[Sunnet Alert] Advisory #211 - OS X, OpenBSD, Multiple News

Security and IT News Alerts alertmailinglist at skiifwrald.com
Fri Mar 16 01:13:20 EST 2007 

Sûnnet Beskerming Alert List Advisory #211

You are receiving this message because you have subscribed to our  
Information Security Alert Mailing List, or have been selected for a  
specific one-off copy.  If you believe that you are receiving this  
message in error, please contact info at beskerming.com to resolve the  
error.

Why not upgrade to get same day notification on security threats?   
Details and rates available online -
(http://www.beskerming.com/premium/generic_advisory.html).

Why not go the next step and get delivery tailored just for your  
company?
(http://www.beskerming.com/premium/focussed_advisory.html)


Contents
--------------------------------------------------------------------
1.	SECURITY
--------------------------------------------------------------------
1.1	OS X (Multiple)
	- Remote Hacker Automatic Control
	- Time Since Discovery - 1 Day
1.2	BSD
	- Remote Hacker Automatic Control
	- Time Since Discovery - 3 Days
=======================================

/*
	- Remote or Local - Can it be achieved through a network or does it  
require physical access?
	- Hacker - The bad guy
	- Manual or Automatic  - Does the vulnerability need to be manually  
performed, or can it be automated?
	- Control, Denial of Service or Data Theft - Will the hacker get  
control of your system / website, will they prevent you from using  
it, or will they steal data.
*/
--------------------------------------------------------------------
2.    NEWS
--------------------------------------------------------------------
2.1	No Microsoft Patch
=======================================

1.	SECURITY

1.1	OS X (Mulitple) - Remote Hacker Automatic Control

	-- Products Affected --
	OS X 10.4.8, 10.3.9 (Including server variants)

	-- Technical Description --
	ColorSync - Possible arbitrary code execution and denial of service  
when an image with a malicious Colorsync profile is viewed due to a  
stack buffer overflow.
	CoreGraphics - Denial of service due to viewing malformed PDF document.
	Crash Reporter - Privilege Escalation.
	CUPS - Denial of Service can be remotely engaged during SSL  
negotiation.
	Disk Images - Possible arbitrary code execution due to a malicious  
disk image (multiple vulnerabilities).
	DS Plug-Ins - Privilege escalation for unauthorised LDAP users.
	Flash Player - HTTP request splitting.
	GNU Tar - Multiple vulnerabilities, including arbitrary code execution
	HFS - Denial of service when removing files from a malicious  
filesystem mount.
	HID Family - Information leakage from console keyboard events.
	ImageIO - Malformed RAW image viewing can lead to arbitrary code  
execution.  A similar vulnerability exists with GIF files.
	Kernel - Denial of service due to memory exhaustion.  Other issues  
may lead to arbitrary code execution.
	MySQL Server - Multiple vulnerabilities, the most serious of which  
is arbitrary code execution.
	Networking - AppleTalk arbitrary code execution due to poor protocol  
handling
	OpenSSH - Several issues, including arbitrary remote code execution.
	Printing - Arbitrary file creation by unprivileged local user
	QuickDraw Manager - Arbitrary code execution due to heap buffer  
overflow when processing malicious PICT images.
	servermgrd - Unauthorised system access due to poor credential  
processing
	SMB File Server - Arbitrary code execution due to long ACL name issues
	Software Update - Arbitrary code execution when processing malicious  
software update catalog files.
	sudo - Arbitrary code execution
	WebLog - XSS through Blojsom (Server only)

	-- Description --
	Apple have released their third combined security patch release for  
2007, and have also taken the opportunity to release what appears to  
be the final point release for OS X 10.4, Tiger, with the release of  
the 10.4.9 update (which incorporates Security Update 2007-003).

	-- Recommended Action --
	Apply Security Update 2007-003 at the earliest opportunity, or apply  
the OS X 10.4.9 update to gain protection and added functionality  
(also available as a cumulative update for users of 10.4 systems  
still running before 10.4.8).

	-- Source --
	http://docs.info.apple.com/article.html?artnum=61798

	-- Threat Matrix --
			U	O
	Home User	10	10 (Highly Critical)
	Corporate	10	10 (Highly Critical)


1.2	BSD - Remote Hacker Automatic Control

	-- Products Affected --
	OpenBSD 4.1 and earlier

	-- Technical Description --
	Corrupted IPv6 packets could lead to remote system compromise  
(provided IPv6 support is enabled).  According to some researchers,  
it might be possible to launch a successful attack with a single  
ICMPv6 network packet.

	-- Description --
	The alternative Operating System, OpenBSD, has been found to be  
vulnerable to a networking issue, where a single piece of network  
traffic can lead to complete remote control of an affected system by  
an attacker.  While patches have been made available, there has been  
some concern that the nature of the vulnerability was not disclosed  
very well by the OpenBSD maintainers, and now that sample proof of  
concept exploit code has been made available, there is some risk for  
users of OpenBSD systems who have not patched their systems.

	-- Recommended Action --
	Apply the patch appropriate for the version of OpenBSD being used.   
Note that the 3.9 patch can be applied to earlier versions that do  
not have specific patches released.

	-- Source --
	http://www.coresecurity.com/?action=item&id=1703

	-- Threat Matrix --
			U	O
	Home User	9	9 (Critical)
	Corporate	9	9 (Critical)

=======================================
/*
Threat Matrix:
	U - User
	O - Operator
	Harmless - 0 ----- 10 - Highly Critical
*/
=======================================

2.	NEWS

2.1	No March Security Patches From Microsoft

Microsoft's monthly Security patch release cycle for March has come  
and gone, without the release of any patches for Microsoft operating  
systems or software.  This is in line with what they had pre- 
announced last week, but there was still the chance that patches  
could have been released for active '0-day' threats, of which there  
are several.

While Microsoft did not release any patches (though the ISC is  
claiming that a single Windows XP SP 2 patch was released), they did  
quietly release SP2 for the Windows 2003 server operating system, and  
Apple released a major update for their current operating system, OS  
X 10.4.


2.2	Windows 2003 Receives Second Service Pack

Operators and administrators of Windows 2003 systems should be busily  
applying the latest Service Pack release from Microsoft, which was  
released earlier this week.  While SP2 does incorporate a lot of  
existing patches, there are a couple of issues which do not appear to  
already have had patches issued from Microsoft.

While the release came with little fanfare (almost zero), it is  
considered fairly critical for administrators to apply this to their  
applicable systems.  At this stage there have not been any  
significant reports of difficulties applying the Service Pack.

=======================================

Sincerely,

Sûnnet Beskerming Team
info at beskerming.com
Sûnnet Beskerming Pty. Ltd.
Adelaide, Australia
http://www.beskerming.com
Tel: +61 (0) 410 707 444

** Sûnnet Beskerming Pty. Ltd. **

Established in mid 2004, Sûnnet Beskerming Pty. Ltd. is the sister  
company to Jongsma & Jongsma Pty. Ltd., and was formed to develop and  
commercialise the research coming out of Jongsma & Jongsma Pty. Ltd..  
Sûnnet Beskerming Pty. Ltd. is an Information Security specialist  
and, in conjunction with the tools developed by Jongsma & Jongsma  
Pty. Ltd., provides total security solutions and services, from the  
perimeter to internal data stores, including web application security  
and security testing and analysis.

More information about the Alertmailinglist mailing list