Apple iChat Server Stack Overflow and Use-After-Free Bugs Let Remote Authenticated Users Execute Arbitrary Code - SecurityTracker

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (Instant Messaging/IRC/Chat) > iChat

Vendors: Apple Computer

Apple iChat Server Stack Overflow and Use-After-Free Bugs Let Remote Authenticated Users Execute Arbitrary Code

SecurityTracker Alert ID: 1023762

SecurityTracker URL: http://securitytracker.com/id/1023762

CVE Reference: CVE-2010-0502, CVE-2010-0503, CVE-2010-0504 (Links to External Site)

Date: Mar 29 2010

Impact: Execution of arbitrary code via network, Modification of system information, User access via network

Fix Available: Yes Vendor Confirmed: Yes

Description: Several vulnerabilities were reported in iChat Server. A remote authenticated user can execute arbitrary code on the target system. Some chat messages may not be logged.

A remote authenticated user can send specially crafted data to trigger a use-after-free memory access error and execute arbitrary code on the target system [CVE-2010-0503]. The code will run with the privileges of the target user.

A remote authenticated user can send specially crafted data to trigger a stack overflow and execute arbitrary code on the target system [CVE-2010-0504]. The code will run with the privileges of the target user. Versions 10.6 or later are not affected. Only Mac OS X Server systems are affected.

The server only logs certain group chat messages with certain message types [CVE-2010-0502]. A remote user may be able to send a message through the server without being logged. Only Mac OS X Server systems are affected.

Impact: A remote authenticated user can execute arbitrary code on the target system.

A remote user may be able to send a message through the server without being logged.

Solution: The vendor has issued a fix as part of Security Update 2010-002 / Mac OS X v10.6.3, available from the Software Update pane in System Preferences, or Apple's Software Downloads web site at:

http://www.apple.com/support/downloads/

The Software Update utility will present the update that applies to your system configuration. Only one is needed, either Security Update 2010-002 or Mac OS X v10.6.3.

For Mac OS X v10.6.2
The download file is named: MacOSXUpd10.6.3.dmg
Its SHA-1 digest is: d3a310c02fcd8199fe55b11c801659974b3d3ab3

For Mac OS X v10.6 and v10.6.1
The download file is named: MacOSXUpdCombo10.6.3.dmg
Its SHA-1 digest is: 72c12635cf83ab6fe028ddf81b0af7357853f736

For Mac OS X Server v10.6.2
The download file is named: MacOSXServerUpd10.6.3.dmg
Its SHA-1 digest is: 7375540ba74774a93551c0a2281b3f661bb57608

For Mac OS X Server v10.6 and v10.6.1
The download file is named: MacOSXServerUpdCombo10.6.3.dmg
Its SHA-1 digest is: 1c844309397f6cf54dc928a2fc57835865c0a768

For Mac OS X v10.5.8
The download file is named: SecUpd2010-002Leo.dmg
Its SHA-1 digest is: 4f5f212c09f8275a0593b826c226875d2a48e0a6

For Mac OS X Server v10.5.8
The download file is named: SecUpdSrvr2010-002Leo.dmg
Its SHA-1 digest is: 7a5f9d9580c98dcaf2a21bad4877bb16acf500b0

The vendor's advisory is available at:

http://support.apple.com/kb/HT4077

Vendor URL: support.apple.com/kb/HT4077 (Links to External Site)

Cause: Access control error, Boundary error, State error

Underlying OS: UNIX (OS X)

Message History: None.

Source Message Contents

Date: Mon, 29 Mar 2010 23:13:27 +0000
Subject: Apple iChat


APPLE-SA-2010-03-29-1 Security Update 2010-002 / Mac OS X v10.6.3

iChat Server
CVE-ID:  CVE-2010-0502
Available for:  Mac OS X Server v10.5.8,
Mac OS X Server v10.6 through v10.6.2
Impact:  Chat messages may not be logged
Description:  A design issue exists in iChat Server's support for
configurable group chat logging. iChat Server only logs messages with
certain message types. This may allow a remote user to send a message
through the server without it being logged. The issue is addressed by
removing the capability to disable group chat logs, and logging all
messages that are sent through the server. This issue only affects
Mac OS X Server systems. Credit: Apple.

iChat Server
CVE-ID:  CVE-2010-0503
Available for:  Mac OS X Server v10.5.8
Impact:  An authenticated user may be able to cause an unexpected
application termination or arbitrary code execution
Description:  A use-after-free issue exists in iChat Server. An
authenticated user may be able to cause an unexpected application
termination or arbitrary code execution. This issue is addressed
through improved memory reference tracking. This issue only affects
Mac OS X Server systems, and does not affect versions 10.6 or later.

iChat Server
CVE-ID:  CVE-2010-0504
Available for:  Mac OS X Server v10.5.8,
Mac OS X Server v10.6 through v10.6.2
Impact:  An authenticated user may be able to cause an unexpected
application termination or arbitrary code execution
Description:  Multiple stack buffer overflow issues exist in iChat
Server. An authenticated user may be able to cause an unexpected
application termination or arbitrary code execution. These issues are
addressed through improved memory management. These issues only
affect Mac OS X Server systems. Credit: Apple.

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
Copyright 2013, SecurityGlobal.net LLC