<< Previous Next >>
OS X
ACE 1.x Windows 1.0.5 build 79846 or later
Server 1.x Windows 1.0.5 build 80187 or later
Server 1.x Linux 1.0.5 build 80187 or later
Fusion 1.x Mac OS/X not affected
ESXi 3.5 ESXi not affected
ESX 3.5 ESX not affected
ESX 3.0.2 ESX ESX-1004727
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[ MacOS X 10.5/10.6 libc/strtod(3) buffer overflow ]
Author: Maksymilian Arciemowicz and sp3x
http://SecurityReason.com
Date:
- - Dis.: 07.05.2009
- - Pub.: 08.01.2010
============
DragonFlyBSD 1.12.0 is the first BSD operating system to roll out a
solution to the IPv4 issue as part of the official version.
Apple MacOS X 10.5.2, MacOS X Server 10.5.2, Darwin 9.2
(all sharing the same kernel: xnu-1228.3.13)
=======================================================
Apple did NOT fix the predictable IP ID issue in its products
(in Leopard 10.5.2).
Hijacking Safari 4 Top Sites with Phish Bombs
II. VULNERABLE
-------------------------
Safari 4 all versions < 4.0.3
Platforms affected - Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X
v10.5.7, Mac OS X Server v10.5.7, Windows XP and Vista
III. BACKGROUND
-------------------------
Safari is a web browser developed by Apple Inc. It is the default browser in
Original URL:
http://securityreason.com/achievement_securityalert/76
- --- 0.Description ---
Camino (from the Spanish word camino meaning "way", "path" or "road") is a free, open source, GUI-based Web browser based on Mozilla's Gecko layout engine and specifically designed for the Mac OS X operating system. In place of an XUL-based user interface used by most Mozilla-based applications, Camino uses Mac-native Cocoa APIs, although it does not use native text boxes.
- --- 1. Camino 1.6.10 Remote Array Overrun (Arbitrary code execution) ---
The main problem exist in dtoa implementation. Camino has the same dtoa as Firefox, SeaMonkey, Chrome, Opera etc.
and it is the same like SREASONRES:20090625.
Disabling the 802.11a network may strand mesh APs. Are you sure you want to continue? (y/n)y
(Cisco Controller) >
(Cisco Controller) >config 802.11a 11nSupport mcs tx 0 disable
(Cisco Controller) >config 802.11a enable network
When this option is configured and an affected Mac OSX client roams from one Cisco AP to the other, the kernel panics. This is easily reproducible by just walking to another room in the congress center.
Thanks for helping identifying the issue:
Willem Hengeveld <itsme at xs4all dot nl>
Hartmut Schroeder <hacko at hacko dot org>
Vendor: Apple Inc., http://www.apple.com
Affected Products: CoreServices Framework’s CarbonCore Framework
(Used by: i.e. Safari, Mail)
Affected Platforms:
Mac OS X v10.4.11
Mac OS X Server v10.4.11
Mac OS X v10.5.4
Mac OS X Server v10.5.4
Vulnerability: Arbitrary Code Execution (remote)
Risk: CRITICAL
ZDI-10-058: Apple Mac OS X ImageIO Framework JPEG2000 Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-058
April 5, 2010
-- CVE ID:
CVE-2010-0505
-- Affected Vendors:
Apple
Exploit Code :
#!/usr/bin/env python
#######################################################
#
# Title: Apple Safari <= Tag (heap spray) Remote BOF Exploit (osX)
# Author: eidelweiss
# Special Thank`s to: AL-MARHUM - [D]eal [C]yber - all Senior MEDANHACKER
# Greats: JosS (hackown) , r0073r & 0x1D (inj3ct0r) , kuris (good job beib
LOL)
# Tested on ibook OS X 10.4.11 (ibook g4)
Affected Platforms:
Windows
UNIX
Linux
Solaris
Mac OS X
NetWare
Status and Recommendation:
CA released arclib 7.3.0.15 in September 2008. If your product is
--------------------------------------------------------------------------------
Credit
--------------------------------------------------------------------------------
Chris Hessing from The Open1X Group (http://www.open1x.org) who is
currently working on Android, iOS, Windows, Mac OSX, and Linux 802.1X
tools for Cloudpath Networks (http://www.cloudpath.net/) discovered
this password exploit.
--------------------------------------------------------------------------------
III. AFFECTED PRODUCTS
---------------------------
Apple Safari version 5.0.4 and prior for Windows and Mac OS X
Apple iOS versions 3.0 through 4.3.1 for iPhone 3GS and later
Apple iOS versions 3.1 through 4.3.1 for iPod touch (3rd generation) and
later
Apple iOS versions 3.2 through 4.3.1 for iPad
Apple iOS versions 4.2.5 through 4.2.6 for iPhone 4 (CDMA)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
There's a difference between ignoring something and making a statement like
'OS X is the new Windows 98.'
Its sensationalist and of no use, especially when posted to lists that
are supposedly populated with security experts. Everyone here is aware
of the consequences of malware and the manipulation of end users to
spread it. Of course its interesting that a criminal group has taken
ACE 1.x Windows not affected
Server 1.x Windows not affected
Server 1.x Linux not affected
Fusion 1.x Mac OS/X 1.1.2 build 87978 or later
b. Windows based VMCI arbitrary code execution vulnerability
VMCI was introduced in VMware Workstation 6.0, VMware Player 2.0,
and VMware ACE 2.0. It is an experimental, optional feature
Apple Mac OS X ImageIO Integer Overflow
22/03/2011
Dominic Chell of NGS Secure has discovered a High risk vulnerability in Mac OS X ImageIO. An integer overflow issue exists in ImageIO's handling of JPEG-encoded TIFF images. Viewing a maliciously crafted TIFF image may result in an unexpected application termination or arbitrary code execution
Versions affected include:
Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6. This issue does not affect systems prior to Mac OS X v10.6
Reference: BID:28629
Reference: URL:http://www.securityfocus.com/bid/28629
Reference: FRSIRT:ADV-2008-1601
Reference: URL:http://www.frsirt.com/english/advisories/2008/1601
Apple iCal 3.0.1 on Mac OS X allows remote CalDAV servers, and
user-assisted remote attackers, to cause a denial of service (NULL
pointer dereference and application crash) or possibly execute
arbitrary code via a .ics file containing (1) a large 16-bit integer
on a TRIGGER line, or (2) a large integer in a COUNT field on an RRULE
line. NOTE: this might be a duplicate of CVE-2008-1035.
detection, traffic analysis, and in some cases, even to TCP blind
data injection.
But it gets more interesting. Several other BSD operating systems
copied the OpenBSD code for their own IP ID PRNG, so they're
vulnerable too. This is particularly so with Apple's Mac OS X,
Mac OS X Server and Darwin, but also with NetBSD, FreeBSD and
DragonFlyBSD (the 3 latter O/S however only use this PRNG when
the kernel flag net.inet.ip.random_id is set to 1; it is 0 by
default, resulting in a sequential counter to be used instead...).
OpenBSD, NetBSD and FreeBSD also use this PRNG for IP
An hypotesis is a possible different behaviour depending by the version
of Mac OS, probably bypassable using a modified proof-of-concept or just
not at all.
I have found the following post (in french) which reports a detailed
test made using the latest version of Quicktime on Mac OS X 10.4.11 PPC
and Mac OS X 10.5.1 Intel:
http://forum.macbidouille.com/index.php?act=ST&f=8&t=251685#entry2512134
On both the platforms the code flow has pointed to the return address
Affected Platforms:
Windows
UNIX
Linux
Solaris
Mac OS X
NetWare
Status and Recommendation:
CA released arclib 7.3.0.15 in September 2008. If your product is
content is violated.
Description:
Apple's Mail.app is the default email application that comes with Mac
OS X machines. It supports S/MIME as standard for encryption and
authentication of emails. However by default Mail.app also has an
option called "Store draft messages on the server" when you are making
use of an IMAP or Exchange server.
The assumption when making use of S/MIME is that no one except you and
Windows
UNIX
Linux
Solaris
Mac OS X
Netware
Affected Products
ACE 1.x Windows 1.0.8 build 125922 or later
Server 2.x any not affected
Server 1.x any 1.0.8 build 126538 or later
Fusion 2.x Mac OS/X not affected
Fusion 1.x Mac OS/X upgrade to Fusion 2.0 or later
ESXi 3.5 ESXi ESXe350-200811401-O-SG
ESX 3.5 ESX ESX350-200811401-SG
Version: ??? (???)
Code Type: X86-64 (Native)
Parent Process: exc_handler [71821]
Date/Time: 2011-02-03 13:18:36.732 +0000
OS Version: Mac OS X 10.6.6 (10J567)
Report Version: 6
Exception Type: EXC_BAD_ACCESS (SIGBUS)
Exception Codes: KERN_PROTECTION_FAILURE at 0x0000000101a83000
Crashed Thread: 3
Application: Ventrilo
http://www.ventrilo.com
Versions: <= 3.0.2
Platforms: Windows, Linux i386, Solaris SPARC, Solaris x86, FreeBSD
i386, NetBSD i386, Mac OSX PowerPC
Bug: NULL pointer
Exploitation: remote, versus server
Date: 13 Aug 2008
Authors: Andre Malm Luigi Auriemma
web: sheepa.org e-mail: aluigi@autistici.org
Apple Mac OS X Image RAW Multiple Buffer Overflows
22/03/2011
Paul Harrington of NGS Secure has discovered a High risk vulnerability in Mac OS X Image RAW. Multiple buffer overflow issues existed in Image RAW's handling of Canon RAW images. Viewing a maliciously crafted Canon RAW image may result in an unexpected application termination or arbitrary code execution.
Versions affected include:
Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6 with RawCamera.bundle < 3.6
ACE 1.x Windows not affected
Server 2.x any not affected
Server 1.x any 1.0.7 build 108231 or later
Fusion 2.x Mac OS/X not affected
Fusion 1.x Mac OS/X not affected
ESXi 3.5 ESXi ESXe350-200809401-I-SG
ESX 3.5 ESX ESX350-200809404-SG
# Vulnerability
# Date: 25.01.2012
# Author: otr
# Software Link: http://www.nomachine.com/documents/plugin/install.php
# Version: <= 3.x
# Tested on: Linux, Windows, Mac OS X x86, Mac OS X PPC, Solaris
# CVE : None, yet
Summary
The No Machine NX Web Companion is a Java applet that allows to
===================================================================
Mac OS X WebDAV kernel extension local denial-of-service
July 26, 2010
CVE-2010-1794
===================================================================
==Description==
"Web-based Distributed Authoring and Versioning, or WebDAV, is a set
of extensions to the Hypertext Transfer Protocol that allows computer
27.Jul.2007 Vendor confirmed the vulnerability
26.Oct.2007 Safari 3 in Leopard
14.Nov.2007 Safari 3 in Tiger
Scope: Remote Denial of Service
Platforms: MacOSX
Author: David Barroso (dbarroso@s21sec.com)
URL: http://www.s21sec.com/avisos/s21sec-039-en.txt
Release: Public
Player 3.x any 3.1.5 or later
AMS any any not affected
Fusion 4.x Mac OS/X not affected
Fusion 3.1.x Mac OS/X 3.1.3 or later
ESXi any ESXi not affected
ESX any ESX not affected
<<Previous Next>>
|
