SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   OS (UNIX)  >   Mac OS X Vendors:   Apple Computer
Mac OS X Bugs Let Remote Users Intercept TLS/SSL Connections, Impersonate Domain Names, and Execute Arbitrary Code
SecurityTracker Alert ID:  1024359
SecurityTracker URL:  http://securitytracker.com/id/1024359
CVE Reference:   CVE-2010-1800, CVE-2010-1801, CVE-2010-1802, CVE-2010-1808   (Links to External Site)
Date:  Aug 24 2010
Impact:   Disclosure of user information, Execution of arbitrary code via network, Modification of system information, Modification of user information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 10.6.4 and prior version
Description:   Several vulnerabilities were reported in Mac OS X. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can intercept TLS/SSL connections. A remote user can impersonate certain domain names.

A remote user can create a specially crafted PDF file that, when loaded by the target user, will trigger a heap overflow in CoreGraphics and execute arbitrary code on the target system [CVE-2010-1801].

Rodrigo Rubira Branco from the Check Point Vulnerability Discovery Team (VDT) reported this vulnerability.

A remote user can create a document containing a specially crafted embedded font that, when viewed or downloaded, will trigger a stack overflow in Apple Type Services and execute arbitrary code on the target system [CVE-2010-1808].

A remote user with the ability to conduct man-in-the-middle attacks can redirect and intercept TLS/SSL connections to obtain user authentication credentials and potentially sensitive information [CVE-2010-1800]. Version prior to 10.6.3 are not affected. The Apple Mail application is not affected.

Tomas Bjurman of Sirius IT, Jean-Luc Giraud of Citrix, and Aaron Sigel of vtty.com reported this vulnerability.

A remote user with the ability to obtain a domain name similar to the target domain name, differing only in the last characters of the name, can impersonate hosts in the target domain [CVE-2010-1802].

Peter Speck reported this vulnerability.

Impact:   A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.

A remote user can intercept TLS/SSL connection.

A remote user can impersonate certain domain names.

Solution:   The vendor has issued a fix as part of Security Update 2010-005 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site at:

http://www.apple.com/support/downloads/

For Mac OS X v10.6.4
The download file is named: SecUpd2010-005Snow.dmg
Its SHA-1 digest is: 0f849caddd3b61383dabf423848f9f8059f4656e

For Mac OS X Server v10.6.4
The download file is named: SecUpdSrvr2010-005.dmg
Its SHA-1 digest is: 0a089a7c367ae2f38149ad1f535cc5ff078d3f15

For Mac OS X v10.5.8
The download file is named: SecUpd2010-005.dmg
Its SHA-1 digest is: 22912e8c3756c03ea7565c7689b05952bae0bb50

For Mac OS X Server v10.5.8
The download file is named: SecUpdSrvr2010-005.dmg
Its SHA-1 digest is: f2accfece4593b7a2658f65b2076c3b83227ff8c

The vendor's advisory is available at:

http://support.apple.com/kb/HT4312

Vendor URL:  support.apple.com/kb/HT4312 (Links to External Site)
Cause:   Access control error, Authentication error, Boundary error
Underlying OS:  

Message History:   None.


 Source Message Contents

Date:  Tue, 24 Aug 2010 21:21:07 +0000
Subject:  Apple Mac OS X


APPLE-SA-2010-08-24-1 Security Update 2010-005

CFNetwork
CVE-ID:  CVE-2010-1800
Available for:  Mac OS X v10.6.4, Mac OS X Server v10.6.4
Impact:  An attacker with a privileged network position may intercept
user credentials or other sensitive information
Description:  CFNetwork permits anonymous TLS/SSL connections. This
may allow a man-in-the-middle attacker to redirect connections and
intercept user credentials or other sensitive information. This issue
does not affect the Mail application. This issue is addressed by
disabling anonymous TLS/SSL connections. This issue does not affect
systems prior to Mac OS X v10.6.3. Credit to Tomas Bjurman of Sirius
IT, Jean-Luc Giraud of Citrix, and Aaron Sigel of vtty.com for
reporting this issue.

CoreGraphics
CVE-ID:  CVE-2010-1801
Available for:  Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6.4, Mac OS X Server v10.6.4
Impact:  Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description:  A heap buffer overflow exists in CoreGraphics' handling
of PDF files. Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution. This
issue is addressed through improved bounds checking. Credit to
Rodrigo Rubira Branco from the Check Point Vulnerability Discovery
Team (VDT) for reporting this issue.

libsecurity
CVE-ID:  CVE-2010-1802
Available for:  Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6.4, Mac OS X Server v10.6.4
Impact:  An attacker in a privileged network position who can obtain
a domain name that differs only in the last characters from the name
of a legitimate domain may impersonate hosts in that domain
Description:  An issue exists in the handling of certificate host
names. For host names containing three or more components, the last
characters are not properly compared. In the case of a name
containing exactly three components, only the last character is not
checked. For example, if an attacker in a privileged network position
could obtain a certificate for www.example.con the attacker can
impersonate www.example.com. This issue is addressed through improved
handling of certificate host names. Credit to Peter Speck for
reporting this issue.

ATS
CVE-ID:  CVE-2010-1808
Available for:  Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6.4, Mac OS X Server v10.6.4
Impact:  Viewing or downloading a document containing a maliciously
crafted embedded font may lead to arbitrary code execution
Description:  A stack buffer overlow exists in Apple Type Services'
handling of embedded fonts. Viewing or downloading a document
containing a maliciously crafted embedded font may lead to arbitrary
code execution. This issue is addressed through improved bounds
checking.

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2014, SecurityGlobal.net LLC