Free Republic
Browse · Search
General/Chat
Topics · Post Article

Skip to comments.

Apple releases Security update for OSX.3.9... This is not for Tiger.
Apple Computer ^ | 5/3/2005 | Apple Computer staff

Posted on 05/04/2005 12:30:11 AM PDT by Swordmaker

Apple has announced the release of a security update for OSX.3.9 and lower. This apparently does not impact the users of OSX.4 Tiger.

I suggest all Mac OSX users who have not updated to Tiger to use the Software Update option under the Apple menu to immediately update their computer's OS.

Below is Apple's descriptions of the patches in this security update:

--------------------------------

About Security Update 2005-005

This document describes Security Update 2005-005, which can be downloaded and installed using Software Update, or from Apple Downloads.

For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred, and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.

For information about the Apple Product Security PGP Key, see "How To Use The Apple Product Security PGP Key."

Where possible, CVE IDs are used to reference the vulnerabilities for further information.

To learn about other Security Updates, see "Apple Security Updates."

Security Update 2005-005

  • Apache
    CVE-ID: CAN-2005-1344
    Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9
    Impact: The htdigest program contains a buffer overflow, which if used improperly in a CGI application, could allow a remote system compromise
    Description: The htdigest program could be used in a CGI application to manage user access controls to a web server. htdigest contains a buffer overflow. This update fixes the buffer overflow in htdigest. Apple does not provide any CGI applications that use the htdigest program. Credit to JxT of SNOsoft for reporting this issue.

  • AppKit
    CVE-ID: CAN-2004-1308, CAN-2004-1307
    CERT: VU#125598, VU#539110
    Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9
    Impact: An integer overflow in the handling of TIFF files could permit arbitrary code execution
    Description: A malformed TIFF image could contain parameters that result in image data overwriting the heap. This issue has been addressed by adding additional tests when calculating the space needed for an image.

  • AppKit
    CVE-ID: CAN-2005-1330
    Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9
    Impact: A Cocoa application will quit through an unhandled exception from NXSeek()
    Description: A malformed TIFF image can cause a call to NXSeek() with an offset outside the image. This raises an exception which is not handled. The default handler then causes the application to exit. This update causes an error to be returned to the application. Credit to Henrik Dalgaard of Echo One for reporting this issue.

  • AppleScript
    CVE-ID: CAN-2005-1331
    Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9
    Impact: Scripts created using the applescript: URI mechanism could display code differently than that which would actually run
    Description: The applescript: URI mechanism is a feature that allows AppleScript code to be distributed via a hyperlink. When an applescript: URI is clicked, the AppleScript Editor opens and displays the code that has been downloaded. If the code is then compiled and run, it may not execute exactly as it is displayed. This issue has been addressed by rejecting URIs containing characters that could be used to mislead the user. Credit to David Remahl of www.remahl.se/david for reporting this issue.

  • Bluetooth
    CVE-ID: CAN-2005-1332
    Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9
    Impact: Bluetooth-enabled systems may allow file exchange without prompting users
    Description: The Bluetooth file exchange service is enabled by default on systems with Bluetooth capability. This could allow files to be shared without properly notifying the user. In addition, the default directory for file sharing may be used by other applications, leading to unintentional file sharing. Security Update 2005-005 disables Bluetooth file exchange and changes the location of the default transfer directory on systems where the old default directory is set. In addition, new users of a system must now enable Bluetooth file exchange before it is allowed. Users with Bluetooth-enabled systems should read this article for more information on the changes provided by this update. Credit to kf_lists[at]digitalmunition[dot]com for reporting this issue.

  • Bluetooth
    CVE-ID: CAN-2005-1333
    Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9
    Impact: Directory traversal via Bluetooth file and object exchange
    Description: Due to insufficient input checking, the Bluetooth file and object exchange services could be used to access files outside of the default file exchange directory. Security Update 2005-005 addresses this issue by adding enhanced filtering for path-delimiting characters. Credit to kf_lists[at]digitalmunition[dot]com for reporting this issue.

  • Directory Services
    CVE-ID: CAN-2005-1335
    Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9
    Impact: chfn/chpass/chsh could be manipulated to give privileges to an unprivileged user
    Description: chfn/chpass/chsh is a hard-linked set of SUID programs. Certain code paths use external helper programs in an insecure manner which could lead to a privilege escalation.  This
    update provides secure mechanisms for running helper programs.

  • Finder
    CVE-ID: CAN-2005-0342
    Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9
    Impact: Unsafe handling of .DS_Store files could be used by local attackers to overwrite files and lead to privilege escalation
    Description: Finder uses .DS_Store files to store and retrieve information used to display folders on the system.  When writing these files, Finder could follow a link resulting in the overwrite of an arbitrary file.  In addition, these files could contain data supplied by malicious users, allowing them to gain privileges by
    altering system configuration files. Security Update 2005-005 addresses this issue by updating Finder to check that .DS_Store files are not links before writing to them.

  • Foundation
    CVE-ID: CAN-2005-1336
    Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9
    Impact: Buffer overflow via an environment variable for applications
    using the Foundation framework
    Description: The incorrect handling of an environment variable
    within the Foundation framework can result in a buffer overflow that
    may be used to execute arbitrary code. This issue has been addressed
    by improved handling of the environment variable.

  • Help Viewer
    CVE-ID: CAN-2005-1337
    Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9
    Impact: Help Viewer could be used to run Javascript without the
    restrictions normally imposed
    Description: When Javascript is loaded for a remote site, it is 
    executed in a restricted environment.  The environment restrictions
    are not applied for local Javascript files loaded by the Help
    Viewer.  Security Update 2005-005 addresses this by only allowing
    Help Viewer to load registered pages.  Credit to David Remahl of
    www.remahl.se/david for reporting this issue.

  • LDAP
    CVE-ID: CAN-2005-1338
    Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9
    Impact: Passwords could initially be stored into LDAP in plain text
    when using an LDAP server not running on Mac OS X
    Description: When a system is bound to an LDAP server that has
    "ldap_extended_operation" disabled or not supported, and new accounts
    are created using the Workgroup Manager, then the initial password
    can be stored in the clear.  If the password is modified using the
    Inspector it will be correctly stored in a hashed form. This issue
    does not occur when using the Apple supplied Open Directory server. 
    For servers not supporting "ldap_extended_operation", this update now
    stores new passwords in the hashed form.

  • libXpm
    CVE ID: CAN-2004-0687 CERT: VU#882750
    Available for:  Mac OS X v10.3.9, Mac OS X Server v10.3.9
    Impact:  A vulnerability in the parsing of malformed XPM files could
    allow arbitrary code execution
    Description:  The xpmParseColors() function in the XFree86 libXpm
    library contains a vulnerability in the parsing of malformed image
    files that may lead to a stack overflow and could allow arbitrary
    code execution.  Images downloaded via a web browser may use the XPM
    format and allow remote exploitability.  libXpm is not installed by
    default on Mac OS X or Mac OS X Server systems.  It is an optional
    install item via the X11 package.  Credit to Chris Evans
    <chris@scary.beasts.org> for reporting this issue.

  • libXpm
    CVE ID:  CAN-2004-0688 CERT:  VU#537878
    Available for:  Mac OS X v10.3.9, Mac OS X Server v10.3.9
    Impact:  A vulnerability in the parsing of malformed XPM files could
    allow arbitrary code execution
    Description:  Multiple libXpm routines contain integer overflow
    vulnerabilities that may allow an attacker to cause a
    denial-of-service condition or execute arbitrary code.  Images
    downloaded via a web browser may use the XPM format and allow remote
    exploitability.  libXpm is not installed by default on Mac OS X or
    Mac OS X Server systems.  It is an optional install item via the X11
    package.  Credit to Chris Evans <chris@scary.beasts.org> for
    reporting this issue.

  • lukemftpd
    CVE-ID: CAN-2005-1339
    Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9
    Impact: When using the chroot feature of ftp, users can bypass the
    restriction by using their full name
    Description: The ftp server allows users to login with either their
    full name or their short name.  In order to restrict users to their
    home directory, all permitted login names must be listed in
    /etc/ftpchroot.  Users are permitted to change their full name.  This
    issue has been addressed by mapping full names to short names before
    checking the /etc/ftpchroot restriction list. Credit to Rob Griffiths
    of macosxhints.com for reporting this issue.

  • NetInfo
    CVE-ID: CAN-2005-0594
    Available for: Mac OS X Server v10.3.9
    Impact: The Netinfo Setup Tool (NeST) contains a buffer overflow
    that could permit arbitrary code execution
    Description: NeST is a SUID tool. It contains a buffer overflow
    that could permit arbitrary code execution. This update prevents the
    buffer overflow from occurring. Credit to iDEFENSE Labs for reporting
    this issue.

  • Server Admin
    CVE-ID: CAN-2005-1340
    Available for: Mac OS X Server v10.3.9
    Impact: Enabling the HTTP proxy service also enables it for users
    not on your network if there are no access restrictions
    Description: When the HTTP proxy service is enabled in Server Admin
    it does not restrict which networks can access it.  If there are no
    external access controls, then users on the Internet can also use the
    proxy.  The HTTP proxy service is disabled by default.  This update
    adds a user interface component to Server Admin which allows the HTTP
    proxy to be restricted to local networks.

  • sudo
    CVE-ID: CAN-2004-1051
    Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9
    Impact: Bash scripts run via sudo can be subverted
    Description:    Sudo versions prior to 1.6.8p2 do not properly
    sanitize their environment .  A malicious local user with permission
    to run a bash shell script could exploit this to run arbitrary
    commands.  Apple does not provide any pre-authorized bash shell
    scripts by default.  This issue is addressed by removing bash shell
    functions from the environment before running subsequent commands.

  • Terminal
    CVE-ID: CAN-2005-1341 CERT: VU#994510
    Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9
    Impact: Malicious input could cause data to be inserted into a
    user's Terminal command line
    Description: The Terminal utility allows window titles to be read as
    input via a particular escape sequence.  This could allow malicious
    content to inject data when it is displayed in a Terminal
    session.  Security Update 2005-005 addresses the issue by removing
    handlers for this insecure escape sequence.  Credit to David Remahl
    of www.remahl.se/david for reporting this issue.

  • Terminal
    CVE-ID: CAN-2005-1342 CERT: VU#356070
    Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9
    Impact: Escape characters embedded in x-man-path URIs could insert
    commands into a user's Terminal session
    Description: The x-man-path URI scheme provides support for
    displaying manual pages via the Terminal utility.  Insufficient
    validation of these URIs can allow data to be inserted a Terminal
    session.  Security Update 2005-005 addresses this by adding escape
    sequence validation to the URI handler.  Credit to David Remahl of
    www.remahl.se/david for reporting this issue.

  • VPN
    CVE-ID: CAN-2005-1343
    Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9
    Impact: A local user can obtain root privileges if the system is
    being used as a VPN server
    Description: A buffer overflow in "vpnd" could be used by a local
    user to obtain root privileges if the system is configured as a VPN
    server.   This problem does not occur on systems that are configured
    as a VPN client.  This issue cannot be exploited remotely.  This
    update prevents the buffer overflow from occurring.  Credit to Pieter
    de Boer of the master SNB at the Universiteit van Amsterdam (UvA) for
    reporting this issue.



TOPICS: Computers/Internet
KEYWORDS: apple; computersecurity; mac; macintosh; osx; security; updates

1 posted on 05/04/2005 12:30:12 AM PDT by Swordmaker
[ Post Reply | Private Reply | View Replies]

To: Bush2000; antiRepublicrat; Action-America; eno_; bentfeather; N3WBI3; zeugma; TechJunkYard; ...
Apple Mac OSX.3.9 Security Updates released today - PING!

Users who have not updated to OSX.4 Tiger should use Software Update to get these security patches.

If you want on or off the Mac Ping List, Freepmail me.

2 posted on 05/04/2005 12:31:49 AM PDT by Swordmaker (tagline now open, please ring bell.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Swordmaker

Sweeeeeeet! Remote exploits ... yummmmy....


3 posted on 05/04/2005 11:26:19 AM PDT by Bush2000
[ Post Reply | Private Reply | To 2 | View Replies]

To: Bush2000
Sweeeeeeet! Remote exploits ... yummmmy....

Not plural; singular. Only one of the issues seems to refer to a "remote exploit" and that was for a service that is not even provided with a OSX installation. The vulnerability seems to be in Apache... and may affect other Apache Unix installations as well.

Apache
CVE-ID: CAN-2005-1344
Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9
Impact: The htdigest program contains a buffer overflow, which if used improperly in a CGI application, could allow a remote system compromise
Description: The htdigest program could be used in a CGI application to manage user access controls to a web server. htdigest contains a buffer overflow. This update fixes the buffer overflow in htdigest. Apple does not provide any CGI applications that use the htdigest program. Credit to JxT of SNOsoft for reporting this issue.

It's nice to close the vulnerability before there are any apps that could use it. Of course it makes one wonder what Jxt of SNOsoft is coding that required the use of htdigest that allowed him to find this hole.

4 posted on 05/04/2005 12:18:58 PM PDT by Swordmaker (tagline now open, please ring bell.)
[ Post Reply | Private Reply | To 3 | View Replies]

To: Swordmaker

Do you know how long Apple supports the free patches? I've had my eMac for just over a year, and I got the notice to download these security patches earlier today. (I did)

I wonder when I will have to stop assuming that I will get a notice, and have to look for availability.


5 posted on 05/04/2005 4:42:25 PM PDT by speekinout
[ Post Reply | Private Reply | To 2 | View Replies]

To: speekinout
Do you know how long Apple supports the free patches? I've had my eMac for just over a year, and I got the notice to download these security patches earlier today. (I did)

It may be one of life's imponderables... Apple is still releasing security updates to OSX 10.1 four years later... Earlier versions of the OS did not have automatic notification.

So, the short answer is: No, I don't know. ;^)>

6 posted on 05/04/2005 5:13:37 PM PDT by Swordmaker (tagline now open, please ring bell.)
[ Post Reply | Private Reply | To 5 | View Replies]

To: Swordmaker

Oh, what the heck. One of the reasons I got the Mac is because I have already spent more time upgrading computers than I like (it's fun for awhile, but then it gets old - sort of like mowing the lawn).
If this computer lasts 4 years without me having to do an "upgrade", I will be certainly happy.


7 posted on 05/04/2005 6:57:44 PM PDT by speekinout
[ Post Reply | Private Reply | To 6 | View Replies]

To: HAL9000

Monster Update Ping.


8 posted on 05/05/2005 4:19:19 PM PDT by Golden Eagle (Team America)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Swordmaker
Not plural; singular. Only one of the issues seems to refer to a "remote exploit" and that was for a service that is not even provided with a OSX installation. The vulnerability seems to be in Apache... and may affect other Apache Unix installations as well.

Wrong. Several patches have been made to prevent remote exploitation. Search for "remote" and read about them. Whether Apache is distributed with OS X is irrelevant. The fact of the matter is that, if you're running a web server with OS X, you're most likely going to be running Apache. So, fish down to the bottom of the barrel for more lame excuses.

It's nice to close the vulnerability before there are any apps that could use it.

Uh, sorry but that was a clueless comment.
9 posted on 05/05/2005 5:44:39 PM PDT by Bush2000
[ Post Reply | Private Reply | To 4 | View Replies]

To: Bush2000

Bush, my comments refer to this series of patches... not a search of "remote" exploits. Apache IS distributed with OSX... but the specific part, htdigest, isn't implemented. Apple has patched the problem irregardless of that fact.

If we were to then look at all of the vulnerabilities of your beloved Windows platform, using your logic, NONE of them have been closed until every machine in the world is patched... sure.


10 posted on 05/06/2005 12:24:06 AM PDT by Swordmaker (tagline now open, please ring bell.)
[ Post Reply | Private Reply | To 9 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson