Πολλαπλά Vulnerabilities στο Apple Mac OS X είναι δυνατόν να επιτρέπουν το Remote Code Execution
OCS ADVISORY NUMBER:
2012-006
DATE(S) ISSUED:
02/03/2012
SUBJECT:
Multiple Vulnerabilities in Apple Mac OS X Could Allow Remote Code Execution
OVERVIEW:
Multiple vulnerabilities have been discovered in Apple's OS X and
OS X Server that could allow remote code execution. OS X is a desktop
operating system for the Apple Mac. OS X Server is a server operating
system for the Apple Mac.
These vulnerabilities can be exploited if a user visits or is
redirected to a specially crafted webpage or opens a specially crafted
file, including an e-mail attachment, while using a vulnerable version
of OS X. Successful exploitation could result in an attacker gaining
the same privileges as the logged on user. Depending on the privileges
associated with the user, an attacker could then install programs;
view, change, or delete data; or create new accounts with full user
rights.
SYSTEMS AFFECTED:
OS X Lion 10.7 through 10.7.2
OS X Lion Server 10.7 through 10.7.2
Mac OS X 10.6.8
Mac OS X Server 10.6.8
RISK:
Government:
Large and medium government entities: High
Small government entities: High
Businesses:
Large and medium business entities: High
Small business entities: High
Home users: High
DESCRIPTION:
Multiple vulnerabilities have been discovered in Apple's OS X that
could allow both remote and local code execution. These
vulnerabilities can be exploited if a user visits or is redirected to a
specially crafted webpage or opens a specially crafted file, including
an e-mail attachment, while using a vulnerable version of OS X.
Apple has identified the following vulnerabilities:
A vulnerability exists in the Address Book application in OS X
Lion v10.7.2 or earlier. This issue exists because the application will
attempt an unencrypted connection to obtain CardDAV data if an
encrypted connection fails. Attackers can exploit this issue by
performing a man in the middle attack or by intercepting the
unencrypted data at strategic network locations. Successful
exploitation could result in the theft of address book contact
information. This issue affects OS X Lion v10.7 to v10.7.2, OS X Lion
Server v10.7 to v10.7.2 (CVE-2011-3444)
An unspecified memory management issue exists in the Font Book
application due the improper handling of certain data-font files. To
exploit this issue, an attacker creates a specially crafted data-font
file and distributes that file to unsuspecting users. When the user
opens the file with Font Book, the exploit is triggered. Successful
exploitation could result in remote code execution. This issue affects
Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2,
OS X Lion Server v10.7 to v10.7.2. (CVE-2011-3446)
An issue exists in the CFNetwork’s handling of malformed URLs
which could lead to information disclosure. When accessing a
maliciously crafted URL, CFNetworkcould send the request to an
incorrect origin server. To exploit this issue, an attacker distributes
a specially crafted URL to unsuspecting users. When a user visits the
URL, certain information could be relayed to the attacker. Successful
exploitation could result in information disclosure which could be used
to aid additional attacks. This issue affects OS X Lion v10.7 to
v10.7.2, OS X Lion Server v10.7 to v10.7.2 (CVE-2011-3246)
An integer overflow vulnerability exists due to the way CFNetwork
handles certain images with embedded ColorSynch information. To
exploit this issue, an attacker distributes a specially crafted image
file to unsuspecting users. When the file is executed, the exploit
triggers. Successful exploitation could result in remote code
execution. This issue affects OS X Lion v10.7 to v10.7.2, OS X Lion
Server v10.7 to v10.7.2 (CVE-2011-3447) and Mac OS X v10.6.8, Mac OS X
Server v10.6.8 (CVE-2011-0200)
A buffer overflow vulnerability exists in a CoreAudio component
of Mac OS X v10.6.8 and Mac OS X Server v10.6.8 due to the improper
handling of certain encoded audio streams. The specifics of how this
vulnerability can be exploited are unclear. However, successful
exploitation does in involve the execution of a specially crafted audio
content and could result in remote code execution. (CVE-2011-3252)
A heap buffer overflow exists in a CoreMedia component of OS X due
to the improper handling on H.264 encoded movie files. To exploit this
issue, an attacker distributes a specially crafted movie file to
unsuspecting users. When the file is executed, the exploit is
triggered. Successful exploitation could result in remote code
execution. This issue affects Mac OS X v10.6.8, Mac OS X Serverv10.6.8,
OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2.
(CVE-2011-3448)
An unspecified after free issue exists in the handling of certain
font files. To exploit this issue, an attacker creates and distributes
a specially crafted file that uses the vulnerable fonts. When the file
is execution the exploit occurs. Successful exploitation could result
in remote code execution. This issue affects Mac OS X v10.6.8, Mac OS X
Server v10.6.8, OS X Lion v10.7 tov10.7.2, OS X Lion Server v10.7 to
v10.7.2 (CVE-2011-3449)
An unbounded stack allocation issue exists in CoreUI’s handling
of long URLs. To exploit this issue, an attacker creates and
distributes a specially crafted website designed to leverage the issue.
When a user visits the website the exploit is triggered. Successful
exploitation could result in remote code execution. This issue affects
OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2
(CVE-2011-3450)
An unspecified buffer overflow vulnerability exists in the
“uncompress� command line tool. To exploit this issue, an attacker
distributes a specially crafted compressed file. When the file is
uncompressed via command line, the exploit is triggered. Successful
exploitation could result in remote code execution. This issue affects
Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 tov10.7.2,
OS X Lion Server v10.7 to v10.7.2 (CVE-2011-0241)
A buffer overflow exists in libtiff's handling of ThunderScan
encoded TIFF image files and libpng v1.5.4’s handling of certain PNG
files. To exploit this issue, an attacker distributes a specially
crafted TIFF file or PNG file. When the file is executed, the exploit
is triggered. Successful exploitation could result in code execution.
This issue affects Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion
v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 (CVE-2011-1167,
CVE-2011-3328)
An unspecified issue exists in Libinfo's handling of hostname
lookup requests. Libinfo could return incorrect results for a specially
crafted hostname. To exploit this issue, an attacker creates a
specially crafted website and distributes a link to unsuspecting users.
When a user visits the site, the exploit is triggered. Successful
exploitation could result in remote code execution. This issue affects
OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2
(CVE-2011-3441)
An unspecified integer overflow exists in the parsing of certain
DNS resource records. The details of how this vulnerability can be
exploited are unavailable. Successful exploitation could allow remote
code execution. This issue affects Mac OS X v10.6.8, Mac OS X Server
v10.6.8, OS X Lion v10.7 tov10.7.2, OS X Lion Server v10.7 to v10.7.2
(CVE-2011-3453)
Multiple memory corruption issues exist in OpenGL™s handling of
GLSL compilation. The details of how this vulnerability can be
exploited are unclear. However, successful exploitation could result in
arbitrary code execution. This issue affects Mac OS X v10.6.8, Mac OS X
Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to
v10.7.2 (CVE-2011-3457)
Multiple buffer overflow and memory corruption vulnerabilities
exist in QuickTime which could allow remote code execution. To exploit
these vulnerabilities, an attacker distributes a specially crafted
movie or image file to unsuspecting users. When the file is executed
the exploit is triggered. Successful exploitation could result in
arbitrary code execution. This issue affects Mac OS X v10.6.8, Mac OS X
Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to
v10.7.2 (CVE-2011-3458, CVE-2011-3248, CVE-2011-3459, CVE-2011-3250,
CVE-2011-3460,CVE-2011-3249)
An issue exists in the Time Machine application that could allow
attackers to gain unauthorized access to system backups. The user may
designate a remote AFP volume or Time Capsule to be used for Time
Machine backups. Time Machine did not verify that the same device was
being used for subsequent backup operations. An attacker who is able to
spoof the remote volume could gain access to new backups created by
the user's system. This issue affects OS XLion v10.7 to v10.7.2, OS X
Lion Server v10.7 to v10.7.2. (CVE-2011-3462)
An issue exists in WebDAV Sharing's handling of user
authentication. A user with a valid account on the server or one of its
bound directories could cause the execution of arbitrary code with
system privileges. The details of how this vulnerability can be
exploited are unavailable. This issue affects OS X Lion Server v10.7 to
v10.7.2 (CVE-2011-3463)
A memory corruption issue existed in FreeType's handling of Type 1
fonts. To exploit this issue, an attacker distributes a specially
crafted PDF file which utilizes the vulnerable font. When a user opens
the file, the exploit is triggered. Successful exploitation could
result in remote code execution. This issue affects Mac OS X v10.6.8,
Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server
v10.7 to v10.7.2 (CVE-2011-3256)
Successful exploitation of these vulnerabilities could result in
an attacker gaining the same privileges as the logged on user.
Depending on the privileges associated with the user, an attacker could
then install programs; view, change, or delete data; or create new
accounts with full user rights. Failed attempts could result in a
denial-of-service.
RECOMMENDATIONS:
We recommend the following actions be taken:
Apply appropriate patches provided by Apple to affected systems immediately after appropriate testing.
Remind users not to download or open files from un-trusted websites.
Remind users not to open e-mail attachments from unknown users or suspicious e-mails from trusted sources.
Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.
Run all software as a non-privileged user (one
without administrative privileges) to diminish the effects of a
successful attack.
Permit local access for trusted individuals only. Where possible, use restricted environments and restricted shells.
REFERENCES:
Apple:
http://support.apple.com/kb/HT5130
Security Focus:
http://www.securityfocus.com/advisories/23952
http://www.securityfocus.com/bid/51807
http://www.securityfocus.com/bid/51808
http://www.securityfocus.com/bid/51809
http://www.securityfocus.com/bid/51810
http://www.securityfocus.com/bid/51811
http://www.securityfocus.com/bid/51812
http://www.securityfocus.com/bid/51813
http://www.securityfocus.com/bid/51814
http://www.securityfocus.com/bid/51815
http://www.securityfocus.com/bid/51816
http://www.securityfocus.com/bid/51817
http://www.securityfocus.com/bid/51818
CVE:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3444
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3446
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3246
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3447
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0200
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3252
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3448
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3449
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3459
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0241
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3328
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1167
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3441
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3453
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3457
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3249
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3460
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3250
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3459
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3248
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3458
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3462
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3463
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3256
0 Comments
Recommended Comments
There are no comments to display.