Vendor Status Note JVNCIAC-Q-064

Apple Mac OS X に複数の脆弱性


Apple Mac OS X には複数の脆弱性があります。


遠隔から第三者がログインしているユーザの権限を取得したり、ローカルユーザが root 権限を取得したりするなどの様々な影響を受ける可能性があります。


アップルSecurity Update 2005-009 について

  1. ISS X-Force Database: sudo-pathname-race-condition(21080)
    Sudo pathname race condition
  2. ISS X-Force Database: apache-header-hrs(21195)
    Apache HTTP Server header HTTP request smuggling
  3. ISS X-Force Database: pcre-pcrecompile-bo(21970)
    PCRE Library pcre_compile.c buffer overflow
  4. ISS X-Force Database: modssl-sslverifyclient-bypass-security(22149)
    mod_ssl SSLVerifyClient bypass security
  5. ISS X-Force Database: openssl-mitm(22559)
    OpenSSL possible man-in-the-middle attack
  6. ISS X-Force Database: rhel-rhsa-2005-582-update(22602)
  7. ISS X-Force Database: rhel-rhsa-2005-535-update(22607)
  8. ISS X-Force Database: wget-curl-ntlm-username-bo(22721)
    Multiple vendors wget/cURL NTLM buffer username buffer overflow
  9. ISS X-Force Database: macos-corefoundation-url-bo(23329)
    Mac OS X and Mac OS X Server CoreFoundation URL buffer overflow
  10. ISS X-Force Database: macos-iodbcadmintool-privilege-escalation(23332)
    Mac OS x and Mac OS X Server iodbcadmintool privilege escalation
  11. ISS X-Force Database: macos-opendirectory-login-disclosure(23334)
    Mac OS X Server Open Directory Login disclosure
  12. ISS X-Force Database: macos-download-bypass-directory(23336)
    Mac OS X and Mac OS X Server download bypass directory
  13. ISS X-Force Database: macos-dialog-box-informarion-disclosure(23339)
    Mac OS X and Mac OS X Server dialog box information disclosure
  14. ISS X-Force Database: safari-webkit-code-execution(23342)
    Safari Webkit code execution
  15. ISS X-Force Database: macos-syslog-forgery(23344)
    Mac OS X and Mac OS X Server syslog forgery

JPCERT REPORTJPCERT-WR-2005-4801 ( 2005-12-07 )
CIAC BulletinQ-064 Apple Security Update 2005-009 ( 2005-11-30 )
CVE2005-2088 [CVE+] XF21195,XF22602
2005-2700 [CVE+] XF22149
2005-2757 [CVE+] XF23329
2005-3185 [CVE+] XF22721
2005-3700 [CVE+] XF23332
2005-2969 [CVE+] XF22559
2005-3701 [CVE+] XF23334
2005-2491 [CVE+] XF21970
2005-3702 [CVE+] XF23336
2005-3703 [CVE+] XF23339
2005-3705 [CVE+] XF23342
2005-1993 [CVE+] XF22607,XF21080
2005-3704 [CVE+] XF23344

登録日18:12 2005/12/11
更新日18:12 2005/12/11

Copyright(C) 2002-2009 Keio Univ. All rights reserved.