【TWCERT/CC安全通報】 TW-CA-2005-059-[TA05-136A: Apple Mac OS X

看板NetSecurity (資安資訊安全)作者Lan.時間20年前 (2005/05/21 19:32)推噓0(0推 0噓 0→)

留言0則, 0人參與討論串1/1

※ 本文轉錄自 [Lan] 信箱作者: twcert@cert.org.tw (TWCERT/CC Fellows) 標題: 【TWCERT/CC安全通報】 TW-CA-2005-059-[TA05-136 時間: Thu May 19 10:26:07 2005 -----BEGIN PGP SIGNED MESSAGE----- TW-CA-2005-059-[TA05-136A: Apple Mac OS X is affected by multiple vulnerabilities Precedence: list] ──────────────────────────────────────── TWCERT/CC發布日期：2005-05-19 原漏洞發布日期：2005-05-16 原漏洞最新更新日期：-- 通用安全漏洞編號：CAN-2005-1342,CAN-2004-0687,CAN-2004-1308,CAN-2004-1307, CAN-2004-0688,CAN-2004-1335,CAN-2004-1336,CAN-2004-1343,CAN-2004-1332, CAN-2004-0594 分類：Dos,Info Leak,Miscellaneous 來源參考：TA05-136A ──── 簡述 ───────────────────────────────── 蘋果電腦已經發佈 2005-005 的安全更新，其中描述了許多影響 Mac OS X 和 Mac OS X Server 的弱點。最嚴重的弱點可能允許遠端攻擊者執行任意程式碼，其他的弱點包括了資訊洩漏和阻斷服務。 ──── 說明 ───────────────────────────────── 蘋果電腦安全更新 2005-005 發佈了一些影響 Mac OS X 和 OS X Server 的弱點，詳細資訊請見以下弱點編號： VU#356070 - Apple Terminal 不能適當地檢查 x-man-page URI 的輸入在 Mac OS X 的 Apple Terminal 不能適當地檢查 x-man-page URIs，允許遠端攻擊者執行任意指令。(CAN-2005-1342) VU#882750 - libXpm 影像函式庫有緩衝區溢位弱點 libXpm 影像解析程式碼包含了一個緩衝區溢位弱點，可能允許遠端攻擊者執行任意程式碼或導致阻斷服務攻擊。(CAN-2004-0687) VU#125598 - LibTIFF 有整數溢位的弱點 LibTIFF 的整數溢位會導致遠端攻擊者執行任意程式碼。(CAN-2004-1308) VU#539110 - LibTIFF 在 TIFFFetchStrip() 函式中有整數溢位 LibTIFF 的整數溢位會導致遠端攻擊者執行任意程式碼。(CAN-2004-1307) VU#537878 - libXpm函式庫包含很多整數溢位的弱點 libXpm 包含很多整數溢位的漏洞，可能允許遠端攻擊者執行任意程式碼或造成阻斷服務。 (CAN-2004-0688) VU#331694 - 蘋果電腦的 Mac OS X chpass/chfn/chsh 工具並沒有適當地驗證外部程式 Mac OS X 的目錄服務工具並沒有適當地驗證外部程式的程式碼路徑，潛在地使得區域攻擊者執行任意程式碼。(CAN-2004-1335) VU#582934 - 蘋果電腦的 Mac OS X Foundation framework 經由不正確地處裡環境變數而產生衝區溢位 Mac OS Xs Foundation Frameworks 處裡環境變數意有緩衝區溢位，這可能會導致權限的提升。(CAN-2004-1336) VU#706838 - 蘋果電腦的 Mac OS X vpnd 伺服程式有緩衝區溢位 Mac OS X 在 vpnd 中包含一個緩衝區溢位漏洞，這會使得區域未授權的攻擊者以管理者權限執行任意程式碼。(CAN-2004-1343) VU#258390 - 擁有藍芽支援的 Apple Mac OS X 可以交換檔案而不用輸入使用者擁有藍芽支援的 Apple Mac OS X 可能預設不經意地與其他系統交換檔案。 (CAN-2004 - -1332) VU#354486 - Apple Mac OS X Server Netinfo 安裝工具不能驗證命令列參數 Apple Mac OS X Server NeST 工具包含在處裡命令列參數時有漏洞，這會使得攻擊者執行任意程式碼。(CAN-2004-0594) Apple 安全更新 2005-005 描述了上述沒有的額外漏洞，當進一步可以取得，我們將會發佈各別的弱點編號。 ──── 影響平台 ─────────────────────────────── Mac OS X 10.3.9 版本 (Panther) 和 Mac OS X Server 10.3.9 版本 ──── 修正方式 ─────────────────────────────── 安裝更新程式安裝在 Apple 安全更新 2005-005 所描述的更新程式 ──── 影響結果 ─────────────────────────────── 個別漏洞的影響請參考弱點編號，潛在的結果包含任意程式碼或指令的遠端執行,敏感資訊的洩露和阻斷服務。 ──── 聯絡TWCERT/CC ───────────────────────────── Tel: 886-7-5250211 FAX: 886-7-5250212 886-2-23563303 886-2-23924082 Email: twcert@cert.org.tw URL: http://www.cert.org.tw/ PGP key: http://www.cert.org.tw/eng/pgp.htm ──────────────────────────────────────── 附件：[ Apple Mac OS X is affected by multiple vulnerabilities Precedence: list] ──── 原文 ───────────────────────────────── Hash: SHA1 Technical Cyber Security Alert TA05-136A Apple Mac OS X is affected by multiple vulnerabilities Original release date: May 16, 2005 Last revised: -- Source: US-CERT Systems Affected Mac OS X version 10.3.9 (Panther) and Mac OS X Server version 10.3.9 Overview Apple has released Security Update 2005-005 to address multiple vulnerabilities affecting Mac OS X and Mac OS X Server. The most serious of these vulnerabilities may allow a remote attacker to execute arbitrary code. Impacts of other vulnerabilities addressed by the update include disclosure of information and denial of service. I. Description Apple Security Update 2005-005 resolves a number of vulnerabilities affecting Mac OS X and OS X Server. Further details are available in the following Vulnerability Notes: VU#356070 - Apple Terminal fails to properly sanitize input for x-man-page URI Apple Terminal on Mac OS X fails to sanitize x-man-page URIs, allowing a remote attacker to execute arbitrary commands. (CAN-2005-1342) VU#882750 - libXpm image library vulnerable to buffer overflow libXpm image parsing code contains a buffer-overflow vulnerability that may allow a remote attacker execute arbitrary code or cause a denial-of-service condition. (CAN-2004-0687) VU#125598 - LibTIFF vulnerable to integer overflow via corrupted directory entry count An integer overflow in LibTIFF may allow a remote attacker to execute arbitrary code. (CAN-2004-1308) VU#539110 - LibTIFF vulnerable to integer overflow in the TIFFFetchStrip() routine An integer overflow in LibTIFF may allow a remote attacker to execute arbitrary code. (CAN-2004-1307) VU#537878 - libXpm library contains multiple integer overflow vulnerabilities libXpm contains multiple integer-overflow vulnerabilities that may allow a remote attacker execute arbitrary code or cause a denial-of-service condition. (CAN-2004-0688) VU#331694 - Apple Mac OS X chpass/chfn/chsh utilities do not properly validate external programs Mac OS X Directory Service utilities do not properly validate code paths to external programs, potentially allowing a local attacker to execute arbitrary code. (CAN-2004-1335) VU#582934 - Apple Mac OS X Foundation framework vulnerable to buffer overflow via incorrect handling of an environmental variable A buffer overflow in Mac OS Xs Foundation Frameworks processing of environment variables may lead to elevated privileges. (CAN-2004-1336) VU#706838 - Apple Mac OS X vulnerable to buffer overflow via vpnd daemon Apple Mac OS X contains a buffer overflow in vpnd that could allow a local, authenticated attacker to execute arbitrary code with root privileges. (CAN-2004-1343) VU#258390 - Apple Mac OS X with Bluetooth enabled may allow file exchange without prompting users Apple Mac OS X with Bluetooth support may unintentionally allow files to be exchanged with other systems by default. (CAN-2004-1332) VU#354486 - Apple Mac OS X Server Netinfo Setup Tool fails to validate command line parameters Apple Mac OS X Server NeST tool contains a vulnerability in the processing of command line arguments that could allow a local attacker to execute arbitrary code. (CAN-2004-0594) Please note that Apple Security Update 2005-005 addresses additional vulnerabilities not described above. As further information becomes available, we will publish individual Vulnerability Notes. II. Impact The impacts of these vulnerabilities vary, for information about specific impacts please see the Vulnerability Notes. Potential consequences include remote execution of arbitrary code or commands, disclosure of sensitive information, and denial of service. III. Solution Install an Update Install the update as described in Apple Security Update 2005-005. Appendix A. References * US-CERT Vulnerability Note VU#582934 - <http://www.kb.cert.org/vuls/id/582934> * US-CERT Vulnerability Note VU#258390 - <http://www.kb.cert.org/vuls/id/258390> * US-CERT Vulnerability Note VU#331694 - <http://www.kb.cert.org/vuls/id/331694> * US-CERT Vulnerability Note VU#706838 - <http://www.kb.cert.org/vuls/id/706838> * US-CERT Vulnerability Note VU#539110 - <http://www.kb.cert.org/vuls/id/539110> * US-CERT Vulnerability Note VU#354486 - <http://www.kb.cert.org/vuls/id/354486> * US-CERT Vulnerability Note VU#882750 - <http://www.kb.cert.org/vuls/id/882750> * US-CERT Vulnerability Note VU#537878 - <http://www.kb.cert.org/vuls/id/537878> * US-CERT Vulnerability Note VU#125598 - <http://www.kb.cert.org/vuls/id/125598> * US-CERT Vulnerability Note VU#356070 - <http://www.kb.cert.org/vuls/id/356070> * Apple Security Update 2005-005 - <http://docs.info.apple.com/article.html?artnum=301528> _________________________________________________________________ These vulnerabilities were discovered by several people and reported in Apple Security Update 2005-005. Please see the Vulnerability Notes for individual reporter acknowledgements. _________________________________________________________________ Feedback can be directed to the authors: Jeffrey Gennari and Jason Rafail. _________________________________________________________________ Copyright 2005 Carnegie Mellon University. Terms of use Revision History May 16, 2005: Initial release Last updated May 16, 2005 -----BEGIN PGP SIGNATURE----- Version: PGP 7.0.4 iQEVAwUBQov4dKcyQYefg2/NAQElKwgAiIM/DEN/QcdMOm+3sDtqyDWhOSKviE/8 0BIv3/DHLU0voizdMG8jbe7qyWYWFYTbk0CINL++X0R+s1oFWfupw3kpU36Swpyx DhZ7fMM5oJZ2aHdRWsy5OZRkNo1+iB+y5P+QIaxEzySOR9jiVNZPq7oIdSGTP7xl fttD0tPQl1c905SuHLpqvMQRtbzZxc+qlQADILmJ4M/EllUx5IdEX/3sGzCsvpTd fKevxLfWIktc1JQc9u7lXfbSlkPBymOeixarbZsSYGGLkNVhkwQ6CdKfIkHdjej4 iPf0DicEoGiOLSClCqP4zkvmfa2ouYpAANBXz03kOSs+43BpRv9wfg== =Gsm6 -----END PGP SIGNATURE----- -- Taiwan Computer Emergency Response Team Security Advisory mailing list. Mail to : Majordomo@cert.org.tw and include a line "subscribe advisory". Please visit http://www.cert.org.tw/. PGP key : http://www.cert.org.tw/eng/pgp.htm