※ 本文转录自 [Lan] 信箱 作者: [email protected] (TWCERT/CC Fellows) 标题: 【TWCERT/CC安全通报】 TW-CA-2005-059-[TA05-136 时间: Thu May 19 10:26:07 2005 -----BEGIN PGP SIGNED MESSAGE----- TW-CA-2005-059-[TA05-136A: Apple Mac OS X is affected by multiple vulnerabilities Precedence: list] ──────────────────────────────────────── TWCERT/CC发布日期：2005-05-19 原漏洞发布日期：2005-05-16 原漏洞最新更新日期：-- 通用安全漏洞编号：CAN-2005-1342,CAN-2004-0687,CAN-2004-1308,CAN-2004-1307, CAN-2004-0688,CAN-2004-1335,CAN-2004-1336,CAN-2004-1343,CAN-2004-1332, CAN-2004-0594 分类：Dos,Info Leak,Miscellaneous 来源参考：TA05-136A ──── 简述 ───────────────────────────────── 苹果电脑已经发布 2005-005 的安全更新，其中描述了许多影响 Mac OS X 和 Mac OS X Server 的弱点。最严重的弱点可能允许远端攻击者执行任意程式码，其他的弱点包括了 资讯泄漏和阻断服务。 ──── 说明 ───────────────────────────────── 苹果电脑安全更新 2005-005 发布了一些影响 Mac OS X 和 OS X Server 的弱点，详细资 讯请见以下弱点编号： VU#356070 - Apple Terminal 不能适当地检查 x-man-page URI 的输入 在 Mac OS X 的 Apple Terminal 不能适当地检查 x-man-page URIs，允许远端攻击者执 行任意指令。(CAN-2005-1342) VU#882750 - libXpm 影像函式库有缓冲区溢位弱点 libXpm 影像解析程式码包含了一个缓冲区溢位弱点，可能允许远端攻击者执行任意程式码 或导致阻断服务攻击。(CAN-2004-0687) VU#125598 - LibTIFF 有整数溢位的弱点 LibTIFF 的整数溢位会导致远端攻击者执行任意程式码。(CAN-2004-1308) VU#539110 - LibTIFF 在 TIFFFetchStrip() 函式中有整数溢位 LibTIFF 的整数溢位会导致远端攻击者执行任意程式码。(CAN-2004-1307) VU#537878 - libXpm函式库包含很多整数溢位的弱点 libXpm 包含很多整数溢位的漏洞，可能允许远端攻击者执行任意程式码或造成阻断服务。 (CAN-2004-0688) VU#331694 - 苹果电脑的 Mac OS X chpass/chfn/chsh 工具并没有适当地验证外部程式 Mac OS X 的目录服务工具并没有适当地验证外部程式的程式码路径，潜在地使得区域攻 击者执行任意程式码。(CAN-2004-1335) VU#582934 - 苹果电脑的 Mac OS X Foundation framework 经由不正确地处里环境变数 而产生冲区溢位 Mac OS Xs Foundation Frameworks 处里环境变数意有缓冲区溢位，这可能会导致权限 的提升。(CAN-2004-1336) VU#706838 - 苹果电脑的 Mac OS X vpnd 伺服程式有缓冲区溢位 Mac OS X 在 vpnd 中包含一个缓冲区溢位漏洞，这会使得区域未授权的攻击者以管理者 权限执行任意程式码。(CAN-2004-1343) VU#258390 - 拥有蓝芽支援的 Apple Mac OS X 可以交换档案而不用输入使用者 拥有蓝芽支援的 Apple Mac OS X 可能预设不经意地与其他系统交换档案。 (CAN-2004 - -1332) VU#354486 - Apple Mac OS X Server Netinfo 安装工具不能验证命令列参数 Apple Mac OS X Server NeST 工具包含在处里命令列参数时有漏洞，这会使得攻击者执 行任意程式码。(CAN-2004-0594) Apple 安全更新 2005-005 描述了上述没有的额外漏洞，当进一步可以取得，我们将会发 布各别的弱点编号。 ──── 影响平台 ─────────────────────────────── Mac OS X 10.3.9 版本 (Panther) 和 Mac OS X Server 10.3.9 版本 ──── 修正方式 ─────────────────────────────── 安装更新程式 安装在 Apple 安全更新 2005-005 所描述的更新程式 ──── 影响结果 ─────────────────────────────── 个别漏洞的影响请参考弱点编号，潜在的结果包含任意程式码或指令的远端执行,敏感资讯 的泄露和阻断服务。 ──── 联络TWCERT/CC ───────────────────────────── Tel: 886-7-5250211 FAX: 886-7-5250212 886-2-23563303 886-2-23924082 Email: [email protected] URL: http://www.cert.org.tw/ PGP key: http://www.cert.org.tw/eng/pgp.htm ──────────────────────────────────────── 附件：[ Apple Mac OS X is affected by multiple vulnerabilities Precedence: list] ──── 原文 ───────────────────────────────── Hash: SHA1 Technical Cyber Security Alert TA05-136A Apple Mac OS X is affected by multiple vulnerabilities Original release date: May 16, 2005 Last revised: -- Source: US-CERT Systems Affected Mac OS X version 10.3.9 (Panther) and Mac OS X Server version 10.3.9 Overview Apple has released Security Update 2005-005 to address multiple vulnerabilities affecting Mac OS X and Mac OS X Server. The most serious of these vulnerabilities may allow a remote attacker to execute arbitrary code. Impacts of other vulnerabilities addressed by the update include disclosure of information and denial of service. I. Description Apple Security Update 2005-005 resolves a number of vulnerabilities affecting Mac OS X and OS X Server. Further details are available in the following Vulnerability Notes: VU#356070 - Apple Terminal fails to properly sanitize input for x-man-page URI Apple Terminal on Mac OS X fails to sanitize x-man-page URIs, allowing a remote attacker to execute arbitrary commands. (CAN-2005-1342) VU#882750 - libXpm image library vulnerable to buffer overflow libXpm image parsing code contains a buffer-overflow vulnerability that may allow a remote attacker execute arbitrary code or cause a denial-of-service condition. (CAN-2004-0687) VU#125598 - LibTIFF vulnerable to integer overflow via corrupted directory entry count An integer overflow in LibTIFF may allow a remote attacker to execute arbitrary code. (CAN-2004-1308) VU#539110 - LibTIFF vulnerable to integer overflow in the TIFFFetchStrip() routine An integer overflow in LibTIFF may allow a remote attacker to execute arbitrary code. (CAN-2004-1307) VU#537878 - libXpm library contains multiple integer overflow vulnerabilities libXpm contains multiple integer-overflow vulnerabilities that may allow a remote attacker execute arbitrary code or cause a denial-of-service condition. (CAN-2004-0688) VU#331694 - Apple Mac OS X chpass/chfn/chsh utilities do not properly validate external programs Mac OS X Directory Service utilities do not properly validate code paths to external programs, potentially allowing a local attacker to execute arbitrary code. (CAN-2004-1335) VU#582934 - Apple Mac OS X Foundation framework vulnerable to buffer overflow via incorrect handling of an environmental variable A buffer overflow in Mac OS Xs Foundation Frameworks processing of environment variables may lead to elevated privileges. (CAN-2004-1336) VU#706838 - Apple Mac OS X vulnerable to buffer overflow via vpnd daemon Apple Mac OS X contains a buffer overflow in vpnd that could allow a local, authenticated attacker to execute arbitrary code with root privileges. (CAN-2004-1343) VU#258390 - Apple Mac OS X with Bluetooth enabled may allow file exchange without prompting users Apple Mac OS X with Bluetooth support may unintentionally allow files to be exchanged with other systems by default. (CAN-2004-1332) VU#354486 - Apple Mac OS X Server Netinfo Setup Tool fails to validate command line parameters Apple Mac OS X Server NeST tool contains a vulnerability in the processing of command line arguments that could allow a local attacker to execute arbitrary code. (CAN-2004-0594) Please note that Apple Security Update 2005-005 addresses additional vulnerabilities not described above. As further information becomes available, we will publish individual Vulnerability Notes. II. Impact The impacts of these vulnerabilities vary, for information about specific impacts please see the Vulnerability Notes. Potential consequences include remote execution of arbitrary code or commands, disclosure of sensitive information, and denial of service. III. Solution Install an Update Install the update as described in Apple Security Update 2005-005. Appendix A. References * US-CERT Vulnerability Note VU#582934 - <http://www.kb.cert.org/vuls/id/582934> * US-CERT Vulnerability Note VU#258390 - <http://www.kb.cert.org/vuls/id/258390> * US-CERT Vulnerability Note VU#331694 - <http://www.kb.cert.org/vuls/id/331694> * US-CERT Vulnerability Note VU#706838 - <http://www.kb.cert.org/vuls/id/706838> * US-CERT Vulnerability Note VU#539110 - <http://www.kb.cert.org/vuls/id/539110> * US-CERT Vulnerability Note VU#354486 - <http://www.kb.cert.org/vuls/id/354486> * US-CERT Vulnerability Note VU#882750 - <http://www.kb.cert.org/vuls/id/882750> * US-CERT Vulnerability Note VU#537878 - <http://www.kb.cert.org/vuls/id/537878> * US-CERT Vulnerability Note VU#125598 - <http://www.kb.cert.org/vuls/id/125598> * US-CERT Vulnerability Note VU#356070 - <http://www.kb.cert.org/vuls/id/356070> * Apple Security Update 2005-005 - <http://docs.info.apple.com/article.html?artnum=301528> _________________________________________________________________ These vulnerabilities were discovered by several people and reported in Apple Security Update 2005-005. Please see the Vulnerability Notes for individual reporter acknowledgements. _________________________________________________________________ Feedback can be directed to the authors: Jeffrey Gennari and Jason Rafail. _________________________________________________________________ Copyright 2005 Carnegie Mellon University. Terms of use Revision History May 16, 2005: Initial release Last updated May 16, 2005 -----BEGIN PGP SIGNATURE----- Version: PGP 7.0.4 iQEVAwUBQov4dKcyQYefg2/NAQElKwgAiIM/DEN/QcdMOm+3sDtqyDWhOSKviE/8 0BIv3/DHLU0voizdMG8jbe7qyWYWFYTbk0CINL++X0R+s1oFWfupw3kpU36Swpyx DhZ7fMM5oJZ2aHdRWsy5OZRkNo1+iB+y5P+QIaxEzySOR9jiVNZPq7oIdSGTP7xl fttD0tPQl1c905SuHLpqvMQRtbzZxc+qlQADILmJ4M/EllUx5IdEX/3sGzCsvpTd fKevxLfWIktc1JQc9u7lXfbSlkPBymOeixarbZsSYGGLkNVhkwQ6CdKfIkHdjej4 iPf0DicEoGiOLSClCqP4zkvmfa2ouYpAANBXz03kOSs+43BpRv9wfg== =Gsm6 -----END PGP SIGNATURE----- -- Taiwan Computer Emergency Response Team Security Advisory mailing list. Mail to : [email protected] and include a line "subscribe advisory". Please visit http://www.cert.org.tw/. PGP key : http://www.cert.org.tw/eng/pgp.htm