SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   OS (UNIX)  >   Apple OS X Vendors:   Apple
Mac OS X Bugs Let Remote Users Intercept TLS/SSL Connections, Impersonate Domain Names, and Execute Arbitrary Code
SecurityTracker Alert ID:  1024359
SecurityTracker URL:  http://securitytracker.com/id/1024359
CVE Reference:   CVE-2010-1800, CVE-2010-1801, CVE-2010-1802, CVE-2010-1808   (Links to External Site)
Date:  Aug 24 2010
Impact:   Disclosure of user information, Execution of arbitrary code via network, Modification of system information, Modification of user information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 10.6.4 and prior version
Description:   Several vulnerabilities were reported in Mac OS X. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can intercept TLS/SSL connections. A remote user can impersonate certain domain names.

A remote user can create a specially crafted PDF file that, when loaded by the target user, will trigger a heap overflow in CoreGraphics and execute arbitrary code on the target system [CVE-2010-1801].

Rodrigo Rubira Branco from the Check Point Vulnerability Discovery Team (VDT) reported this vulnerability.

A remote user can create a document containing a specially crafted embedded font that, when viewed or downloaded, will trigger a stack overflow in Apple Type Services and execute arbitrary code on the target system [CVE-2010-1808].

A remote user with the ability to conduct man-in-the-middle attacks can redirect and intercept TLS/SSL connections to obtain user authentication credentials and potentially sensitive information [CVE-2010-1800]. Version prior to 10.6.3 are not affected. The Apple Mail application is not affected.

Tomas Bjurman of Sirius IT, Jean-Luc Giraud of Citrix, and Aaron Sigel of vtty.com reported this vulnerability.

A remote user with the ability to obtain a domain name similar to the target domain name, differing only in the last characters of the name, can impersonate hosts in the target domain [CVE-2010-1802].

Peter Speck reported this vulnerability.

Impact:   A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.

A remote user can intercept TLS/SSL connection.

A remote user can impersonate certain domain names.

Solution:   The vendor has issued a fix as part of Security Update 2010-005 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site at:

http://www.apple.com/support/downloads/

For Mac OS X v10.6.4
The download file is named: SecUpd2010-005Snow.dmg
Its SHA-1 digest is: 0f849caddd3b61383dabf423848f9f8059f4656e

For Mac OS X Server v10.6.4
The download file is named: SecUpdSrvr2010-005.dmg
Its SHA-1 digest is: 0a089a7c367ae2f38149ad1f535cc5ff078d3f15

For Mac OS X v10.5.8
The download file is named: SecUpd2010-005.dmg
Its SHA-1 digest is: 22912e8c3756c03ea7565c7689b05952bae0bb50

For Mac OS X Server v10.5.8
The download file is named: SecUpdSrvr2010-005.dmg
Its SHA-1 digest is: f2accfece4593b7a2658f65b2076c3b83227ff8c

The vendor's advisory is available at:

http://support.apple.com/kb/HT4312

Vendor URL:  support.apple.com/kb/HT4312 (Links to External Site)
Cause:   Access control error, Authentication error, Boundary error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2016, SecurityGlobal.net LLC