Vendor Status Note JVNCIAC-P-215

Apple Mac OS X に複数の脆弱性

Apple Mac OS X には複数の脆弱性があります。

ローカルユーザが root 権限を取得するなどの影響を受ける可能性があります。

ベンダ	リンク	更新日
アップル	About Security Update 2005-006

1. ISS X-Force Database: php-phphandleiff-dos(19920)
   PHP php_handle_iff function denial of service
2. ISS X-Force Database: php-phphandlejpeg-dos(19924)
   PHP php_handle_jpeg function denial of service
3. ISS X-Force Database: php-exifprocessifdtag-bo(20115)
   PHP exif_process_IFD_TAG function buffer overflow
4. ISS X-Force Database: php-exif-header-bo(20117)
   PHP EXIF header buffer overflow
5. ISS X-Force Database: macos-bluetooth-directory-traversal(20388)
   Mac OS X Bluetooth directory traversal
6. ISS X-Force Database: macos-vpnserverid-bo(20396)
   Mac OS X VPN server configuration buffer overflow
7. ISS X-Force Database: afp-legacy-client-bo(20928)
   Apple File Protocol Server legacy client buffer overflow
8. ISS X-Force Database: afp-acl-dos(20929)
   Apple File Protocol Server ACL list denial of service
9. ISS X-Force Database: apple-coregraphics-pdf-files-dos(20949)
   Apple CoreGraphics and PDFKit .pdf files denial of service
10. ISS X-Force Database: apple-launchservices-bypass(20951)
    Apple's LaunchServices safety check bypass
11. ISS X-Force Database: macos-nfs-gain-access(20952)
    Mac OS X NFS Export restrictions allow unauthorized access
12. ISS X-Force Database: apple-coregraphics-gain-privileges(20954)
    Apple CoreGraphics allows root privileges
13. ISS X-Force Database: macos-folder-permission-gain-privileges(20955)
    Mac OS X folder permissions allows elevated privileges
14. ISS X-Force Database: apple-managed-client-info-disclosure(20957)
    Apple's Managed Client Portable Home Directory credential disclosures