Vendor Status Note JVNCIAC-O-138

Apple MacOS X に含まれる複数の脆弱性

Apple MacOS X 10.3.3 およびそれ以前には、バッファオーバーフローなど複数の脆弱性があります。

遠隔から第三者が管理者 (root) 権限を取得したり、サービス運用妨害 (DoS) 攻撃を受けたりする可能性があります。

ベンダ	リンク	更新日
アップル	ソフトウェアアップデート Security Update 2004-05-03
	Apple Security Updates

1. US-CERT Vulnerability Note VU#648406
   Apple Mac OS X AppleFileServer fails to properly handle certain authentication requests
2. US-CERT Vulnerability Note VU#132110
   Apache HTTP Server vulnerable to DoS race condition in the handling of short-lived connections
3. US-CERT Vulnerability Note VU#552398
   KAME Racoon IKE daemon fails to properly verify client RSA signatures
4. US-CERT Vulnerability Note VU#782958
   Apple QuickTime contains an integer overflow in the "QuickTime.qts" extension
5. ISS X-Force Database: applefileserver-afp-pathname-bo(16049)
   AppleFileServer AFP PathName buffer overflow
6. ISS X-Force Database: apache-errorlog-escape-injection(11730)
   Apache HTTP Server error log and access log terminal escape sequence injection
7. ISS X-Force Database: apache-esc-seq-injection(11412)
   Apache HTTP Server error log terminal escape sequence injection
8. ISS X-Force Database: apache-modssl-plain-dos(15419)
   Apache HTTP Server mod_ssl plain HTTP request denial of service
9. ISS X-Force Database: apache-socket-starvation-dos(15540)
   Apache HTTP Server socket starvation denial of service
10. ISS X-Force Database: macos-corefoundation-environment(16051)
    Mac OS X unknown CoreFoundation issue when handling environment variables
11. ISS X-Force Database: racoon-cryptoopenssl-auth-bypass(15783)
    Racoon crypto_openssl.c bypass authentication
12. ISS X-Force Database: racoon-isakmp-dos(15893)
    Racoon ISAKMP packet denial of service
13. ISS X-Force Database: macos-radmin-large-request(16053)
    Mac OS X unknown issue in RAdmin when large requests are sent
14. ISS X-Force Database: quicktime-heap-bo(16026)
    QuickTime Player heap buffer overflow