ZDNet UK / News and Analysis / Security / Security Management

Mac OS 10.5.5 packs plethora of security fixes

By Robert Vamosi, CNET News, 16 September, 2008 16:26

Daily Newsletters

Sign up to ZDNet UK's daily newsletter.

Topics

Mac OS, ClamAV, OpenSSH, Ruby, Apple

…to DNS cache poisoning and may return forged information.

Apple explained that libresolv provides translation between host names and IP addresses for applications that use its unicast DNS resolution API. A weakness in the DNS protocol may allow remote attackers to perform DNS cache poisoning attacks. Apple credits Dan Kaminsky of IOActive for reporting this vulnerability.

Login Window I
This patch affects users of Mac OS X v10.5 to v10.5.4 and Mac OS X Server v10.5 to v10.5.4.

The update addresses the vulnerability detailed within CVE-2008-3610, in which a user may log in without providing a password.

Apple explained that a race condition exists in Login Window. To trigger this issue, the system must have the guest account enabled or another account with no password. This issue does not affect systems prior to Mac OS X v10.5.

Login Window II
This patch only affects users of Mac OS X v10.4.11 and Mac OS X Server v10.4.11.

The update addresses the vulnerability described in CVE-2008-3611, in which person with access to the login screen may be able to change a user's password.

Apple said that, when a system has been configured to enforce policies on login passwords, users may be required to change their password in the login screen.

If a password change fails, an error message is displayed, but the current password is not cleared and this may not be obvious to the user.

Apple credited Christopher A Grande of Middlesex Community College for reporting this vulnerability.

mDNSResponder
This patch affects users running Mac OS X v10.5 to v10.5.4, and Mac OS X Server v10.5 to v10.5.4.

The update addresses a buffer overflow vulnerability described in CVE-2008-1447, in which mDNSResponder is susceptible to DNS cache poisoning and may return forged information.

Apple credited Dan Kaminsky of IOActive for reporting this vulnerability.

OpenSSH
This patch affects users of Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 to v10.5.4, and Mac OS X Server v10.5 to v10.5.4.

The update addresses multiple vulnerabilities in OpenSSH described in CVE-2008-1483 and CVE-2008-1657, the most serious of which is local X11 session control.

QuickDraw Manager
This patch only affects users of Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 to v10.5.4, and Mac OS X Server v10.5 to v10.5.4.

The update addresses the integer overflow vulnerability described in CVE-2008-3614, in which opening a maliciously crafted Pict image may lead to an unexpected application termination or arbitrary code execution.

Ruby
This patch affects users of Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 to v10.5.4, and Mac OS X Server v10.5 to v10.5.4.

The update addresses a vulnerability described in CVE-2008-2376, in which running a Ruby script that uses untrusted input as the arguments to the Array#fill method may lead to an unexpected application termination or arbitrary code execution.

Apple said there's an integer overflow in rb_ary_fill(), which implements the Ruby Array#fill method.

Search Kit
This patch affects users of Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 to v10.5.4, Mac OS X Server v10.5 to v10.5.4.

The update addresses a vulnerability described in CVE-2008-3616, in which applications passing untrusted input to the Search Kit API may lead to an unexpected application termination or arbitrary code execution.

Apple explained that an integer overflow issues exist in functions within the Search Kit framework.

System Configuration I
This patch affects users of Mac OS X v10.4.11 and Mac OS X Server v10.4.11.

The update addresses the vulnerability described in CVE-2008-2312, in which a local user may obtain the PPP password.

Apple said Network Preferences stores PPP passwords unencrypted in a world readable file, accessible to any local user.

Apple credited Hernan Ochoa of Core Security Technologies, Tore Halset of pvv.org, and Matt Johnston of the University Computer Club for reporting this vulnerability.

System Preferences I
This patch affects users of Mac OS X v10.5 to v10.5.4, and Mac OS X Server v10.5 to v10.5.4.

The update addresses the vulnerability described in CVE-2008-3617, in which users may be misled into believing their passwords are stronger than they are.

Apple said: "Remote Management and Screen Sharing can be configured to require a password for VNC viewers. The maximum length for VNC viewer passwords is eight characters. The password field can display more than eight characters, implying that the additional characters are used in the password. This update addresses the issue by limiting VNC viewer passwords to eight characters in the user interface."

Apple credits Michal Fresel of hi competence eU for reporting this vulnerability.

System Preferences II
This patch affects users of Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 to v10.5.3, and Mac OS X Server v10.5 to v10.5.3.

The update addresses the vulnerability described in CVE-2008-3618, in which authenticated users may have unexpected remote access to files and directories.

Time Machine
This patch affects users of Mac OS X v10.5 to v10.5.4, Mac OS X Server v10.5 to v10.5.4.

The update addresses the vulnerability described in CVE-2008-3619, in which backing up a system with Time Machine may lead to the disclosure of sensitive information.

Apple said that, during a Time Machine backup, several log files are saved to the backup drive with read permission allowed to other users and may lead to the disclosure of sensitive information.

VideoConference
This patch affects users of Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 to v10.5.4, and Mac OS X Server v10.5 to v10.5.4.

The update addresses the vulnerability described in CVE-2008-3621, in which videoconferencing with a malicious user may lead to an unexpected application termination or arbitrary code execution. Apple said a memory-corruption issue exists in the VideoConference framework's handling of H.264 encoded media.

Wiki Server
This patch affects users of Mac OS X v10.5 to v10.5.4, and Mac OS X Server v10.5 to v10.5.4.

The update addresses a divide by zero vulnerability described in CVE-2008-3622, in which a remote attacker may cause persistent JavaScript injection on a Wiki server.

Apple said "the Wiki Server mailing list archive will execute JavaScript code embedded in messages. A remote person may send an email containing JavaScript code to a mailing list hosted on a Wiki server. Viewing the message from the Wiki Server mailing list archive will trigger the execution of the embedded JavaScript code on the system of the person viewing the message."

Related stories

Apple issues iPhone 2.1 software to squish bugs

Apple still 'niche' in touchscreen market

Apple execs settle stock-options lawsuit

Apple QuickTime update includes nine patches

NHS patients' health data to be anonymised and shared

Post your comment

In order to post a comment you need to be registered and logged in.

You can also log in with Facebook. Log in or create your ZDNet UK account below

  • Login

Will not be displayed with your comment

By signing up for this service, you indicate that you agree to our Terms and Conditions and have read and understood our Privacy Policy. Questions about membership? Find the answers in the Community FAQ

Get ZDNet UK's daily newsletter

Enter your email address to sign up

ZDNet UK Live

Leslie Satenstein

Mozilla has threatened to stop supporting Linux. I guess that UBUNTU is going with another browser. I indicated that if Mozilla stops supporting...

37 minutes ago by Leslie Satenstein via Facebook on Firefox rapid release improves Fedora Linux
Andy Bolstridge

Much as I abhor Microsoft's licensing practices, this is almost certainly down to purchasing IT equipment via 3rd party consultants - you get the...

56 minutes ago by Andy Bolstridge via Facebook on 6 million wasted licences and £1,200 PCs: welcome to government IT
Jack Schofield

@openhgs Windows users have had multiple desktops since Linus started writing Linux. They just haven't shipped as standard because not enough...

17 hours ago by Jack Schofield on Windows 8 could speed multi-monitor uptake
Jack Schofield

@Phil at Cloud4 What, Microsoft gets £1,200 per PC and £1,622 per server? Gosh, I'm amazed....

17 hours ago by Jack Schofield on 6 million wasted licences and £1,200 PCs: welcome to government IT
craigsc

You guys have no idea what is going on at Autonomy. Autonomy could have been a much more profitable organization. The sales operations at Autonomy...

19 hours ago by craigsc on HP cuts 27,000 staff as Autonomy chief Lynch leaves
Moley

How does this impact on dual or multi booting? Seems to me to more or less prohibit this, from Windows 8 anyway. Will Grub 2 recognise Windows 8,...

19 hours ago by Moley on Windows 8 start-up speed forces USB boot workaround
apexwm

I don't understand why there cannot be a slight pause during the boot process so the user can press a key. Many operating systems do this, even if...

20 hours ago by apexwm on Windows 8 start-up speed forces USB boot workaround
Gavin Goodman

You can now buy the Xi3 modular computer in the UK at http://www.ocdistribution.com . This can be bought with the Tand3m software, pricing and...

21 hours ago by Gavin Goodman on CES 2012: Xi3 microSERV3R
Phil at Cloud4

I agree: Mike Lynch can clearly build a business and manage strategy. I suspect the exit of Mike is more likely the end of a planned handover...

1 day ago by Phil at Cloud4 on HP cuts 27,000 staff as Autonomy chief Lynch leaves
Phil at Cloud4

This is unbeleivable government wastage with only one winner... Microsoft 1 - Tax payer Nil!

1 day ago by Phil at Cloud4 on 6 million wasted licences and £1,200 PCs: welcome to government IT
Mispam

So what do you do when you can't boot into windows? Why can't I just hold Shift while I power up instead of having to boot into windows and click a...

1 day ago by Mispam on Windows 8 start-up speed forces USB boot workaround
apexwm

I've also seen that Mac OS X for Intel machines is supposed to run in VirtualBox, which would also be a nice solution. I've never tried it though.

1 day ago by apexwm on xTreme Triple Booting: Linux, Mac & Windows
dave heasman

What I wonder is why when companies are caught bang to rights in not providing contracted services, people bend over to smear the customers? Surely...

1 day ago by dave heasman on Virgin throttles broadband for high-speed customers
pjc158

Strange statement from HP regarding Mike Lynch and not capable of scaling a company. Autonomy was a $7bn purchase which started as a small company...

1 day ago by pjc158 on HP cuts 27,000 staff as Autonomy chief Lynch leaves
lojolondon

Or - possibly, they will destroy business by ensuring people do not invest where there is no return. Another socialist idea, well beyond it's...

1 day ago by lojolondon on Open Data Institute will act as biz incubator
J.A. Watson

Good stuff Jake, very interesting. Thanks. jw

1 day ago by J.A. Watson on xTreme Triple Booting: Linux, Mac & Windows
openhgs

"the cost of a second LCD screen is about the same as one day of an office worker's time, so this should soon be recouped in extra productivity."...

1 day ago by openhgs on Windows 8 could speed multi-monitor uptake
Thomas Gellhaus

I also installed the KDE version; I also will probably try out razorqt since I really haven't had a chance to before. I'm looking forward to the...

2 days ago by Thomas Gellhaus via Facebook on Mageia 2 Released
francisabigail

Acquiring when reinvention/cannibalization is too challenging for a large organization can be an excellent strategy- still, so many mergers stumble...

2 days ago by francisabigail on Ariba buy parks SAP on Oracle's cloud turf
apexwm

All of the feedback regarding using a touch monitor for a desktop PC is right on. Several months ago, we installed a "demo" multitouch all-in-one...

2 days ago by apexwm on Windows 8 could speed multi-monitor uptake

Latest in Security Management

NHS patients' health data to be anonymised and shared

Apple releases Flashback tool for Mac OS X 10.5

IPv6 security: What you need to know

Featured white papers

How IT is ganging up on organised cybercrime

ZDNet UK

How IT is ganging up on organised cybercrime

Lone criminals no longer dominate digital crime. This guide looks at how IT managers are joining forces to fight co-ordinated groups of cybercriminals, in an effort to combat a full spectrum of... Read more

Hacktivism: Threats and reality for IT managers

ZDNet UK

Hacktivism: Threats and reality for IT managers

As high-profile breaches involving consumer data become the norm, this guide looks at where hacking is heading and what individuals can do to protect against possible attacks, from securing data to creating more secure email... Read more

Delivering software security in the cloud

HP

Delivering software security in the cloud

This document describes in detail how HP Fortify on Demand works and what it can accomplish for companies seeking to test the security of their... Read more

Inside ZDNet UK

Axis: Inside Yahoo's iOS-loving browser

Axis: Inside Yahoo's iOS-loving browser

Linux Mint 13 "Maya" Released

Linux Mint 13 "Maya" Released

Asus Transformer Pad TF300T

Asus Transformer Pad TF300T

How IT is ganging up on organised cybercrime

How IT is ganging up on organised cybercrime

HTC One V: First take

HTC One V: First take

SharePoint deployment: The final chapter

SharePoint deployment: The final chapter

Ten IT jobs to save up for those rare lulls

Ten IT jobs to save up for those rare lulls