Vendor Status Note JVNCIAC-R-247

Apple 製品に複数の脆弱性

概要

Mac OS X および Mac OS X Server には複数の脆弱性があります。

影響を受けるシステム
 - Intel および PowerPC ベースのシステムで稼動する以下の製品およびバージョン
 - Apple Mac OS X v10.3.9、v10.4.9
 - Apple Mac OS X Server v10.3.9、v10.4.9

想定される影響

遠隔の第三者が任意のコードを実行したり、サービス運用妨害 (DoS) 攻撃を行ったりする可能性があります。

ベンダ情報

ベンダリンク更新日
アップルSecurity Update 2007-005 について
参考情報

  1. US-CERT Vulnerability Note VU#221876
    Apple Mac OS X mDNSResponder buffer overflow vulnerability
  2. US-CERT Vulnerability Note VU#116100
    Apple Mac OS X iChat UPnP buffer overflow
  3. ISS X-Force Database: texinfo-sortoffline-symlink(22277)
    Texinfo texindex sort_offline() symlink
  4. ISS X-Force Database: rhel-rhsa-2006-0727-update(32380)
    RHSA-2006
  5. ISS X-Force Database: bind-dnssec-rrset-dos(28745)
    ISC BIND DNSSEC RRset denial of service
  6. ISS X-Force Database: bind-recursive-insist-dos(28744)
    ISC BIND recursive INSIST denial of service
  7. ISS X-Force Database: aix-iy89169-fix(32018)
    IBM critical security fix IY89169 for BIND not installed
  8. ISS X-Force Database: aix-iy89178-fix(32019)
    IBM critical security fix IY89178 for BIND not installed
  9. ISS X-Force Database: bind-named-service-dos(31799)
    ISC BIND named service denial of service
  10. ISS X-Force Database: bind-rrsets-dos(31838)
    ISC BIND RRset denial of service
  11. ISS X-Force Database: macos-diskimage-code-execution(34498)
    Apple Mac OS X Alias Manager disk image code execution
  12. ISS X-Force Database: macos-pdf-bo(34499)
    Apple Mac OS X CoreGraphics PDF buffer overflow
  13. ISS X-Force Database: macos-tmpfilesystem-dos(34500)
    Apple Mac OS X crontabs /tmp filesystem denial of service
  14. ISS X-Force Database: macos-pppd-privilege-escalation(34503)
    Apple Mac OS X ppp daemon privilege escalation
  15. ISS X-Force Database: file-fileprintf-bo(33078)
    Christos Zoulas' file_printf buffer overflow
  16. ISS X-Force Database: apop-msgid-mitm(33387)
    APOP protocol msg-id man-in-the-middle
  17. ISS X-Force Database: macos-mdnsresponder-upnp-bo(34493)
    Apple Mac OS X mDNSResponder UPnP IGD buffer overflow
  18. ISS X-Force Database: macos-ichat-bo(34502)
    Apple Mac OS X iChat UPnP IGD buffer overflow
  19. ISS X-Force Database: ruby-cgi-mime-dos(30221)
    Ruby cgi.rb MIME request denial of service
  20. ISS X-Force Database: rhel-rhsa-2006-0729-update(32381)
    RHSA-2006
  21. ISS X-Force Database: ruby-cgi-library-dos(30734)
    Ruby CGI Library cgi.rb denial of service
  22. ISS X-Force Database: gnu-screen-utf8-dos(29784)
    GNU Screen UTF-8 handling denial of service
  23. ISS X-Force Database: macos-vpnd-format-string(34505)
    Apple Mac OS X vpnd format string

JPCERT 緊急報告
JPCERT REPORTJPCERT-WR-2007-2101 ( 2007-06-06 )
CIAC BulletinR-247 Apple Security Update 2007-005 ( 2007-05-29 )
CVE2005-3011 [CVE+] XF22277,XF32380
2006-4095 [CVE+] XF28745
2006-4096 [CVE+] XF28744,XF32018,XF32019
2007-0493 [CVE+] XF31799
2007-0494 [CVE+] XF31838
2007-0740 [CVE+] XF34498
2007-0750 [CVE+] XF34499
2007-0751 [CVE+] XF34500
2007-0752 [CVE+] XF34503
2007-1536 [CVE+] XF33078
2007-1558 [CVE+] XF33387
2007-2386 [CVE+] XF34493
2007-2390 [CVE+] XF34502
2006-5467 [CVE+] XF30221,XF32381
2006-6303 [CVE+] XF30734
2006-4573 [CVE+] XF29784
2007-0753 [CVE+] XF34505
PGP署名JVNCIAC-R-247.html.sig

登録日5:53 2007/06/10
更新日5:53 2007/06/10

Copyright(C) 2002-2009 Keio Univ. All rights reserved.