Mac OS X CFNetwork Heap Overflow in Processing HTTP Headers Lets Remote Users Execute Arbitrary Code
|
SecurityTracker Alert ID: 1022211 |
SecurityTracker URL: http://securitytracker.com/id/1022211
|
CVE Reference:
CVE-2009-0157
(Links to External Site)
|
Date: May 13 2009
|
Impact:
Execution of arbitrary code via network, User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 10.5 - 10.5.6
|
Description:
A vulnerability was reported in Mac OS X in the CFNetwork component. A remote user can execute arbitrary code on the target system.
A remote web server can return specially crafted HTTP headers to trigger a heap overflow in CFNetwork and execute arbitrary code on the target system.
Systems prior to Mac OS X version 10.5 are not affected.
Moritz Jodeit of n.runs AG reported this vulnerability.
|
Impact:
A remote user can execute arbitrary code on the target system.
|
Solution:
The vendor has issued a fix (APPLE-SA-2009-05-12 Security Update 2009-002; and Mac OS X 10.5.7), available from the Software Update pane in System Preferences, or Apple's Software Downloads web site at:
http://www.apple.com/support/downloads/
The Software Update utility will present the update that applies
to your system configuration. Only one is needed, either
Security Update 2009-002 or Mac OS X v10.5.7.
For Mac OS X v10.5.6
The download file is named: MacOSXUpd10.5.7.dmg
Its SHA-1 digest is: 0173995ad572f2bc11d802671136e5e5c1afe116
For Mac OS X v10.5 - v10.5.5
The download file is named: MacOSXUpdCombo10.5.7.dmg
Its SHA-1 digest is: 646fd1ac31c679c6a5aebe8ac74f190ab774cd38
For Mac OS X Server v10.5.6
The download file is named: MacOSXServerUpd10.5.7.dmg
Its SHA-1 digest is: 476b1f7c0e91eb8974eee84d9ee0f064964dce6d
For Mac OS X Server v10.5 - v10.5.5
The download file is named: MacOSXServerUpdCombo10.5.7.dmg
Its SHA-1 digest is: 20230891a42cb78ca38019527b708ef1549f61ae
For Mac OS X v10.4.11 (Intel)
The download file is named: SecUpd2009-002Intel.dmg
Its SHA-1 digest is: fc0143380efaf4aa7f320d1e2a84528c8e41a000
For Mac OS X v10.4.11 (PowerPC)
The download file is named: SecUpd2009-002PPC.dmg
Its SHA-1 digest is: 9e9b69c18450a1fa81484d7366a67ae97cfc52c7
For Mac OS X Server v10.4.11 (Universal)
The download file is named: SecUpdSrvr2009-002Univ.dmg
Its SHA-1 digest is: f0048c912ae939c1b5c95db5e843b4ee6cf60c21
For Mac OS X Server v10.4.11 (PowerPC)
The download file is named: SecUpdSrvr2009-002PPC.dmg
Its SHA-1 digest is: 525d90cc0d5bc00edd3f9a44e8447492a962f571
The vendor's advisory is available at:
http://support.apple.com/kb/HT3549
|
Vendor URL: support.apple.com/kb/HT3549 (Links to External Site)
|
Cause:
Boundary error
|
|
Message History:
None.
|
Source Message Contents
|
|
[Original Message Not Available for Viewing]
|
|