracked by CVE-2008-3622 and affects Mac OS X 10.5 through 10.5.4, and Mac OS X Server 10.5 through 10.5.4.

Affected Products:

• Apple Aperture 2
• Apple Mac OS X 10.4.11
• Apple Mac OS X 10.5
• Apple Mac OS X 10.5.1
• Apple Mac OS X 10.5.2
• Apple Mac OS X 10.5.3
• Apple Mac OS X 10.5.4
• Apple Mac OS X Server 10.4.11
• Apple Mac OS X Server 10.5
• Apple Mac OS X Server 10.5.1
• Apple Mac OS X Server 10.5.2
• Apple Mac OS X Server 10.5.3
• Apple Mac OS X Server 10.5.4
• Apple Safari 3
• Apple Safari 3 Beta
• Apple Safari 3.0.1 Beta
• Apple Safari 3.0.2 Beta
• Apple Safari 3.0.3 Beta
• Apple Safari 3.1
• Apple Safari 3.1.1
• Apple Safari 3.1.2
• Apple Safari 3.2
• Apple iLife 8.0

References:

• Apple: About the security content of Mac OS X v10.5.5 and Security Update 2008-006
• Apple: Mac OS X Home Page
• CVE: CVE-2008-2305
• CVE: CVE-2008-2312
• CVE: CVE-2008-2329
• CVE: CVE-2008-2330
• CVE: CVE-2008-2331
• CVE: CVE-2008-2332
• CVE: CVE-2008-3608
• CVE: CVE-2008-3609
• CVE: CVE-2008-3610
• CVE: CVE-2008-3611
• CVE: CVE-2008-3613
• CVE: CVE-2008-3616
• CVE: CVE-2008-3617
• CVE: CVE-2008-3618
• CVE: CVE-2008-3619
• CVE: CVE-2008-3621
• CVE: CVE-2008-3622
• US-CERT: VU#126787 - MAC OS X file sharing allows authenticated remote access to files an

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.