The Cerebral Dump: OS X Security Update 2005-003

TITLE: Mac OS X Security Update Fixes Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA14655

VERIFY ADVISORY:
http://secunia.com/advisories/14655/

CRITICAL:
Highly critical

IMPACT:
Security Bypass, Spoofing, Exposure of sensitive information,
Privilege escalation, DoS, System access

WHERE:
From remote

OPERATING SYSTEM:
Apple Macintosh OS X
http://secunia.com/product/96/

DESCRIPTION:
Apple has issued a security update for Mac OS X, which fixes various
vulnerabilities.

1) A signedness error in AFP Server can be exploited to crash the
application via a specially crafted FPLoginExt packet.

2) An access control error in AFP Server can be exploited to gain
knowledge of the contents of a Drop Box.

3) An error in Bluetooth Setup Assistant can be exploited to bypass
security restrictions when using a Bluetooth input device.

4) A boundary error in the Core Foundation library when handling the
CF_CHARSET_PATH environment variables can be exploited to cause a
buffer overflow.

Successful exploitation allows malicious, local users to execute
arbitrary code with escalated privileges.

5) Multiple vulnerabilities in Cyrus IMAP Server can be exploited by
malicious people to compromise a vulnerable system.

For more information:
SA13274

6) Some vulnerabilities in Cyrus SASL can be exploited to crash or
potentially compromise applications linked against the library.

For more information:
SA12760

7) Insecure permissions on various directories may result in race
conditions and allow local privilege escalation.

8) A vulnerability in Mailman can be exploited by malicious people to
disclose sensitive information.

For more information:
SA14211

9) A security issue in Safari can be exploited by a malicious web
site to spoof the URL displayed in the address bar, SSL certificate,
and status bar.

For more information:
SA14164

SOLUTION:
Apply Security Update 2005-003.

Security Update 2005-003 (Client) 1.0:
http://www.apple.com/support/downloads/securityupdate2005003client.html

Security Update 2005-003 (Server) 1.0:
http://www.apple.com/support/downloads/securityupdate2005003server.html

PROVIDED AND/OR DISCOVERED BY:
1) nemo
2) John M. Glenn
4) iDEFENSE and Adriano Lima
7) Eric Hall, Michael Haller, and root[at]addcom.de.

ORIGINAL ADVISORY:
Apple:
http://docs.info.apple.com/article.html?artnum=301061

The Cerebral Dump

"*** WARNING *** - Bats in the Belfry" ... And stuff you can't poke with a stick...

OS X Security Update 2005-003

"* WARNING * - Bats in the Belfry" ... And stuff you can't poke with a stick...