Apple fixes Panther, Tiger vulnerabilities

Apple today issued a security update for Mac OS X 10.3.9 Panther Client and Server as well as Mac OS X 10.4.9 Tiger Client and Server, fixing numerous security holes in both systems. The update includes fixes related to Alias Manager, BIND, CoreGraphics, crontabs, fetchmail, file, iChat, mDNSResponder, PPP, ruby, screen, texinfo, and VPN. Specific vulnerabilities include the potential for attackers to mislead users into opening a substituted file, multiple holes in BIND, arbitrary code execution from opening a maliciously crafted PDF document, and more. Mac owners running these systems are encouraged to either update automatically via the "Software Update" menu item under the Apple Menu or by heading to Apple's website to download the security fix manually.

Alias Manager

In certain circumstances, an implementation issue in Alias Manager will not show identically-named files contained in identically-named mounted disk images. By enticing a user to mount two identically-named disk images, an attacker could mislead the user into opening a malicious program. This update addresses the issue by performing additional validation of mountpaths. Apple offers credit to Greg Bolsinga of Blurb for reporting this issue.

BIND

BIND is updated to version 9.3.4. Further information is available via the ISC web site at http://www.isc.org/index.pl?/sw/bind/

CoreGraphics

An integer overflow vulnerability exists in the handling of PDF files. By enticing a user to open a maliciously crafted PDF file, an attacker could trigger the overflow which may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of PDF files. This issue does not affect systems prior to Mac OS X Mac OS X 10.4.

crontabs

Filesystems mounted in the /tmp directory may be deleted when the daily cleanup script is executed, which may lead to a denial of service. This update addresses the issues by updating the daily cleanup script to prevent find commands from descending into mounted filesystems.

fetchmail

fetchmail is updated to version 6.3.8 to address a cryptographic weakness that could lead to the disclosure of fetchmail passwords. Further information is available via the fetchmail web site at http://fetchmail.berlios.de/fetchmail-SA-2007-01.txt

file

A heap buffer overflow vulnerability exists in the file command line tool, which may lead to an unexpected application termination or arbitrary code execution. This update addresses by performing additional validation of files that are passed to the file command.

iChat

A buffer overflow vulnerability exists in the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) code used to create Port Mappings on home NAT gateways in iChat. By sending a maliciously crafted packet, an attacker on the local network can trigger the overflow which may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation when processing UPnP protocol packets in iChat.

mDNSResponder

A buffer overflow vulnerability exists in the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) code used to create Port Mappings on home NAT gateways in the OS X mDNSResponder implementation. By sending a maliciously crafted packet, an attacker on the local network can trigger the overflow which may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation when processing UPnP protocol packets. This issue does not affect systems prior to Mac OS X Mac OS X 10.4. Apple offers credit to Michael Lynn of Juniper Networks for reporting this issue.

PPP

An implementation issue exists in the PPP daemon when loading plugins via the command line, which allows a local user to obtain system privileges. This update addresses the issue by allowing only the superuser to load plugins. This issue does not affect systems prior to Mac OS X Mac OS X 10.4. Apple offers credit to an anonymous researcher working with the iDefense VCP for reportingthis issue.

ruby

Multiple denial of service issues exist in the Ruby CGI library. By sending maliciously crafted HTTP requests to a
web application using cgi.rb, an attacker could trigger an issue which may lead to a denial of service. This update addresses the issues by applying the Ruby patches.

screen

The screen command line tool is updated to address multiple denial of service vulnerabilities. Further information
is available via the GNU web site at http://lists.gnu.org/archive/html/screen-users/2006-10/msg00028.html

texinfo

A file handling issue exists in texinfo, which may allow a local user to create or overwrite files with the privileges of the user running texinfo. This update addresses the issue through improved handling of temporary files.

VPN

A format string vulnerability exists in vpnd. By running the vpnd command with maliciously crafted arguments, a
local user can trigger the vulnerability which may lead to arbitrary code execution with system privileges. This update addresses the issue by performing additional validation of the arguments passed to vpnd. Apple offers credit to Chris Anley of NGSSoftware for reporting this issue.

Filed under: software