Vendor Status Note JVNCIAC-P-215

Apple Mac OS X に複数の脆弱性


Apple Mac OS X には複数の脆弱性があります。


ローカルユーザが root 権限を取得するなどの影響を受ける可能性があります。


アップルAbout Security Update 2005-006

  1. ISS X-Force Database: php-phphandleiff-dos(19920)
    PHP php_handle_iff function denial of service
  2. ISS X-Force Database: php-phphandlejpeg-dos(19924)
    PHP php_handle_jpeg function denial of service
  3. ISS X-Force Database: php-exifprocessifdtag-bo(20115)
    PHP exif_process_IFD_TAG function buffer overflow
  4. ISS X-Force Database: php-exif-header-bo(20117)
    PHP EXIF header buffer overflow
  5. ISS X-Force Database: macos-bluetooth-directory-traversal(20388)
    Mac OS X Bluetooth directory traversal
  6. ISS X-Force Database: macos-vpnserverid-bo(20396)
    Mac OS X VPN server configuration buffer overflow
  7. ISS X-Force Database: afp-legacy-client-bo(20928)
    Apple File Protocol Server legacy client buffer overflow
  8. ISS X-Force Database: afp-acl-dos(20929)
    Apple File Protocol Server ACL list denial of service
  9. ISS X-Force Database: apple-coregraphics-pdf-files-dos(20949)
    Apple CoreGraphics and PDFKit .pdf files denial of service
  10. ISS X-Force Database: apple-launchservices-bypass(20951)
    Apple's LaunchServices safety check bypass
  11. ISS X-Force Database: macos-nfs-gain-access(20952)
    Mac OS X NFS Export restrictions allow unauthorized access
  12. ISS X-Force Database: apple-coregraphics-gain-privileges(20954)
    Apple CoreGraphics allows root privileges
  13. ISS X-Force Database: macos-folder-permission-gain-privileges(20955)
    Mac OS X folder permissions allows elevated privileges
  14. ISS X-Force Database: apple-managed-client-info-disclosure(20957)
    Apple's Managed Client Portable Home Directory credential disclosures

JPCERT REPORTJPCERT-WR-2005-2301 ( 2005-06-15 )
CIAC BulletinP-215 Apple Security Update 2005-006 ( 2005-06-09 )
CVE2005-0524 [CVE+] XF19920
2005-0525 [CVE+] XF19924
2005-1042 [CVE+] XF20115
2005-1043 [CVE+] XF20117
2005-1333 [CVE+] XF20388
2005-1343 [CVE+] XF20396
2005-1720 [CVE+] XF20929
2005-1721 [CVE+] XF20928
2005-1722 [CVE+] XF20949
2005-1723 [CVE+] XF20951
2005-1724 [CVE+] XF20952
2005-1725 [CVE+]
2005-1726 [CVE+] XF20954
2005-1727 [CVE+] XF20955
2005-1728 [CVE+] XF20957

登録日17:46 2005/06/18
更新日17:46 2005/06/18

Copyright(C) 2002-2009 Keio Univ. All rights reserved.