Vulnerabilidades en Mac OS X

Aunque en inglés, consideramos de interés publicar la lista de vulnerabilidades que cubrió el último parche de seguridad para Mac OS X, y que como informábamos ayer, algunos usuarios pueden no haber instalado por utilizar una versión modificada de Apache, o bien, a pesar de haberlo instalado el parche puede no haber tapado el “agujero” que pretendía. Nos lo ha remitido Gandalf.

Resumen, (en inglés) del por qué del Security Update 2004-12-02:

Cyrus IMAP

Available for: Mac OS X Server v10.3.6

CVE-ID: CAN-2004-1089

Impact: When using Kerberos authentication with Cyrus IMAP an authenticated user could gain unauthorized access to other mailboxes on the same system.

Description: When using the Kerberos authentication mechanism with the Cyrus IMAP server a user could switch mailboxes after authenticating and gain access to other mailboxes on the same system. This update binds the mailbox to the authenticated user.

This server-specific issue is not present in Mac OS X Server v10.2.8. Credit to

johan.gradvall@gothia.se for reporting this issue.

HIToolbox

Available for: Mac OS X v10.3.6, Mac OS X Server v10.3.6

CVE-ID: CAN-2004-1085

Impact: Users can quit applications in kiosk mode

Description: A special key combination allowed users to bring up the force quit window even in kiosk mode. This update will block all force-quit key combinations not to work while in kiosk mode. This issue is not present in Mac OS X v10.2.8 or Mac OS X Server v10.2.8. Credit to Glenn Blauvelt of University of Colorado at Boulder for reporting

this issue.

Kerberos

Available for: Mac OS X v10.3.6, Mac OS X Server v10.3.6, Mac OS X v10.2.8, Mac OS X Server v10.2.8 CVE-ID: CAN-2004-0642, CAN-2004-0643, CAN-2004-0644, CAN-2004-0772

Impact: Exposure to a potential denial of service when Kerberos authentication is used

Description: MIT has released a new version of Kerberos that addresses a denial of service and three double free errors. Mac OS X contains protection against double free errors. This update applies the fix for the denial of service problem. As a precautionary measure the double free patches have also been applied. Credit to the MIT Kerberos Development Team for reporting this issue and providing fixes.

Postfix

Available for: Mac OS X v10.3.6, Mac OS X Server v10.3.6

CVE-ID: CAN-2004-1088

Impact: Postfix using CRAM-MD5 may allow a remote user to send mail without properly authenticating.

Description: Postfix servers using CRAM-MD5 to authenticate senders were vulnerable to a replay attack. Under some circumstances, the credentials used to successfully authenticate a user could be re-used for a small time period. The CRAM-MD5 algorithm used to authenticate users has been updated to prevent the replay window. This issue is not present in Mac OS X v10.2.8 or Mac OS X Server v10.2.8. Credit to Victor Duchovni of Morgan Stanley for reporting this issue.

PSNormalizer

Available for: Mac OS X v10.3.6, Mac OS X Server v10.3.6

CVE-ID: CAN-2004-1086

Impact: A buffer overflow in PostScript to PDF conversion could allow execution of arbitrary code.

Description: A buffer overflow in the handling of PostScript to PDF conversion could potentially allow the execution of arbitrary code. This updates corrects the PostScript to PDF conversion code to prevent the buffer overflow. This issue is not present in Mac

OS X v10.2.8 or Mac OS X Server v10.2.8.

QuickTime Streaming Server

Available for: Mac OS X Server v10.3.6, Mac OS X Server v10.2.8

CVE-ID: CAN-2004-1123

Impact: Specially crafted requests could cause a denial of service.

Description: QuickTime Streaming Server was vulnerable to a denial of service attack when handling DESCRIBE requests. This update corrects the handling of these requests.

Credit to iDEFENSE for reporting this issue.

Terminal

Available for: Mac OS X v10.3.6 and Mac OS X Server v10.3.6

CVE-ID: CAN-2004-1087

Impact: Terminal may indicate that ‘Secure Keyboard Entry’ is active when it is not.

Description: The ‘Secure Keyboard Entry’ menu setting was not properly restored when launching Terminal.app. A check mark would be displayed next to ‘Secure Keyboard Entry’ even though it was not enabled. This update fixes the behavior of the ‘Secure Keyboard Entry’. This issue is not present in Mac OS X v10.2.8 or Mac OS X Server v10.2.8.

Credit to Jonathan ‘Wolf’ Rentzsch of Red Shed Software for reporting this issue.

Appkit

Available for: Mac OS X v10.3.6, Mac OS X Server v10.3.6, Mac OS X v10.2.8, Mac OS X Server v10.2.8

CVE-ID: CAN-2004-1081

Impact: Characters entered into a secure text field can be read by other applications in the same window session

Description: In some circumstances a secure text input field will not correctly enable secure input. This can allow other applications in the same window session to see some input characters and keyboard events. Input to secure text fields is now enabled in a way to prevent the leakage of key press information.

Appkit

Available for: Mac OS X v10.3.6, Mac OS X Server v10.3.6, Mac OS X v10.2.8, Mac OS X Server v10.2.8

CVE-ID: CAN-2004-0803, CAN-2004-0804, CAN-2004-0886

Impact: Integer overflows and poor range checking in tiff handling could allow to execution of arbitrary code or denial of service.

Description: Flaws in decoding tiff images could overwrite memory, cause arithmetic errors resulting in a crash, or permit the execution of arbitrary code. This update corrects the problems in the handling of tiff images.

0 0 votos
Article Rating
Subscribe
Notify of
0 Comments
Opiniones Inline
Ver todos los comentarios
0
Me encantaría saber tu opinión, por favor, deja un comentariox
()
x