Vendor Status Note JVNCIAC-S-056

Apple 製品に複数の脆弱性

概要

Mac OS X、Mac OS X Server、Safari には、複数の脆弱性があります。

想定される影響

遠隔の第三者が任意のコードを実行したり、サービス運用妨害 (DoS) 攻撃を行ったりするなどの可能性があります。

ベンダ情報

ベンダリンク更新日
参考情報

  1. US-CERT Technical Cyber Security Alert TA07-319A
    Apple Updates for Multiple Vulnerabilities
  2. Japan Vulnerability Notes JVNTA07-319A
    Apple の Mac 製品に複数の脆弱性
  3. ISS X-Force Database: macos-cfnetwork-dos(31837)
    Apple Mac OS X CFNetwork framework denial of service
  4. ISS X-Force Database: macos-imovie-format-string(32262)
    Apple Mac OS X iMovie HD format string
  5. ISS X-Force Database: @mail-search-xss(32483)
    @Mail WebMail System search.pl cross-site scripting
  6. ISS X-Force Database: webmod-contentlength-bo(32755)
    WebMod Content-Length buffer overflow
  7. ISS X-Force Database: flashplayer-swf-code-execution(35337)
    Adobe Macromedia Flash Player SWF code execution
  8. ISS X-Force Database: isc-bind-queryid-spoofing(35575)
    ISC BIND query ID cache poisoning
  9. ISS X-Force Database: kerberos-svcauthgssvalidate-bo(36437)
    Kerberos kadmind svcauth_gss_validate buffer overflow
  10. ISS X-Force Database: safari-url-information-disclosure(36855)
    Apple Safari URL information disclosure
  11. ISS X-Force Database: safari-window-security-bypass(36857)
    Apple Safari window properties security bypass
  12. ISS X-Force Database: safari-frametags-security-bypass(36859)
    Apple Safari frame tags security bypass
  13. ISS X-Force Database: safari-https-security-bypass(36862)
    Apple Safari HTTPS security bypass
  14. ISS X-Force Database: safari-tabbed-information-disclosure(38460)
    Apple Safari tabbed browsing information disclosure
  15. ISS X-Force Database: macosx-appleraid-striped-dos(38461)
    Apple Mac OS X AppleRAID striped disk image mount denial of service
  16. ISS X-Force Database: macosx-cfftp-client-redirect(38462)
    Apple Mac OS X CFFTP ftp client redirection
  17. ISS X-Force Database: macosx-cfnetwork-ssl-mitm(38463)
    Apple Mac OS X CFNetwork SSL man-in-the-middle
  18. ISS X-Force Database: macosx-corefoundation-directory-bo(38464)
    Apple Mac OS X CoreFoundation directory hierarchy buffer overflow
  19. ISS X-Force Database: macosx-coretext-code-execution(38465)
    Apple Mac OS X CoreText code execution
  20. ISS X-Force Database: macosx-mach-privilege-escalation(38466)
    Apple Mac OS X kernel Mach Port privilege escalation
  21. ISS X-Force Database: macosx-kernel-chroot-bypass(38467)
    Apple Mac OS X kernel chroot security bypass
  22. ISS X-Force Database: macosx-kernel-i386setldt-overflow(38468)
    Apple Mac OS X kernel i386_set_ldt integer overflow
  23. ISS X-Force Database: macosx-kernel-descr-privilege-escalation(38469)
    Apple Mac OS X kernel file descriptor privilege escalation
  24. ISS X-Force Database: macosx-kernel-ioctl-overflow(38470)
    Apple Mac OS X kernel IOCTL integer overflow
  25. ISS X-Force Database: macosx-remotecmds-unauth-access(38471)
    Apple Mac OS X remote_cmds /private/tftpboot/private unauthorized file access
  26. ISS X-Force Database: macosx-networking-information-disclosure(38472)
    Apple Mac OS X Networking component Node Information Query information disclosure
  27. ISS X-Force Database: macosx-networking-appletalk-bo(38473)
    Apple Mac OS X Networking component AppleTalk buffer overflow
  28. ISS X-Force Database: macosx-ipv6-code-execution(38474)
    Apple Mac OS X Networking component IPV6 code execution
  29. ISS X-Force Database: macosx-networking-ioctl-bo(38475)
    Apple Mac OS X Networking component IOCTL AppleTalk buffer overflow
  30. ISS X-Force Database: macosx-networking-mbuf-bo(38476)
    Apple Mac OS X Networking component AppleTalk mbuf buffer overflow
  31. ISS X-Force Database: macosx-nfs-authunix-code-execution(38477)
    Apple Mac OS X NFS component AUTH_UNIX RPC code execution
  32. ISS X-Force Database: macosx-nsurl-security-bypass(38478)
    Apple Mac OS X NSURL component security bypass
  33. ISS X-Force Database: macosx-securityagent-screensaver-bypass(38480)
    Apple Mac OS X SecurityAgent component screen saver securitybypass
  34. ISS X-Force Database: macosx-webcore-file-unauth-access(38481)
    Apple Mac OS X WebCore component file
  35. ISS X-Force Database: macosx-webcore-form-manipulation(38482)
    Apple Mac OS X WebCore component HTML form field manipulation
  36. ISS X-Force Database: macosx-webcore-history-code-execution(38483)
    Apple Mac OS X WebCore component browser history code execution
  37. ISS X-Force Database: safari-javascript-frame-xss(38484)
    Apple Safari JavaScript frame cross-site scripting
  38. ISS X-Force Database: macosx-webkit-security-bypass(38485)
    Apple Mac OS X WebKit component private key security bypass
  39. ISS X-Force Database: macosx-webkit-safari-security-bypass(38486)
    Apple Mac OS X WebKit component Safari TCP port security bypass
  40. ISS X-Force Database: macosx-webkit-pdf-information-disclosure(38487)
    Apple Mac OS X WebKit component PDF file information disclosure
  41. ITmedia
    Mac OS X TigerとSafari 3βのセキュリティアップデート公開
  42. ITpro
    アップル,Mac OS XとSafariのセキュリティアップデートを公開

JPCERT 緊急報告
JPCERT REPORTJPCERT-WR-2007-4501 ( 2007-11-21 )
CIAC BulletinS-056 Apple Security Update 2007-008 ( 2007-11-15 )
CVE2007-0464 [CVE+] XF31837
2007-0646 [CVE+] XF32262
2007-0953 [CVE+] XF32483
2007-1260 [CVE+] XF32755
2007-2926 [CVE+] XF35575
2007-3456 [CVE+] XF35337
2007-3749 [CVE+] XF38466
2007-3756 [CVE+] XF36855
2007-3758 [CVE+] XF36857
2007-3760 [CVE+] XF36859
2007-3999 [CVE+] XF36437
2007-4267 [CVE+] XF38475
2007-4268 [CVE+] XF38476
2007-4269 [CVE+] XF38473
2007-4671 [CVE+] XF36862
2007-4678 [CVE+] XF38461
2007-4679 [CVE+] XF38462
2007-4680 [CVE+] XF38463
2007-4681 [CVE+] XF38464
2007-4682 [CVE+] XF38465
2007-4683 [CVE+] XF38467
2007-4684 [CVE+] XF38468
2007-4685 [CVE+] XF38469
2007-4686 [CVE+] XF38470
2007-4687 [CVE+] XF38471
2007-4688 [CVE+] XF38472
2007-4689 [CVE+] XF38474
2007-4690 [CVE+] XF38477
2007-4691 [CVE+] XF38478
2007-4692 [CVE+] XF38460
2007-4693 [CVE+] XF38480
2007-4694 [CVE+] XF38481
2007-4695 [CVE+] XF38482
2007-4697 [CVE+] XF38483
2007-4698 [CVE+] XF38484
2007-4699 [CVE+] XF38485
2007-4700 [CVE+] XF38486
2007-4701 [CVE+] XF38487
2007-4743 [CVE+] XF36437
PGP署名JVNCIAC-S-056.html.sig

登録日11:03 2007/11/24
更新日11:03 2007/11/24

Copyright(C) 2002-2009 Keio Univ. All rights reserved.