Title: Apple Mac OS X Jaguar/Panther Multiple Vulnerabilities
Severity: CRITICAL
Description:
Apple has released APPLE-SA-2003-11-19 which includes security updates to address several known vulnerabilities in components included in Jaguar and Panther releases of Mac OS X.
An update was released for Mac OS X 10.2.8 to address the following vulnerabilities:
A format string vulnerability (CAN-2001-1411) in the gm4 utility could potentially allow for arbitrary code execution with elevated privileges. While no known setuid/setgid utilities are known to use gm4, this update is intended as a preventative measure against potential attacks that could result from this issue. This issue is also mentioned in BID 8917, which reflects multiple vulnerabilities that were patched in Panther. This update addresses the issue in Jaguar.
A format string vulnerability in the groff component pic could potentially be exploited to execute arbitrary code.
An issue (CAN-2003-0881) has been reported to exist in the Mac OS X Mail application. This issue presents itself when an account is configured to use MD5 Challenge Response. If an attempt to login fails the program switches to plain text passwords. This issue is also mentioned in BID 8917, which reflects multiple vulnerabilities that were patched in Panther. This update addresses the issue in Jaguar.
A vulnerability (CAN-2003-0107) in zlib was addressed. This issue is a buffer overrun in the gzprinft() function, which is described in further detail in BID 6913. It is reported that no Mac OS X applications used the vulnerable function, but it is possible that third-party applications may, constituting a potentially exploitable vulnerability.
A vulnerability (CAN-2003-0878) is reported to exist when Personal File Sharing is enabled that may allow an attacker to gain elevated privileges. This issue occurs because the slpd daemon may create a file owned by root in the tmp directory. This could overwrite an existing file resulting in elevated privileges. This issue is also mentioned in BID 8917, which reflects multiple vulnerabilities that were patched in Panther. This update addresses the issue in Jaguar.
An unspecified vulnerability in QuickTime for Java was also addressed. This issue is described in BID 8922.
The following updates were also released for Mac OS X 10.3.1:
Fixes were included for the aforementioned zlib vulnerability.
A denial of service vulnerability in OpenSSL (CAN-2003-0851) was fixed. This is related to ASN.1 parsing and is described in further detail in BID 8970.
The appropriate BIDs for these vulnerabilities will be updated when further analysis of these issues is complete. Where it is required, new BIDs will be created for individual vulnerabilities.
Affected Products:
- Apple Mac OS X 10.0.0
- Apple Mac OS X 10.2.0
- Apple Mac OS X 10.2.1
- Apple Mac OS X 10.2.2
- Apple Mac OS X 10.2.3
- Apple Mac OS X 10.2.4
- Apple Mac OS X 10.2.5
- Apple Mac OS X 10.2.6
- Apple Mac OS X 10.2.7
- Apple Mac OS X 10.2.8
- Apple Mac OS X 10.3.0
- Apple Mac OS X 10.3.1
- Apple Mac OS X Server 10.2.0
- Apple Mac OS X Server 10.2.1
- Apple Mac OS X Server 10.2.2
- Apple Mac OS X Server 10.2.3
- Apple Mac OS X Server 10.2.4
- Apple Mac OS X Server 10.2.5
- Apple Mac OS X Server 10.2.6
- Apple Mac OS X Server 10.2.7
- Apple Mac OS X Server 10.2.8
- Apple Mac OS X Server 10.3.0
- Apple Mac OS X Server 10.3.1
References:
- Apple: Apple Software Downloads
- CVE: CAN-2001-1411
- CVE: CAN-2003-0107
- CVE: CAN-2003-0851
- CVE: CAN-2003-0878
- CVE: CAN-2003-0881
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
