MAAS History
Archives

Entries by drStrangeP0rk (171)

Wednesday
Jun232010

Firefox 3.6.4 Released

Firefox 3.6.4 has been released which addresses serveral security issues. Users should install this update by installing selecting Software Update under the Help Menu. 

MFSA 2010-33 User tracking across sites using Math.random()
MFSA 2010-32 Content-Disposition: attachment ignored if Content-Type: multipart also present
MFSA 2010-31 focus() behavior can be used to inject or steal keystrokes
MFSA 2010-30 Integer Overflow in XSLT Node Sorting
MFSA 2010-29 Heap buffer overflow in nsGenericDOMDataNode::SetTextInternal
MFSA 2010-28 Freed object reuse across plugin instances
MFSA 2010-26 Crashes with evidence of memory corruption (rv:1.9.2.4/ 1.9.1.10)

Wednesday
Jun232010

Opera 10.54 Update Released

Opera has released an update to the Opera Browser but has provided little detail about what security fixes have been included. It does appear that several recent CVE have been addressed but Opera has posted that it will provide details at a latter time. User should select check for update in Opera and install the update.

Monday
Jun212010

APPLE-SA-2010-06-21-1 iOS 4

Apple has released an update for iOS4 and fixes for WebKit vulnerabilities. Uses and administrators should read the important information below from Apple.

 Installation note:

These updates are only available through iTunes, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/ iTunes will automatically check Apple's update server on its weekly schedule. When an update is detected, it will download it. When the iPhone or iPod touch is docked, iTunes will present the user with the option to install the update. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iPhone or iPod touch. The automatic update process may take up to a week depending on the day that iTunes checks for updates. You may manually obtain the update via the Check for Updates button within iTunes. After doing this, the update can be applied when your iPhone or iPod touch is docked to your computer. To check that the iPhone or iPod touch has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update will be
"4.0 (8A293)" or later.

 

Wednesday
Jun162010

Apple Releases iTunes 9.2 iOS4 Support

Tunes 9.2 comes with several new features and improvements, including: 

  • Sync with iPhone 4 to enjoy your favorite music, movies, TV shows, books and more on-the-go
  • Sync and read books with iPhone or iPod touch with iOS 4 and iBooks 1.1
  • Organize and sync PDF documents as books. Read PDFs with iBooks 1.1 on iPad and any iPhone or iPod touch with iOS 4
  • Organize your apps on your iOS 4 home screens into folders using iTunes
  • Faster back-ups while syncing an iPhone or iPod touch with iOS 4
  • Album artwork improvements make artwork appear more quickly when exploring your library
Tuesday
Jun152010

APPLE-SA-2010-06-15-1 Security Update 2010-004 / Mac OS X v10.6.4

Apple has released a large security update for MacOSX client and MacOSX server. The updates are over 300 megs and 600 megs respectively. Below is a summary of issues addressed. 

Security Update 2010-004 / Mac OS X v10.6.4

  • CUPS

    CVE-ID: CVE-2010-0540

    Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.3, Mac OS X Server v10.6 through v10.6.3

    Impact: Visiting a maliciously crafted website while logged into the CUPS web interface as an administrator may allow CUPS settings to be changed

    Description: A cross-site request forgery issue exists in the CUPS web interface. Visiting a maliciously crafted website while logged into the CUPS web interface as an administrator may allow CUPS settings to be changed. This issue is addressed by requiring web form submissions to include a randomized session token. Credit to Adrian 'pagvac' Pastor of GNUCITIZEN, and Tim Starling for reporting this issue.

  • CUPS

    CVE-ID: CVE-2010-0302

    Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.3, Mac OS X Server v10.6 through v10.6.3

    Impact: A remote attacker may cause an unexpected application termination of cupsd

    Description: A use after free issue exists in cupsd. By issuing a maliciously crafted get-printer-jobs request, an attacker may cause a remote denial of service. This is mitigated through the automatic restart of cupsd after its termination. This issue is addressed through improved connection use tracking. Credit to Tim Waugh for reporting this issue.

  • CUPS

    CVE-ID: CVE-2010-1748

    Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.3, Mac OS X Server v10.6 through v10.6.3

    Impact: An attacker with access to the CUPS web interface may be able to read a limited amount of memory from the cupsd process

    Description: An uninitialized memory read issue exists in the CUPS web interface's handling of form variables. An attacker with access to the CUPS web interface may be able to read a limited amount of memory from the cupsd process. By default, only local users may access the web interface. Remote users may access it as well when Printer Sharing is enabled. This issue is addressed through improved handling of form variables. Credit to Luca Carettoni for reporting this issue.

  • DesktopServices

    CVE-ID: CVE-2010-0545

    Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.3, Mac OS X Server v10.6 through v10.6.3

    Impact: A Finder operation may result in files or folders with unexpected permissions

    Description: When "Apply to enclosed items..." is selected in the "Get Info" window in the Finder, the ownership of the enclosed items is not changed. This may cause the enclosed files and folders to have unexpected permissions. This issue is addressed by applying the correct ownership. Credit to Michi Ruepp of pianobakery.com for reporting this issue.

  • Flash Player plug-in

    CVE-ID: CVE-2010-0186, CVE-2010-0187

    Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.3, Mac OS X Server v10.6 through v10.6.3

    Impact: Multiple vulnerabilities in Adobe Flash Player plug-in

    Description: Multiple issues exist in the Adobe Flash Player plug-in, the most serious of which may lead to unauthorized cross-domain requests. The issues are addressed by updating the Flash Player plug-in to version 10.0.45.2 Further information is available via the Adobe web site athttp://www.adobe.com/support/security/

  • Folder Manager

    CVE-ID: CVE-2010-0546

    Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.3, Mac OS X Server v10.6 through v10.6.3

    Impact: Unmounting a maliciously crafted disk image or remote share may lead to data loss

    Description: A symlink following issue exists in Folder Manager. A folder named "Cleanup At Startup" is removed upon unmount. A maliciously crafted volume may use a symlink to cause the deletion of an arbitrary folder with the permissions of the current user. This issue is addressed through improved handling of symlinks. Credit: Apple.

  • Help Viewer

    CVE-ID: CVE-2010-1373

    Available for: Mac OS X v10.6 through v10.6.3, Mac OS X Server v10.6 through v10.6.3

    Impact: Visiting a maliciously crafted website may lead to the execution of JavaScript in the local domain

    Description: A cross-site scripting issue exists in Help Viewer's handling of help: URLs. Visiting a maliciously crafted website may lead to the execution of JavaScript in the local domain. This may lead to information disclosure or arbitrary code execution. This issue is addressed through improved escaping of URL parameters in HTML content. This issue does not affect systems prior to Mac OS X v10.6. Credit to Clint Ruoho of Laconic Security for reporting this issue.

  • iChat

    CVE-ID: CVE-2010-1374

    Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.3, Mac OS X Server v10.6 through v10.6.3

    Impact: A remote user may upload files to arbitrary locations on the filesystem of a user currently using AIM in iChat

    Description: A directory traversal issue exists in iChat's handling of inline image transfers. A remote user may upload files to arbitrary locations on the filesystem of a user currently using AIM in iChat. This issue is addressed through improved handling of file paths. Credit: Apple.

  • ImageIO

    CVE-ID: CVE-2010-1411

    Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.3, Mac OS X Server v10.6 through v10.6.3

    Impact: Opening a maliciously crafted TIFF file may lead to an unexpected application termination or arbitrary code execution

    Description: Multiple integer overflows in the handling of TIFF files may result in a heap buffer overflow. Opening a maliciously crafted TIFF file may lead to an unexpected application termination or arbitrary code execution. The issues are addressed through improved bounds checking. Credit to Kevin Finisterre of digitalmunition.com for reporting these issues.

  • ImageIO

    CVE-ID: CVE-2010-0543

    Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8

    Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution

    Description: A memory corruption exists in the handling of MPEG2 encoded movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed by performing additional validation of MPEG2 encoded movie files. For Mac OS X v10.6 systems this issue is addressed in Mac OS X v10.6.2. Credit: Apple.

  • Kerberos

    CVE-ID: CVE-2009-4212

    Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.3, Mac OS X Server v10.6 through v10.6.3

    Impact: An unauthenticated remote user may cause an unexpected termination of the KDC process, or arbitrary code execution

    Description: An integer overflow exists in AES and RC4 decryption operations of the crypto library in the KDC server. Sending a maliciously crafted encrypted message to the KDC server may lead to an unexpected termination of the KDC process, or arbitrary code execution. This issue is addressed through improved bounds checking. Credit to the MIT Kerberos Team for reporting this issue.

  • Kerberos

    CVE-ID: CVE-2010-1320

    Available for: Mac OS X v10.6 through v10.6.3, Mac OS X Server v10.6 through v10.6.3

    Impact: A remote user may cause an unexpected termination of the KDC process, or arbitrary code execution

    Description: A double free issue exists in the renewal or validation of existing tickets in the KDC process. A remote user may cause an unexpected termination of the KDC process, or arbitrary code execution. This issue is addressed through improved ticket handling. This issue does not affect systems prior to Mac OS X v10.6. Credit to Joel Johnson for reporting this issue to Debian, and Brian Almeida working with the MIT Kerberos Security Team.

  • Kerberos

    CVE-ID: CVE-2010-0283

    Available for: Mac OS X v10.6 through v10.6.3, Mac OS X Server v10.6 through v10.6.3

    Impact: An unauthenticated remote user may cause an unexpected termination of the KDC process

    Description: A logic issue in the handling of KDC requests may cause an assertion to be triggered. Sending a maliciously crafted message to the KDC server, a remote attacker may be able to interrupt the Kerberos service by triggering an assertion. This issue is addressed through improved validation of KDC requests. This issue does not affect systems prior to Mac OS X v10.6. Credit to Emmanuel Bouillon of NATO C3 Agency working the MIT Kerberos Security Team for reporting this issue.

  • libcurl

    CVE-ID: CVE-2010-0734

    Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.3, Mac OS X Server v10.6 through v10.6.3

    Impact: Using libcurl to download files from a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: A buffer overflow exists in libcurl's handling of gzip-compressed web content. When processing compressed content, libcurl may return an unexpectedly large amount of data to the calling application. This may lead to an unexpected application termination or arbitrary code execution. The issue is addressed by ensuring that the size of data blocks returned to the calling application by libcurl adheres to documented limits.

  • Network Authorization

    CVE-ID: CVE-2010-1375

    Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8

    Impact: A local user may obtain system privileges

    Description: NetAuthSysAgent does not require authorization for certain operations. This may allow a local user to obtain system privileges. This issue is addressed by requiring authorization for additional operations. This issue does not affect Mac OS X v10.6 systems. Credit: Apple.

  • Network Authorization

    CVE-ID: CVE-2010-1376

    Available for: Mac OS X v10.6 through v10.6.3, Mac OS X Server v10.6 through v10.6.3

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: A format string issue exists in the handling of afp:, cifs:, and smb: URLs. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved validation of afp:, cifs:, and smb: URLs. This issue does not affect systems prior to Mac OS X v10.6. Credit to Ilja van Sprundel of IOActive, and Chris Ries of Carnegie Mellon University Computing Services for reporting this issue.

  • Open Directory

    CVE-ID: CVE-2010-1377

    Available for: Mac OS X v10.6 through v10.6.3, Mac OS X Server v10.6 through v10.6.3

    Impact: A man-in-the-middle attacker may be able to impersonate a network account server

    Description: When binding to a network account server via System Preferences, Open Directory will automatically negotiate an unprotected connection to the server if it is not possible to connect to the server with Secure Sockets Layer (SSL). A man-in-the-middle attacker may be able to impersonate the network account server, which may lead to arbitrary code execution with system privileges. This issue is addressed by providing an option to require a secure connection. This issue does not affect systems prior to Mac OS X v10.6.

  • Printer Setup

    CVE-ID: CVE-2010-1379

    Available for: Mac OS X v10.6 through v10.6.3, Mac OS X Server v10.6 through v10.6.3

    Impact: Network devices may disable printing in certain applications

    Description: A character encoding issue exists in Printer Setup's handling of nearby printers. If a device on the local network advertises a printing service with a Unicode character in its service name, printing may fail in certain applications. The issue is addressed through improved handling of shared printers. This issue does not affect systems prior to Mac OS X v10.6. Credit to Filipp Lepalaan of mcare Oy for reporting this issue.

  • Printing

    CVE-ID: CVE-2010-1380

    Available for: Mac OS X v10.6 through v10.6.3, Mac OS X Server v10.6 through v10.6.3

    Impact: A user with access to the printer may cause an unexpected application termination or arbitrary code execution

    Description: An integer overflow issue exists in the calculation of page sizes in the cgtexttops CUPS filter. A local or remote user with access to the printer may cause an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. This issue does not affect systems prior to Mac OS X v10.6. Credit to regenrecht working with iDefense for reporting this issue.

  • Ruby

    CVE-ID: CVE-2010-0541

    Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.3, Mac OS X Server v10.6 through v10.6.3

    Impact: A remote attacker may gain access to accounts served by Ruby WEBrick

    Description: A cross-site scripting issue exists in the Ruby WEBrick HTTP server's handling of error pages. Accessing a maliciously crafted URL in certain web browsers may cause the error page to be treated as UTF-7, allowing JavaScript injection. The issue is addressed by setting UTF-8 as the default character set in HTTP error responses. Credit: Apple.

  • SMB File Server

    CVE-ID: CVE-2010-1381

    Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.3, Mac OS X Server v10.6 through v10.6.3

    Impact: A remote user may obtain unauthorized access to arbitrary files

    Description: A configuration issue exists in Apple's distribution of Samba, the server used for SMB file sharing. Using symbolic links, a remote user with access to an SMB share may obtain unauthorized access to arbitrary files. This issue is addressed by disabling support for wide links in the Samba configuration file.

  • SquirrelMail

    CVE-ID: CVE-2009-1578, CVE-2009-1579, CVE-2009-1580, CVE-2009-1581, CVE-2009-2964

    Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.3, Mac OS X Server v10.6 through v10.6.3

    Impact: Multiple vulnerabilities in SquirrelMail

    Description: SquirrelMail is updated to version 1.4.20 to address several vulnerabilities, the most serious of which is a cross-site scripting issue. Further information is available via the SquirrelMail web site athttp://www.SquirrelMail.org/

  • Wiki Server

    CVE-ID: CVE-2010-1382

    Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.3, Mac OS X Server v10.6 through v10.6.3

    Impact: Viewing maliciously crafted Wiki content may result in a cross-site scripting attack

    Description: The Wiki Server does not specify an explicit character set when serving HTML documents in response to user requests. An attacker with the ability to post or comment on Wiki Server hosted content may include scripts encoded in an alternate character set. This may lead to a cross-site scripting attack against users of the Wiki Server. The issue is addressed by specifying a character set for the document in HTTP responses.

The 10.6.4 update is recommended for all servers currently running Snow Leopard Server version 10.6. It includes Safari 5 and general operating system fixes that enhance the stability, compatibility and security of your server, as well as specific fixes for:

  • - CalDAV querying of email addresses with Active Directory and Open Directory servers
  • - stability and reliability accessing Wiki Server pages
  • - view movies on Wiki Server with Safari on iPad
  • - accessing publicly accessible Wikis when logged in to the Wiki Server
  • - listing blogs on Wiki Server 
  • - vacation mail notices that span across multiple days
  • - updates from Software Update Server viewable by clients
  • - stability and reliability to Software Update Server synchronization
  • - downloading of software updates by Software Update Server
  • - creating NetInstall images which include iLife updater packages
  • - address issues copying, renaming, or deleting files on SMB file servers
  • - improve reliability of VPN connections