SecurityTracker.com Archives - Mac OS X Heap Overflow in PCRE Library Lets Remote Users Execute Arbitrary Code

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

SecurityTracker
Archives

Sign Up

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Affiliates

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Partners

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: OS (UNIX) > Mac OS X

Vendors: Apple Computer

Mac OS X Heap Overflow in PCRE Library Lets Remote Users Execute Arbitrary Code

SecurityTracker Alert ID: 1018488

SecurityTracker URL: http://securitytracker.com/id?1018488

CVE Reference: CVE-2007-3742 , CVE-2007-3944 (Links to External Site)

Date: Aug 1 2007

Impact: Execution of arbitrary code via network, Modification of user information, User access via network

Fix Available: Yes Vendor Confirmed: Yes

Advisory: Apple Security Advisory

Version(s): 10.3.9, 10.4.10

Description: A vulnerability was reported in Mac OS X. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can spoof a site URL.

A remote user can create specially crafted HTML that, when loaded by the target user, will trigger a heap overflow in the Perl Compatible Regular Expressions (PCRE) library used by the Safari JavaScript engine and execute arbitrary code on the target system [CVE-2007-3944]. The code will run with the privileges of the target user.

Apple credits Charlie Miller and Jake Honoroff of Independent Security Evaluators with reporting these vulnerabilities.

A remote user can create a specially crafted URL containing International Domain Name (IDN) support and Unicode fonts that, when loaded by the target user, will direct the user to a spoofed site [CVE-2007-3742].

Apple credits Tomohito Yoshino of Business Architects Inc. with reporting this vulnerability.

Impact: A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system or spoof the user interface.

A remote user can spoof a site URL.

Solution: Apple has issued a fix as part of Security Update 2007-007, available from the Software Update pane in System Preferences, or Apple's Software Downloads web site at:

http://www.apple.com/support/downloads/

For Mac OS X v10.4.10 (Universal)
The download file is named: "SecUpd2007-007Univ.dmg"
Its SHA-1 digest is: 8ef20aa2fbeb81716a20565e7b0b5116f79f4ab5

For Mac OS X v10.4.10 (PowerPC)
The download file is named: "SecUpd2007-007Ti.dmg"
Its SHA-1 digest is: 43e774881f314ed0feb1302da30a14a72fdfa740

For Mac OS X v10.3.9
The download file is named: "SecUpd2007-007Pan.dmg"
Its SHA-1 digest is: 8576955e1a4574d5cb2eb0721b130a22919e6b62

For Mac OS X Server v10.4.10 (Universal)
The download file is named: "SecUpdSrvr2007-007Universal.dmg"
Its SHA-1 digest is: 6a07dd5c4af3e7c371600e1759a98f5bb8b76b33

Fo r Mac OS X Server v10.4.10 (PowerPC)
The download file is named: "SecUpdSrvr2007-007Ti.dmg"
Its SHA-1 digest is: 9bc897a174f2aeddfa21603bb15366c883162d48

For Mac OS X Server v10.3.9
The download file is named: "SecUpdSrvr2007-007Pan.dmg"
Its SHA-1 digest is: e27cdd6b78309cffdbf6f88ad2c0ff4ad0cfaf21

The Apple advisory is available at:

http://docs.info.apple.com/article.html?artnum=306172

Vendor URL: docs.info.apple.com/article.html?artnum=306172 (Links to External Site)

Cause: Boundary error, Input validation error

Underlying OS: UNIX (Mac OS X)

Message History: This archive entry has one or more follow-up message(s) listed below.

Aug 1 2007	(Apple Issues Fix for iPhone) Mac OS X Heap Overflow in PCRE Library Lets Remote Users Execute Arbitrary Code (Apple Product Security <product-security-noreply@lists.apple.com>) Apple has released a fix for iPhone.
Aug 1 2007	(Apple Issues Fix for Safari) Mac OS X Heap Overflow in PCRE Library Lets Remote Users Execute Arbitrary Code (Apple Product Security <product-security-noreply@lists.apple.com>) Apple has released a fix for Safari.

Source Message Contents

Date: Tue, 31 Jul 2007 20:58:28 -0400
Subject: Mac OS X WebKit

 
 
Safari & WebKit
 
CVE-ID: CVE-2007-3944
 
Available for: iPhone v1.0
Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9,
Mac OS X v10.4.10, Mac OS X Server v10.4.10
 
Impact: Viewing a maliciously crafted web page may lead to arbitrary
code execution
 
Description: Heap buffer overflows exist in the Perl Compatible
Regular Expressions (PCRE) library used by the JavaScript engine in
Safari. By enticing a user to visit a maliciously crafted web page,
an attacker may trigger the issues, which may lead to arbitrary code
execution. This update addresses the issues by performing additional
validation of JavaScript regular expressions. Credit to Charlie
Miller and Jake Honoroff of Independent Security Evaluators for
reporting these issues.
 
 
WebKit
CVE-ID: CVE-2007-3742
Available for: iPhone v1.0
Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9,
Mac OS X v10.4.10, Mac OS X Server v10.4.10
 
Impact: Look-alike characters in a URL could be used to masquerade a
website
 
Description: The International Domain Name (IDN) support and Unicode
fonts embedded in Safari could be used to create a URL which contains
look-alike characters. These could be used in a malicious web site to
direct the user to a spoofed site that visually appears to be a
legitimate domain. This update addresses the issue by through an
improved domain name validity check. Credit to Tomohito Yoshino
of Business Architects Inc. for reporting this issue.

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us | Help
Copyright 2007, SecurityGlobal.net LLC