SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


Try our Premium Alert Service
 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service





Category:   OS (UNIX)  >   Apple macOS/OS X Vendors:   Apple
Apple OS X File Parsing Error Lets Local Users Deny Service
SecurityTracker Alert ID:  1013735
SecurityTracker URL:  http://securitytracker.com/id/1013735
CVE Reference:   CVE-2005-0975   (Links to External Site)
Date:  Apr 16 2005
Impact:   Denial of service via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 10.3.9
Description:   A vulnerability was reported in Apple OS X. A local user can cause temporary denial of service conditions.

The kernel does not properly parse certain executable files. A local user can create a specially crafted file that, when processed by the kernel, a local user can temporarily suspend system operations.

The vendor credits Neil Archibald with reporting this vulnerability.

Impact:   A local user can temporarily suspend system operations.
Solution:   Apple has issued a fix as part of Mac OS X 10.3.9, available via the Software Update pane in System Preferences, or Apple's Software Downloads web site at:

http://www.apple.com/support/downloads/

For Mac OS X v10.3.9
If updating from Mac OS X v10.3.8:
The download file is named: "MacOSXUpdate10.3.9.dmg"
Its SHA-1 digest is: 94ca918ce07f7318488cb5d3a0c754bb3a8c7b07

For Mac OS X v10.3.9
If updating from Mac OS X v10.3 to v10.3.7:
The download file is named: "MacOSXUpdateCombo10.3.9.dmg"
Its SHA-1 digest is: f74f7e76e7a04ec623046934980edbba8c4798c4

For Mac OS X Server v10.3.9
If updating from Mac OS X Server v10.3.8:
The download file is named: "MacOSXServerUpdate10.3.9.dmg"
Its SHA-1 digest is: 2a7ac87fa36f5883f1ccb8ef5ab83b2e840896bc

For Mac OS X Server v10.3.9
If updating from Mac OS X Server v10.3 to v10.3.7:
The download file is named: "MacOSXSrvrUpdCombo10.3.9.dmg"
Its SHA-1 digest is: 17d125118ca3b278b7558488364d0aacaf826dbd

Vendor URL:  docs.info.apple.com/article.html?artnum=301327 (Links to External Site)
Cause:   Exception handling error

Message History:   None.


 Source Message Contents

Subject:  APPLE-SA-2005-04-15 Mac OS X v10.3.9


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2005-04-15 Mac OS X v10.3.9

Mac OS X v10.3.9 and Mac OS X Server v10.3.9 are now available and
deliver the following security enhancements:

Kernel
CVE ID:  CAN-2005-0969
Impact:  A kernel input validation issue can lead to a local denial
of service
Description:  The Kernel contains syscall emulation functionality
that was never used in Mac OS X.  Insufficient validation of an input
parameter list could result in a heap overflow and a local denial of
service through a kernel panic.  The issue is addressed by removing
the syscall emulation functionality.  Credit to Dino Dai Zovi for
reporting this issue.

Kernel
CVE ID:  CAN-2005-0970
Impact:  Permitting SUID/SGID scripts to be installed could lead to
privilege escalation.
Description:  Mac OS X inherited the ability to run SUID/SGID scripts
from FreeBSD.  Apple does not distribute any SUID/SGID scripts, but
the system would allow them to be installed or created.  This update
removes the ability of Mac OS X to run SUID/SGID scripts.  Credit to
Bruce Murphy of rattus.net and Justin Walker for reporting this
issue.

Kernel
CVE ID:  CAN-2005-0971
CERT:  VU#212190
Impact:  A Kernel stack overflow in the semop() system call could
lead to a local privilege escalation.
Description:  The incorrect handling of system call arguments could
be used to obtain elevated privileges.  This update includes a fix to
check access to the kernel object.

Kernel
CVE ID:  CAN-2005-0972
CERT:  VU#185702
Impact:  An integer overflow in the searchfs() system call could
allow an unprivileged local user to execute arbitrary code with
elevated privileges
Description:  The searchfs() system call contains an integer overflow
vulnerability that could allow an unprivileged local user to execute
arbitrary code with elevated privileges.  This update adds input
validation on the parameters passed to searchfs() to correct the
issue.

Kernel
CVE ID:  CAN-2005-0973
Impact:  Local system users can cause a system resource starvation
Description:  A vulnerability in the handling of values passed to the
setsockopt() call could allow unprivileged local users to exhaust
available memory.  Credit to Robert Stump <rds3792@cs.rit.com> for
reporting this issue.

Kernel
CVE ID:  CAN-2005-0974
CERT:  VU#713614
Impact:  Local system users can cause a local denial of service
Description:  A vulnerability in the nfs_mount() call due to
insufficient checks on input values could allow unprivileged local
users to create a denial of service via a kernel panic.

Kernel
CVE ID:  CAN-2005-0975
Impact:  Local system users can cause a temporary interruption of
system operation
Description:  A vulnerability in the parsing of certain executable
files could allow unprivileged local users to temporarily suspend
system operations.  Credit to Neil Archibald for reporting this
issue.

Safari
CVE ID:  CAN-2005-0976
Impact:  Remote sites could cause html and javascript to run in the
local domain.
Description:  This update closes a vulnerability that allowed remote
websites to load javascript to execute in the local domain.  Credit
to David Remahl for reporting this issue.

Note:  It is Apple's standard practice to provide security fixes via
a Security Update.  On occasion, when a security fix is required to a
core system component such as the Kernel, it will be released in a
Software Update.

Mac OS X v10.3.9 and Mac OS X Server v10.3.9 may be obtained from the
Software Update pane in System Preferences, or Apple's Software
Downloads web site: http://www.apple.com/support/downloads/

For Mac OS X v10.3.9
If updating from Mac OS X v10.3.8:
The download file is named:  "MacOSXUpdate10.3.9.dmg"
Its SHA-1 digest is:  94ca918ce07f7318488cb5d3a0c754bb3a8c7b07

For Mac OS X v10.3.9
If updating from Mac OS X v10.3 to v10.3.7:
The download file is named:  "MacOSXUpdateCombo10.3.9.dmg"
Its SHA-1 digest is:  f74f7e76e7a04ec623046934980edbba8c4798c4

For Mac OS X Server v10.3.9
If updating from Mac OS X Server v10.3.8:
The download file is named:  "MacOSXServerUpdate10.3.9.dmg"
Its SHA-1 digest is:  2a7ac87fa36f5883f1ccb8ef5ab83b2e840896bc

For Mac OS X Server v10.3.9
If updating from Mac OS X Server v10.3 to v10.3.7:
The download file is named:  "MacOSXSrvrUpdCombo10.3.9.dmg"
Its SHA-1 digest is:  17d125118ca3b278b7558488364d0aacaf826dbd

Information will also be posted to the Apple Product Security
web site:
http://docs.info.apple.com/article.html?artnum=61798

This message is signed with Apple's Product Security PGP key,
and details are available at:
http://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQEVAwUBQmAk3Zyw5owIz4TQAQIx8gf/XNQ+PrURNg0sdQsTEhxoz/9z1xnwXcHY
A8mSrx3eGUpfwGGJFoF13R18bzSuhqO60ldbdOGCU8mgHHBbFQBWONsejttb6TIe
79vczBVMf6ZbpSXUQLCLnsXjgiwfQMMQ+bVrQCfwg4KBeyd+Fb48DxQr1YBLlHY0
bznupfN3O6+ERlpFRV/A9TCFkHQ8gu0pbJlLBVb+ZJA1Jyzo54pN/W/uVYmnywkt
an+0q067+RpNDEGXjTNoCROeUIWs3vwGiA1f1Bt3xfeXDTTECJwHIxUpPLmYB91u
g3NUEPqy6B/7QG4PNvwTPFkRntM4Gh//XpfXM1/n5W4sVJK0ohpYEg==
=+WPr
-----END PGP SIGNATURE-----

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list      (Security-announce@lists.apple.com)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/security-announce/

This email sent to ***********************

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2018, SecurityGlobal.net LLC