|
Mac OS X Multiple Vulnerabilities
|
|
Secunia Advisory:
|
SA9814
|
|
|
Release Date:
|
2003-09-23
|
|
Last Update:
|
2003-10-14
|
|
Popularity:
|
10,760 views
|
|
|
Critical:
|
Highly critical
|
|
Impact:
|
DoS
System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| OS: | Apple Macintosh OS X
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities 
|
|
| CVE reference: | CVE-2003-0466
CVE-2003-0543
CVE-2003-0544
CVE-2003-0545
CVE-2003-0681
CVE-2003-0682
CVE-2003-0693
CVE-2003-0694
CVE-2003-0695
CVE-2003-0804
|
|
Description:
Apple has acknowledged several vulnerabilities in Mac OS X, which potentially can be exploited by malicious people to compromise a vulnerable system or cause a DoS (Denial of Service).
Apple reports that Mac OS X is affected by the buffer management vulnerabilities in OpenSSH. According to Apple, these can be exploited to cause the SSH service to crash.
For more information:
SA9743
The OpenSSL implementation is affected by various vulnerabilities in the ASN.1 parser, which could lead to a DoS and potentially system access.
For more information:
SA9886
Boundary errors in the Sendmail address parsing code and ruleset parsing can be exploited to cause buffer overflows. This potentially allows execution of arbitrary code.
For more information:
SA9758
An off-by-one error in the "fb_realpath()" function can potentially be exploited to execute arbitrary code via an application using this function. This is done by specifying a path, which resolves to a 1024 character long path length. This vulnerability was also addressed in Mac OS X 10.2.6.
For more information:
SA9535
An unspecified error in the "arplookup()" function can be exploited by malicious people on a LAN to exhaust kernel memory and cause a DoS by sending multiple spoofed ARP requests.
Solution:
Update to Mac OS X 10.2.8 manually or via the Software Update pane in System Preferences.
Mac OS X Client (updating from 10.2 - 10.2.5):
http://www.info.apple.com/kbnum/n120244
Mac OS X Client (updating from 10.2.6):
http://www.info.apple.com/kbnum/n120245
Mac OS X Server (updating from 10.2 - 10.2.5):
http://www.info.apple.com/kbnum/n120247
Mac OS X Server (updating from 10.2.6):
http://www.info.apple.com/kbnum/n120246
Mac OS X (updating from 10.2.7 G5):
http://www.info.apple.com/kbnum/n120248
Update for users, who installed the original version 10.2.8:
http://www.info.apple.com/kbnum/n120252
Changelog:
2003-09-24: Apple has temporarily pulled the updated version. Updated "Solution" section.
2003-10-04: Apple has released an updated version of Mac OS X 10.2.8.
2003-10-14: Added information about fixed OpenSSL vulnerabilities.
Original Advisory:
http://docs.info.apple.com/article.html?artnum=61798
Other References:
SA9535:
http://secunia.com/advisories/9535/
SA9743:
http://secunia.com/advisories/9743/
SA9758:
http://secunia.com/advisories/9758/
SA9886:
http://secunia.com/advisories/9886/
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
