Next Page >>
MacOSX
ACE 2.6.x Windows not affected
ACE 2.5.x Windows 2.5.4 build 246459 or later
Server 2.x any 2.0.2 build 203138 or later
Fusion 3.x Mac OS/X not affected
Fusion 2.x Mac OS/X 2.0.6 build 246742 or later
ESXi 4.0 ESXi ESXi400-201002402-BG
ESXi 3.5 ESXi ESXe350-200912401-T-BG or later
ACE 2.6.x Windows not affected
ACE 2.5.x Windows 2.5.4 build 246459 or later
Server 2.x any 2.0.2 build 203138 or later
Fusion 3.x Mac OS/X not affected
Fusion 2.x Mac OS/X 2.0.6 build 246742 or later
ESXi 4.0 ESXi ESXi400-201002402-BG
ESXi 3.5 ESXi ESXe350-200912401-T-BG or later
ACE 1.x Windows 1.0.8 build 125922 or later
Server 2.x any 2.0.1 build 156745 or later
Server 1.x any 1.0.8 build 126538 or later
Fusion 2.x Mac OS/X 2.0.1 build 128865 or later
Fusion 1.x Mac OS/X upgrade to at least 2.0.1
ESXi 3.5 ESXi ESXe350-200811401-O-SG
ESX 3.5 ESX ESX350-200811401-SG
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[ MacOS X 10.5/10.6 libc/strtod(3) buffer overflow ]
Author: Maksymilian Arciemowicz and sp3x
http://SecurityReason.com
Date:
- - Dis.: 07.05.2009
- - Pub.: 08.01.2010
http://labs.idefense.com/intelligence/vulnerabilities/
Jul 31, 2008
I. BACKGROUND
Mac OS X is a Unix operating system built from the XNU kernel. Mac OS X
provides all the standard Unix capabilities and tools with an
additional GUI component. For more information, see the vendor's site
found at the following link URL.
http://www.apple.com/macosx/
ACE 1.x Windows 1.0.7 build 108880 or later
Server 1.x Windows 1.0.7 build 108231 or later
Server 1.x Linux not affected
Fusion 1.x Mac OS/X not affected
ESXi 3.5 ESXi not affected
ESX any ESX not affected
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Apple Mac OS X 10.4.x Kernel i386_set_ldt() Integer Overflow Vulnerability
http://risesecurity.org/advisory/RISE-2007004/
Published: November 16, 2007
Updated: November 16, 2007
INTRODUCTION
============
DragonFlyBSD 1.12.0 is the first BSD operating system to roll out a
solution to the IPv4 issue as part of the official version.
Apple MacOS X 10.5.2, MacOS X Server 10.5.2, Darwin 9.2
(all sharing the same kernel: xnu-1228.3.13)
=======================================================
Apple did NOT fix the predictable IP ID issue in its products
(in Leopard 10.5.2).
http://labs.idefense.com/intelligence/vulnerabilities/
May 12, 2009
I. BACKGROUND
Mac OS X is a computer operating systems available from Apple Inc. OS X
is the tenth major version of Apple's operating system for Macintosh
computers and is Unix-based.
For more information, see the vendor's site found at the following link.
II. DESCRIPTION
---------------------
VUPEN Vulnerability Research Team discovered a vulnerability in
Apple Safari for Windows, Mac OS X and iPhone.
The flaw is caused due to a use-after-free error in WebKit when
rendering HTML buttons, which could be exploited by attackers to
execute arbitrary code via a specially crafted web page.
ACE 2.5.x any 2.5.3 build 185404 or later
Server 2.x any patch pending
Server 1.x any patch pending
Fusion 2.x Mac OS/X not affected
Fusion 1.x Mac OS/X not affected
ESXi 4.0 ESXi not affected
ESXi 3.5 ESXi not affected
I. BACKGROUND
The mount_smbfs utility is used to mount a remote SMB share locally. It
is installed set-uid root, so as to allow unprivileged users to mount
shares, and is present in a default installation on both the Server and
Desktop versions of Mac OS X. For more information visit the following
URL.
http://developer.apple.com/documentation/Darwin/Reference/ManPages/man8/mount_smbfs.8.html
II. DESCRIPTION
Nov 14, 2007
I. BACKGROUND
Mach ports are used to provide inter-process communication (IPC)
facilities on Mac OS X. More information can be found on the vendor's
site at the following URL.
http://developer.apple.com/documentation/Darwin/Conceptual/KernelProgramming/boundaries/chapter_14_section_4.html
II. DESCRIPTION
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Advisory: Mac OS X TIOCSETD IOCTL Kernel
Memory Corruption Vulnerability
Advisory ID: TKADV2007-001
Revision: 1.0
Release Date: 2007/11/15
Last Modified: 2007/11/15
Date Reported: 2007/03/19
Works on:
* Windows XP SP2: Internet Explorer 6 / Flash Player 9.0.47.0
* Windows XP SP2: Firefox 2.0.0.5 / Flash Player 9.0.47.0
* Windows XP SP2: IE 7.0.5730.11 Flash Player 9.0.47.0
* Ubuntu Edgy: Firefox 2.0.0.5 / Flash Player 9.0.47.0
* Mac OSX 10.4.10: Safari 2.0.4 / Flash Player 9.0.47.0
* Mac OSX 10.4.10: Safari 3.0.2 / Flash Player 9.0.47.0
* Mac OSX 10.4.10: Firefox 2.0.0.6 / Flash Player 9.0.47.0
* Solaris 10 i86: Firefox 2.0.0.3 / Flash Player 9.0.47.0
Doesn't work as expected on:
* Mac OSX 10.4.10: Opera 9.22 / Flash Player 9.0.47.0
Hijacking Safari 4 Top Sites with Phish Bombs
II. VULNERABLE
-------------------------
Safari 4 all versions < 4.0.3
Platforms affected - Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X
v10.5.7, Mac OS X Server v10.5.7, Windows XP and Vista
III. BACKGROUND
-------------------------
Safari is a web browser developed by Apple Inc. It is the default browser in
ACE 1.x Windows 1.0.5 build 79846 or later
Server 1.x Windows 1.0.5 build 80187 or later
Server 1.x Linux 1.0.5 build 80187 or later
Fusion 1.x Mac OS/X not affected
ESXi 3.5 ESXi not affected
ESX 3.5 ESX not affected
ESX 3.0.2 ESX ESX-1004727
3. *Vulnerability Description*
CUPS [1] provides a portable printing layer for UNIX based operating
systems. It was developed by Easy Software Products and it is now owned
and maintained by Apple Computer Inc. to promote a standard printing
solution. It is the standard open source printing system for Mac OS X
and other UNIX-like operating systems.
A flaw has been identified in CUPS, when handling the
'IPP_TAG_UNSUPPORTED' tag, which could be exploited by attackers to
cause a remote pre-authentication denial of service.
Original URL:
http://securityreason.com/achievement_securityalert/76
- --- 0.Description ---
Camino (from the Spanish word camino meaning "way", "path" or "road") is a free, open source, GUI-based Web browser based on Mozilla's Gecko layout engine and specifically designed for the Mac OS X operating system. In place of an XUL-based user interface used by most Mozilla-based applications, Camino uses Mac-native Cocoa APIs, although it does not use native text boxes.
- --- 1. Camino 1.6.10 Remote Array Overrun (Arbitrary code execution) ---
The main problem exist in dtoa implementation. Camino has the same dtoa as Firefox, SeaMonkey, Chrome, Opera etc.
and it is the same like SREASONRES:20090625.
27.Jul.2007 Vendor confirmed the vulnerability
26.Oct.2007 Safari 3 in Leopard
14.Nov.2007 Safari 3 in Tiger
Scope: Remote Denial of Service
Platforms: MacOSX
Author: David Barroso (dbarroso@s21sec.com)
URL: http://www.s21sec.com/avisos/s21sec-039-en.txt
Release: Public
I. BACKGROUND
AppleTalk, a set of networking protocols developed by Apple, was
originally implemented on early Mac operating systems. Although it is a
legacy protocol, it is still supported on the latest version of Mac OS
X. AppleTalk is compiled into the default kernel, but must be turned on
in order to be used. More information can be found at the following URL.
http://docs.info.apple.com/article.html?artnum=50039
II. DESCRIPTION
I. BACKGROUND
AppleTalk, a set of networking protocols developed by Apple, was
originally implemented on early Mac operating systems. Although it is a
legacy protocol, it is still supported on the latest version of Mac OS
X. AppleTalk is compiled into the default kernel, but must be turned on
in order to be used.
ASP, as its name implies, is a Session Layer protocol that is used by
the AppleTalk File Sharing protocol to establish connections with a
peer. More information can be found at the following URL.
I. BACKGROUND
AppleTalk, a set of networking protocols developed by Apple, was
originally implemented on early Mac operating systems. Although it is a
legacy protocol, it is still supported on the latest version of Mac OS
X. AppleTalk is compiled into the default kernel, but must be turned on
in order to be used. More information can be found at the following URL.
http://docs.info.apple.com/article.html?artnum=50039
II. DESCRIPTION
Apple Mac OS X mDNSResponder HTTP Request Heap Overflow Vulnerability
iDefense Security Advisory 08.07.07
http://labs.idefense.com/intelligence/vulnerabilities/
Aug 07, 2007
I. BACKGROUND
mDNSResponder is part of the Bonjour suite of applications. Bonjour is
used to provide automatic and transparent configuration of network
- --- 0.Description ---
Flock is a web browser built on Mozilla.s Firefox codebase that specializes in providing social networking and Web 2.0 facilities built into its user interface. Flock v2.5 was officially released on May 19, 2009.
The Flock browser is available as a free download, and supports Microsoft Windows, Mac OS X, and Linux platforms.
- --- 1. Flock 2.5.2 Remote Array Overrun (Arbitrary code execution) ---
The main problem exist in dtoa implementation. Flock has the same dtoa as Firefox, SeaMonkey, Chrome, Opera etc.
and it is the same like SREASONRES:20090625.
Windows
UNIX
Linux
Solaris
Mac OS X
Netware
Affected Products
ACE 1.x Windows 1.0.8 build 125922 or later
Server 2.x any not affected
Server 1.x any 1.0.8 build 126538 or later
Fusion 2.x Mac OS/X not affected
Fusion 1.x Mac OS/X not affected
ESXi 3.5 ESXi ESXe350-200810401-O-UG
ESX 3.5 ESX ESX350-200810201-UG
Reference: BID:28629
Reference: URL:http://www.securityfocus.com/bid/28629
Reference: FRSIRT:ADV-2008-1601
Reference: URL:http://www.frsirt.com/english/advisories/2008/1601
Apple iCal 3.0.1 on Mac OS X allows remote CalDAV servers, and
user-assisted remote attackers, to cause a denial of service (NULL
pointer dereference and application crash) or possibly execute
arbitrary code via a .ics file containing (1) a large 16-bit integer
on a TRIGGER line, or (2) a large integer in a COUNT field on an RRULE
line. NOTE: this might be a duplicate of CVE-2008-1035.
ACE 1.x Windows not affected
Server 1.x Windows not affected
Server 1.x Linux not affected
Fusion 1.x Mac OS/X 1.1.2 build 87978 or later
b. Windows based VMCI arbitrary code execution vulnerability
VMCI was introduced in VMware Workstation 6.0, VMware Player 2.0,
and VMware ACE 2.0. It is an experimental, optional feature
Affected Platforms:
Windows
UNIX
Linux
Solaris
Mac OS X
NetWare
Status and Recommendation:
CA released arclib 7.3.0.15 in September 2008. If your product is
Next Page>>
|
