SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (UNIX)  >   Apple macOS/OS X Vendors:   Apple
Mac OS X Heap Overflow in PCRE Library Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1018488
SecurityTracker URL:  http://securitytracker.com/id/1018488
CVE Reference:   CVE-2007-3742, CVE-2007-3944   (Links to External Site)
Date:  Aug 1 2007
Impact:   Execution of arbitrary code via network, Modification of user information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 10.3.9, 10.4.10
Description:   A vulnerability was reported in Mac OS X. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can spoof a site URL.

A remote user can create specially crafted HTML that, when loaded by the target user, will trigger a heap overflow in the Perl Compatible Regular Expressions (PCRE) library used by the Safari JavaScript engine and execute arbitrary code on the target system [CVE-2007-3944]. The code will run with the privileges of the target user.

Apple credits Charlie Miller and Jake Honoroff of Independent Security Evaluators with reporting these vulnerabilities.

A remote user can create a specially crafted URL containing International Domain Name (IDN) support and Unicode fonts that, when loaded by the target user, will direct the user to a spoofed site [CVE-2007-3742].

Apple credits Tomohito Yoshino of Business Architects Inc. with reporting this vulnerability.

Impact:   A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system or spoof the user interface.

A remote user can spoof a site URL.

Solution:   Apple has issued a fix as part of Security Update 2007-007, available from the Software Update pane in System Preferences, or Apple's Software Downloads web site at:

http://www.apple.com/support/downloads/

For Mac OS X v10.4.10 (Universal)
The download file is named: "SecUpd2007-007Univ.dmg"
Its SHA-1 digest is: 8ef20aa2fbeb81716a20565e7b0b5116f79f4ab5

For Mac OS X v10.4.10 (PowerPC)
The download file is named: "SecUpd2007-007Ti.dmg"
Its SHA-1 digest is: 43e774881f314ed0feb1302da30a14a72fdfa740

For Mac OS X v10.3.9
The download file is named: "SecUpd2007-007Pan.dmg"
Its SHA-1 digest is: 8576955e1a4574d5cb2eb0721b130a22919e6b62

For Mac OS X Server v10.4.10 (Universal)
The download file is named: "SecUpdSrvr2007-007Universal.dmg"
Its SHA-1 digest is: 6a07dd5c4af3e7c371600e1759a98f5bb8b76b33

For Mac OS X Server v10.4.10 (PowerPC)
The download file is named: "SecUpdSrvr2007-007Ti.dmg"
Its SHA-1 digest is: 9bc897a174f2aeddfa21603bb15366c883162d48

For Mac OS X Server v10.3.9
The download file is named: "SecUpdSrvr2007-007Pan.dmg"
Its SHA-1 digest is: e27cdd6b78309cffdbf6f88ad2c0ff4ad0cfaf21

The Apple advisory is available at:

http://docs.info.apple.com/article.html?artnum=306172

Vendor URL:  docs.info.apple.com/article.html?artnum=306172 (Links to External Site)
Cause:   Boundary error, Input validation error

Message History:   This archive entry has one or more follow-up message(s) listed below.
Aug 1 2007 (Apple Issues Fix for iPhone) Mac OS X Heap Overflow in PCRE Library Lets Remote Users Execute Arbitrary Code
Apple has released a fix for iPhone.
Aug 1 2007 (Apple Issues Fix for Safari) Mac OS X Heap Overflow in PCRE Library Lets Remote Users Execute Arbitrary Code
Apple has released a fix for Safari.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC