Vendor Status Note JVNCIAC-O-212

MacOS X に複数の脆弱性


Apple MacOS X には、バッファオーバーフローをはじめとする複数の脆弱性があります。

 - Mac OS X 10.3.4
 - Mac OS X 10.3.5
 - Mac OS X Server 10.3.4
 - Mac OS X Server 10.3.5
 - Mac OS X 10.2.8
 - Mac OS X Server 10.2.8


サービス運用妨害 (DoS) 攻撃、遠隔からの第三者によるユーザ権限取得、ローカルユーザによる root 権限取得などの影響を受ける可能性があります。


アップルApple Security Updates

  1. ISS X-Force Database: libpng-file-offset-bo(10925)
    libpng file offset buffer overflow
  2. ISS X-Force Database: openssh-scp-file-overwrite(16323)
    OpenSSH scp file overwrite
  3. ISS X-Force Database: tcpdump-isakmp-delete-bo(15680)
    tcpdump ISAKMP packet delete payload buffer overflow
  4. ISS X-Force Database: tcpdump-isakmp-integer-underflow(15679)
    tcpdump ISAKMP packet integer underflow
  5. ISS X-Force Database: safari-array-dos(15413)
    Safari Web browser application large array denial of service
  6. ISS X-Force Database: libpng-png-dos(16022)
    libpng PNG image denial of service
  7. ISS X-Force Database: rsync-write-files(16014)
    Linux rsync allows files to be written outside a module's path
  8. ISS X-Force Database: apache-modssl-uuencode-bo(16214)
    Apache mod_ssl ssl_util_uuencode_binary buffer overflow
  9. ISS X-Force Database: apache-apgetmimeheaderscore-dos(16524)
    Apache HTTP Server ap_get_mime_headers_core denial of service
  10. ISS X-Force Database: squirrelmail-sql-injection(16235)
    SquirrelMail unspecified SQL injection
  11. ISS X-Force Database: kerberos-krb5anametolocalname-bo(16268)
    Kerberos krb5_aname_to_localname library function buffer overflow
  12. ISS X-Force Database: libpng-pnghandle-bo(16894)
    libpng png_handle_sBIT and png_handle_tRNS buffer overflow
  13. ISS X-Force Database: libpng-pnghandleiccp-dos(16895)
    libpng png_handle_iCCP denial of service
  14. ISS X-Force Database: lilbpng-integer-bo(16896)
    libpng integer buffer overflow
  15. ISS X-Force Database: racoon-eaycheckx509cert-auth-bypass(16414)
    Racoon and IPsec-Tools eay_check_x509cert authentication bypass
  16. ISS X-Force Database: http-frame-spoof(1598)
    Web browser frame spoof
  17. ISS X-Force Database: safari-web-info-disclosure(16944)
    Safari Web POST data information disclosure
  18. ISS X-Force Database: macos-tcp-ip-dos(16946)
    Mac OS TCP/IP denial of service
  19. ISS X-Force Database: tnftpd-gain-access(17020)
    tnftpd allows attacker to gain root access
  20. ISS X-Force Database: macos-corefoundation-gain-privileges(17291)
    Mac OS X CoreFoundation allows elevated privileges
  21. ISS X-Force Database: macos-corefoundation-bo(17295)
    Mac OS X CoreFoundation buffer overflow
  22. ISS X-Force Database: openldap-crypt-gain-access(17300)
    OpenLDAP CRYPT password gain access

JPCERT REPORTJPCERT-WR-2004-3601 ( 2004-09-15 )
CIAC BulletinO-212 Apple Security Update ( 2004-09-08 )
CVE2002-1363 [CVE+] XF10925
2004-0175 [CVE+] XF16323
2004-0183 [CVE+] XF15680
2004-0184 [CVE+] XF15679
2004-0361 [CVE+] XF15413
2004-0421 [CVE+] XF16022
2004-0426 [CVE+] XF16014
2004-0488 [CVE+] XF16214
2004-0493 [CVE+] XF16524
2004-0521 [CVE+] XF16235
2004-0523 [CVE+] XF16268
2004-0597 [CVE+] XF16894
2004-0598 [CVE+] XF16895
2004-0599 [CVE+] XF16896
2004-0607 [CVE+] XF16414
2004-0720 [CVE+] XF1598
2004-0743 [CVE+] XF16944
2004-0744 [CVE+] XF16946
2004-0794 [CVE+] XF17020
2004-0821 [CVE+] XF17291
2004-0822 [CVE+] XF17295
2004-0823 [CVE+] XF17300

登録日12:13 2004/09/19
更新日12:13 2004/09/19

Copyright(C) 2002-2009 Keio Univ. All rights reserved.