Vendor Status Note JVNCIAC-S-056

Apple 製品に複数の脆弱性

概要

Mac OS X、Mac OS X Server、Safari には、複数の脆弱性があります。

想定される影響

遠隔の第三者が任意のコードを実行したり、サービス運用妨害 (DoS) 攻撃を行ったりするなどの可能性があります。

ベンダ情報

ベンダリンク更新日

参考情報

US-CERT Technical Cyber Security Alert TA07-319A
Apple Updates for Multiple Vulnerabilities
Japan Vulnerability Notes JVNTA07-319A
Apple の Mac 製品に複数の脆弱性
ISS X-Force Database: macos-cfnetwork-dos(31837)
Apple Mac OS X CFNetwork framework denial of service
ISS X-Force Database: macos-imovie-format-string(32262)
Apple Mac OS X iMovie HD format string
ISS X-Force Database: @mail-search-xss(32483)
@Mail WebMail System search.pl cross-site scripting
ISS X-Force Database: webmod-contentlength-bo(32755)
WebMod Content-Length buffer overflow
ISS X-Force Database: flashplayer-swf-code-execution(35337)
Adobe Macromedia Flash Player SWF code execution
ISS X-Force Database: isc-bind-queryid-spoofing(35575)
ISC BIND query ID cache poisoning
ISS X-Force Database: kerberos-svcauthgssvalidate-bo(36437)
Kerberos kadmind svcauth_gss_validate buffer overflow
ISS X-Force Database: safari-url-information-disclosure(36855)
Apple Safari URL information disclosure
ISS X-Force Database: safari-window-security-bypass(36857)
Apple Safari window properties security bypass
ISS X-Force Database: safari-frametags-security-bypass(36859)
Apple Safari frame tags security bypass
ISS X-Force Database: safari-https-security-bypass(36862)
Apple Safari HTTPS security bypass
ISS X-Force Database: safari-tabbed-information-disclosure(38460)
Apple Safari tabbed browsing information disclosure
ISS X-Force Database: macosx-appleraid-striped-dos(38461)
Apple Mac OS X AppleRAID striped disk image mount denial of service
ISS X-Force Database: macosx-cfftp-client-redirect(38462)
Apple Mac OS X CFFTP ftp client redirection
ISS X-Force Database: macosx-cfnetwork-ssl-mitm(38463)
Apple Mac OS X CFNetwork SSL man-in-the-middle
ISS X-Force Database: macosx-corefoundation-directory-bo(38464)
Apple Mac OS X CoreFoundation directory hierarchy buffer overflow
ISS X-Force Database: macosx-coretext-code-execution(38465)
Apple Mac OS X CoreText code execution
ISS X-Force Database: macosx-mach-privilege-escalation(38466)
Apple Mac OS X kernel Mach Port privilege escalation
ISS X-Force Database: macosx-kernel-chroot-bypass(38467)
Apple Mac OS X kernel chroot security bypass
ISS X-Force Database: macosx-kernel-i386setldt-overflow(38468)
Apple Mac OS X kernel i386_set_ldt integer overflow
ISS X-Force Database: macosx-kernel-descr-privilege-escalation(38469)
Apple Mac OS X kernel file descriptor privilege escalation
ISS X-Force Database: macosx-kernel-ioctl-overflow(38470)
Apple Mac OS X kernel IOCTL integer overflow
ISS X-Force Database: macosx-remotecmds-unauth-access(38471)
Apple Mac OS X remote_cmds /private/tftpboot/private unauthorized file access
ISS X-Force Database: macosx-networking-information-disclosure(38472)
Apple Mac OS X Networking component Node Information Query information disclosure
ISS X-Force Database: macosx-networking-appletalk-bo(38473)
Apple Mac OS X Networking component AppleTalk buffer overflow
ISS X-Force Database: macosx-ipv6-code-execution(38474)
Apple Mac OS X Networking component IPV6 code execution
ISS X-Force Database: macosx-networking-ioctl-bo(38475)
Apple Mac OS X Networking component IOCTL AppleTalk buffer overflow
ISS X-Force Database: macosx-networking-mbuf-bo(38476)
Apple Mac OS X Networking component AppleTalk mbuf buffer overflow
ISS X-Force Database: macosx-nfs-authunix-code-execution(38477)
Apple Mac OS X NFS component AUTH_UNIX RPC code execution
ISS X-Force Database: macosx-nsurl-security-bypass(38478)
Apple Mac OS X NSURL component security bypass
ISS X-Force Database: macosx-securityagent-screensaver-bypass(38480)
Apple Mac OS X SecurityAgent component screen saver securitybypass
ISS X-Force Database: macosx-webcore-file-unauth-access(38481)
Apple Mac OS X WebCore component file
ISS X-Force Database: macosx-webcore-form-manipulation(38482)
Apple Mac OS X WebCore component HTML form field manipulation
ISS X-Force Database: macosx-webcore-history-code-execution(38483)
Apple Mac OS X WebCore component browser history code execution
ISS X-Force Database: safari-javascript-frame-xss(38484)
Apple Safari JavaScript frame cross-site scripting
ISS X-Force Database: macosx-webkit-security-bypass(38485)
Apple Mac OS X WebKit component private key security bypass
ISS X-Force Database: macosx-webkit-safari-security-bypass(38486)
Apple Mac OS X WebKit component Safari TCP port security bypass
ISS X-Force Database: macosx-webkit-pdf-information-disclosure(38487)
Apple Mac OS X WebKit component PDF file information disclosure
ITmedia
Mac OS X TigerとSafari 3βのセキュリティアップデート公開
ITpro
アップル，Mac OS XとSafariのセキュリティアップデートを公開

JPCERT 緊急報告
JPCERT REPORT	JPCERT-WR-2007-4501 ( 2007-11-21 )
CIAC Bulletin	S-056 Apple Security Update 2007-008 ( 2007-11-15 )
CVE	2007-0464 [CVE+] XF31837 2007-0646 [CVE+] XF32262 2007-0953 [CVE+] XF32483 2007-1260 [CVE+] XF32755 2007-2926 [CVE+] XF35575 2007-3456 [CVE+] XF35337 2007-3749 [CVE+] XF38466 2007-3756 [CVE+] XF36855 2007-3758 [CVE+] XF36857 2007-3760 [CVE+] XF36859 2007-3999 [CVE+] XF36437 2007-4267 [CVE+] XF38475 2007-4268 [CVE+] XF38476 2007-4269 [CVE+] XF38473 2007-4671 [CVE+] XF36862 2007-4678 [CVE+] XF38461 2007-4679 [CVE+] XF38462 2007-4680 [CVE+] XF38463 2007-4681 [CVE+] XF38464 2007-4682 [CVE+] XF38465 2007-4683 [CVE+] XF38467 2007-4684 [CVE+] XF38468 2007-4685 [CVE+] XF38469 2007-4686 [CVE+] XF38470 2007-4687 [CVE+] XF38471 2007-4688 [CVE+] XF38472 2007-4689 [CVE+] XF38474 2007-4690 [CVE+] XF38477 2007-4691 [CVE+] XF38478 2007-4692 [CVE+] XF38460 2007-4693 [CVE+] XF38480 2007-4694 [CVE+] XF38481 2007-4695 [CVE+] XF38482 2007-4697 [CVE+] XF38483 2007-4698 [CVE+] XF38484 2007-4699 [CVE+] XF38485 2007-4700 [CVE+] XF38486 2007-4701 [CVE+] XF38487 2007-4743 [CVE+] XF36437
PGP署名	JVNCIAC-S-056.html.sig

登録日	11:03 2007/11/24
更新日	11:03 2007/11/24