SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Apple Dashboard Vendors:   Apple
Mac OS X Dashboard Lets Remote Users Install Widgets Without a Warning Dialog
SecurityTracker Alert ID:  1014012
SecurityTracker URL:  http://securitytracker.com/id/1014012
CVE Reference:   CVE-2005-1474   (Links to External Site)
Date:  May 20 2005
Impact:   Modification of system information
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in the Apple Mac OS X Dashboard. A remote user can bypass a download warning dialog to install potentially malicious Dashboard widgets.

A remote user can create specially crafted HTML that, when loaded by the target user, will download and install arbitrary widgets via Apple Safari without presenting the target user with the Safe Download Validation warning dialog.

Impact:   A remote user can can cause potentially malicious Dashboard widgets to be installed without warning.
Solution:   Apple has released a fix as part opf Mac OS X 10.4.1.

Mac OS X v10.4.1 may be obtained from the Software Update pane in
System Preferences, or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/

For Mac OS X v10.4
The download file is named: "MacOSXUpdate10.4.1.dmg"
Its SHA-1 digest is: 7f4e0af21fff6cb80d271ccd9278637c660b51ad

For Mac OS X Server v10.4
The download file is named: "MacOSXSvrUpdate10.4.1.dmg"
Its SHA-1 digest is: bf311da7dd3cc3f039ed9188412f8eaa994a4650

Information on removing Dashboard widgets is available at:

http://docs.info.apple.com/article.html?artnum=301629

Vendor URL:  docs.info.apple.com/article.html?artnum=301630 (Links to External Site)
Cause:   Access control error, State error
Underlying OS:  UNIX (macOS/OS X)
Underlying OS Comments:  10.4

Message History:   This archive entry has one or more follow-up message(s) listed below.
Jul 12 2005 (Vendor Issues Fix) Mac OS X Dashboard Lets Remote Users Install Widgets Without a Warning Dialog
Apple has issued a fix as part of 10.4.2 update.



 Source Message Contents

Subject:  APPLE-SA-2005-05-19 Mac OS X v10.4.1


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2005-05-19 Mac OS X v10.4.1

Mac OS X v10.4.1 is now available and delivers the following security
enhancements:

Bluetooth
Available for:  Mac OS X v10.4, Mac OS X Server v10.4
CVE-ID:  CAN-2005-1333
Impact:  Directory traversal via Bluetooth file and object exchange
Description:  Due to insufficient input checking, the Bluetooth file
and object exchange services could be used to access files outside of
the default file exchange directory.  This update addresses the issue
by adding enhanced filtering for path-delimiting characters. Credit
to kf_lists[at]digitalmunition[dot]com for reporting this issue.

Dashboard
CVE-ID:  CAN-2005-1474
Available for:  Mac OS X v10.4, Mac OS X Server v10.4
Impact:  Malicious websites can download and install widgets via
Safari without the Safe Download Validation warning
Description:  This update blocks the automatic installation of
Dashboard widgets.  Mac OS X's Safe Download Validation warning is
enabled, requiring user approval before a Dashboard widget is
installed by Safari.  This issue does not affect Mac OS X versions
prior to 10.4.  Further information on removing Dashboard widgets
that you have installed is available from this article:
http://docs.info.apple.com/article.html?artnum=301629

Kernel
CVE-ID:  CAN-2005-1472
Available for:  Mac OS X v10.4, Mac OS X Server v10.4
Impact:  Users can discover the names of files placed in normally
unsearchable places
Description:  Two system calls designed to allow efficient searching
of filesystem objects incorrectly checked the permissions on
enclosing directories and would reveal the names of files.  The
incorrect checking only occurred for directories without the POSIX
read, but with the POSIX execute bits set for group and other.  In
practice this issue only affects files stored in users ~/Public/Drop
Box.  This update addresses the issue by correctly honoring the POSIX
permission bits on directories.  Credit to John M. Glenn of San
Francisco for reporting this issue.

Kernel
CVE ID:  CAN-2005-0974  CERT: VU#713614
Available for: Mac OS X v10.4, Mac OS X Server v10.4
Impact:  Local system users can cause a local denial of service
Description:  A vulnerability in the nfs_mount() call due to
insufficient checks on input values could allow unprivileged local
users to create a denial of service via a kernel panic.

SecurityAgent
CVE-ID:  CAN-2005-1473
Available for:  Mac OS X v10.4, Mac OS X Server v10.4
Impact:  Users with physical access to a system with a locked
screensaver can start background applications
Description:  A contextual menu feature in Mac OS X 10.4 allows URLs
to be opened from a text input field.  This could be used to launch
an application behind a locked screensaver window.  This update
addresses the issue by removing the contextual menu from screensaver
text input fields.

Mac OS X v10.4.1 may be obtained from the Software Update pane in
System Preferences, or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/

For Mac OS X v10.4
The download file is named:  "MacOSXUpdate10.4.1.dmg"
Its SHA-1 digest is:  7f4e0af21fff6cb80d271ccd9278637c660b51ad

For Mac OS X Server v10.4
The download file is named:  "MacOSXSvrUpdate10.4.1.dmg"
Its SHA-1 digest is:  bf311da7dd3cc3f039ed9188412f8eaa994a4650

Information will also be posted to the Apple Product Security
web site:
http://docs.info.apple.com/article.html?artnum=61798

This message is signed with Apple's Product Security PGP key,
and details are available at:
http://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQEVAwUBQo0amoHaV5ucd/HdAQLHMAgAjRkX8+OfCJ/qeXzJ+XixNa5c2rYktzCM
etI9mBjEU3plouTkA7zP49F9+BSYaYilRZDFLwGrkGNBMrB9evcYUCAQuVQiFFV2
n+aRAgYGgTXv2IGbxf6//DTAeipzOT9WwzmzILXeNM69uRj8TMHl2v7ooDmIDSSK
ke28UlZ9RpGPwUDwJ8clkJQZPvsIWllnsdZM2nQfR6PqVs3r8QLIMrcTcTAVMrr0
jUknS3CAUeiWNBnURDslDp5L+tQs9CCYTAhiS+nGIcfhha5dda+J/La7RB1wlNep
PatMFO+E7v4/zlV7ALuPrYvT16I78QypdZScahy/4fXTrMKg1DZOWQ==
=Dvj/
-----END PGP SIGNATURE-----

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list      (Security-announce@lists.apple.com)

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC