Vendor Status Note JVNCIAC-P-156

Apple Mac OS X にバッファオーバーフロー等の複数の脆弱性

概要

Apple Mac OS X には、バッファオーバーフロー等の複数の脆弱性があります。

想定される影響

ローカルユーザが root 権限を取得したりする等の影響を受ける可能性があります。

ベンダ情報

ベンダリンク更新日
アップルSecurity Update 2005-003 について
参考情報

  1. ISS X-Force Database: cyrus-imap-preauth-bo(10744)
    Cyrus IMAP Server pre-authentication buffer overflow
  2. ISS X-Force Database: cyrus-sasl-username-bo(10810)
    Cyrus-SASL library username buffer overflow
  3. ISS X-Force Database: cyrus-sasl-saslauthd-bo(10811)
    Cyrus-SASL library saslauthd daemon escape character buffer overflow
  4. ISS X-Force Database: cyrus-sasl-logwriter-bo(10812)
    Cyrus-SASL library log writer buffer overflow
  5. ISS X-Force Database: cyrus-sasl-saslpath(17643)
    Cyrus-SASL SASL_PATH environment variable
  6. ISS X-Force Database: cyrus-imap-username-bo(18198)
    Cyrus IMAP username buffer overflow
  7. ISS X-Force Database: cyrus-imap-commands-execute-code(18199)
    Cyrus IMAP PARTIAL and FETCH commands execute code
  8. ISS X-Force Database: cyrus-magic-plus-bo(18274)
    Cyrus IMAP Server 'imap magic plus' support code buffer overflow
  9. ISS X-Force Database: cyrus-mysaslcanonuser-offbyone-bo(18333)
    Cyrus IMAP Server mysasl_canon_user off-by-one buffer overflow
  10. ISS X-Force Database: multiple-browsers-idn-spoof(19236)
    multiple Web browsers IDN URL spoofing
  11. ISS X-Force Database: Applefileserver-fploginext-dos(19263)
    AppleFileServer FPLoginExt denial of service
  12. ISS X-Force Database: gnumailman-private-directory-traversal(19274)
    GNU Mailman private.py directory traversal
  13. ISS X-Force Database: macos-cfcharsetpath-bo(19776)
    Mac OS X CF_CHARSET_PATH buffer overflow
  14. ISS X-Force Database: macos-bluetooth-bypass-security(19780)
    Mac OS X Bluetooth Setup Assistant bypass security
  15. ISS X-Force Database: macos-directories-insecure-permissions(19782)
    Mac OS X directories have insecure permissions
  16. ISS X-Force Database: macos-dropbox-obtain-information(19783)
    Mac OS X Drop Box obtain information

JPCERT 緊急報告
JPCERT REPORTJPCERT-WR-2005-1302 ( 2005-03-30 )
CIAC BulletinP-156 Apple Security Update 2005-003 ( 2005-03-22 )
CVE2005-0340 [CVE+] XF19263
2005-0715 [CVE+] XF19783
2005-0713 [CVE+] XF19780
2005-0716 [CVE+] XF19776
2004-1011 [CVE+] XF18198
2004-1012 [CVE+] XF18199
2004-1013 [CVE+] XF18199
2004-1015 [CVE+] XF18274
2004-1067 [CVE+] XF18333
2002-1347 [CVE+] XF10810,XF10811,XF10812,XF10744
2004-0884 [CVE+] XF17643
2005-0712 [CVE+] XF19782
2005-0202 [CVE+] XF19274
2005-0234 [CVE+] XF19236
PGP署名JVNCIAC-P-156.html.sig

登録日20:10 2005/04/02
更新日20:10 2005/04/02

Copyright(C) 2002-2009 Keio Univ. All rights reserved.