Vendor Status Note JVNCIAC-O-138

Apple MacOS X に含まれる複数の脆弱性


Apple MacOS X 10.3.3 およびそれ以前には、バッファオーバーフローなど複数の脆弱性があります。


遠隔から第三者が管理者 (root) 権限を取得したり、サービス運用妨害 (DoS) 攻撃を受けたりする可能性があります。


Security Update 2004-05-03
Apple Security Updates

  1. US-CERT Vulnerability Note VU#648406
    Apple Mac OS X AppleFileServer fails to properly handle certain authentication requests
  2. US-CERT Vulnerability Note VU#132110
    Apache HTTP Server vulnerable to DoS race condition in the handling of short-lived connections
  3. US-CERT Vulnerability Note VU#552398
    KAME Racoon IKE daemon fails to properly verify client RSA signatures
  4. US-CERT Vulnerability Note VU#782958
    Apple QuickTime contains an integer overflow in the "QuickTime.qts" extension
  5. ISS X-Force Database: applefileserver-afp-pathname-bo(16049)
    AppleFileServer AFP PathName buffer overflow
  6. ISS X-Force Database: apache-errorlog-escape-injection(11730)
    Apache HTTP Server error log and access log terminal escape sequence injection
  7. ISS X-Force Database: apache-esc-seq-injection(11412)
    Apache HTTP Server error log terminal escape sequence injection
  8. ISS X-Force Database: apache-modssl-plain-dos(15419)
    Apache HTTP Server mod_ssl plain HTTP request denial of service
  9. ISS X-Force Database: apache-socket-starvation-dos(15540)
    Apache HTTP Server socket starvation denial of service
  10. ISS X-Force Database: macos-corefoundation-environment(16051)
    Mac OS X unknown CoreFoundation issue when handling environment variables
  11. ISS X-Force Database: racoon-cryptoopenssl-auth-bypass(15783)
    Racoon crypto_openssl.c bypass authentication
  12. ISS X-Force Database: racoon-isakmp-dos(15893)
    Racoon ISAKMP packet denial of service
  13. ISS X-Force Database: macos-radmin-large-request(16053)
    Mac OS X unknown issue in RAdmin when large requests are sent
  14. ISS X-Force Database: quicktime-heap-bo(16026)
    QuickTime Player heap buffer overflow

JPCERT REPORTJPCERT-WR-2004-1901 ( 2004-05-19 )
CIAC BulletinO-138 Apple Mac OS X Jaguar and Panther Security Vulnerabilities ( 2004-05-10 )
CVE2004-0430 [CVE+] VU#648406,XF16049
2003-0020 [CVE+] XF11730,11412
2004-0113 [CVE+] XF15419
2004-0174 [CVE+] VU#132110,XF15540
2004-0428 [CVE+] XF16051
2004-0155 [CVE+] VU#552398,XF15783
2004-0403 [CVE+] XF15893
2004-0429 [CVE+] XF16053
2004-0431 [CVE+] VU#782958,XF16026

登録日0:35 2004/05/22
更新日9:08 2004/05/26

Copyright(C) 2002-2009 Keio Univ. All rights reserved.