Multiplos problemas de segurança no Mac OS X

securityfocus.png

O site SecurityFocus e também no site da Apple Security um problema de seguraça no Mac OS X. O Problema, aparentemente, esta relacionado com os seguintes programas(extraído diretamente do site da Apple):

Mac OS X v10.4.7 Update

AFP

CVE-ID: CVE-2006-1468

Available for: Mac OS X v10.4.6, Mac OS X Server v10.4.6

Impact: File and folder names may be disclosed to unauthorized users

Description: An issue in AFP server allows search results to include the names of files and folders for which the user performing the search has no access. This could result in information disclosure if the names themselves are sensitive information. This update addresses the issue by ensuring that search results only include items for which the user is authorized. This issue does not affect systems prior to Mac OS X v10.4.

ClamAV

CVE-ID: CVE-2006-1989

Available for: Mac OS X Server v10.4.6

Impact: When virus scanning is configured to update automatically, a malicious database mirror may cause arbitrary code execution

Description: An issue in ClamAV’s automatic virus database updating may result in a stack-based buffer overflow. A malicious or spoofed ClamAV database mirror may be able to cause arbitrary code execution with the privileges of ClamAV. The Mail service, virus scanning, and automatic virus database updates are off by default. This update addresses the issue by incorporating ClamAV 0.88.2. This issue does not affect systems prior to Mac OS X v10.4.

ImageIO

CVE-ID: CVE-2006-1469

Available for: Mac OS X v10.4.6, Mac OS X Server v10.4.6

Impact: Viewing a maliciously-crafted TIFF image may result in an application crash or arbitrary code execution

Description: By carefully crafting a corrupt TIFF image, an attacker can trigger a stack-based buffer overflow which may result in an application crash or arbitrary code execution. This update addresses the issue by performing additional validation of TIFF images. This issue does not affect systems prior to Mac OS X v10.4.

launchd

CVE-ID: CVE-2006-1471

Available for: Mac OS X v10.4.6, Mac OS X Server v10.4.6

Impact: Local users may gain elevated privileges

Description: A format string vulnerability in the setuid program launchd may allow an authenticated local user to execute arbitrary code with system privileges. The issue is present in launchd’s logging facility. This update addresses the issue by performing additional validation when logging messages. This issue does not affect systems prior to Mac OS X v10.4. Credit to Kevin Finisterre of DigitalMunition for reporting this issue.

OpenLDAP

CVE-ID: CVE-2006-1470

Available for: Mac OS X v10.4.6, Mac OS X Server v10.4.6

Impact: Remote attackers may cause Open Directory server to crash

Description: By carefully crafting an invalid LDAP request, a remote attacker may be able to trigger an assertion in the OpenLDAP server, resulting in a denial-of-service. This update addresses the issue by discarding the invalid request. This issue does not affect systems prior to Mac OS X v10.4. Credit to the Mu Security research team for reporting this issue.

Esta sendo extremamente recomendado a atualização para o Mac OS X 10.4.7. Ainda, segundo o site do SecurityFocus alguns destes problema não precisam de exploit para serem usados mas aqui você pode pegar um exploit para o Lounch.

Advertisements

One thought on “Multiplos problemas de segurança no Mac OS X

  1. Very well, why think on the bad once you can easily get
    relieved of this debilitating soreness without surgery.
    ‘s and her husband are now back in Florida following their ordeal in New York.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s