Alert GCSA-07039 - Vulnerabilita' multiple in Apple Mac OS X
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
*****************************************************************************
Alert ID : GCSA-07039
Data : 20 Aprile 2007
Titolo : Vulnerabilita' multiple in Apple Mac OS X
*****************************************************************************
:: Descrizione del problema:
Sono state riscontrate varie vulnerabilita' nel sistema operativo
Mac OS X sia nella versione Intel che PowerPC; per risolverle la
Apple ha rilasciato il Security Update 2007-004.
Le vulnerabilita' riguardano anche applicativi non Apple che sono
forniti a corredo del sistema quali:
* GNU Tar
* MIT Kerberos
* Fetchmail
:: Piattaforme e Software interessati:
* Apple Mac OS X versioni 10.3.x e 10.4.x
* Apple Mac OS X Server versioni 10.3.x e 10.4.x
:: Impatto:
Esecuzione remota di codice arbitrario
Denial of Service
Bypass delle restrizioni di sicurezza
:: Soluzione:
Applicare l'Apple Security Update 2007-004 attraverso Apple Update o
da Apple Downloads:
http://www.apple.com/support/downloads/
:: Riferimenti:
Apple - About Security Update 2007-002:
http://docs.info.apple.com/article.html?artnum=305391
FrSirt:
http://www.frsirt.com/english/advisories/2007/1470
US-CERT Technical Cyber Security Alert TA07-109A -
http://www.us-cert.gov/cas/techalerts/TA07-109A.html
Vulnerability notes for Apple Security Update 2007-004 -
http://www.kb.cert.org/vuls/byid?searchview&query=apple_2007-004
Mitre's CVE ID:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0300
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5867
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6143
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6652
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0022
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0465
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0646
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0724
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0725
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0729
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0732
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0734
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0735
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0736
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0737
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0738
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0739
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0741
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0742
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0743
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0744
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0746
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0747
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0957
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1216
-----BEGIN PGP SIGNATURE-----
iQCVAwUBRijMRvOB+SpikaiRAQJm4gP7B7nwRy5X4Ykszs2TesISaTnmw3P8i1TP
JyguwsSAQWyYqn+pijDSQOIh3yVEEi+FsllmJpzaRMBUAMU3wixWuldOfj2TnW/a
Vy6s0fsWTZGo76aC9dgf4egljvJeAegLj+PWEZ/C5V0AqkR71DvPvkZUa/fZAiSH
DJqARFtp7Nk=
=a9Pq
-----END PGP SIGNATURE-----
Hash: SHA1
*****************************************************************************
Alert ID : GCSA-07039
Data : 20 Aprile 2007
Titolo : Vulnerabilita' multiple in Apple Mac OS X
*****************************************************************************
:: Descrizione del problema:
Sono state riscontrate varie vulnerabilita' nel sistema operativo
Mac OS X sia nella versione Intel che PowerPC; per risolverle la
Apple ha rilasciato il Security Update 2007-004.
Le vulnerabilita' riguardano anche applicativi non Apple che sono
forniti a corredo del sistema quali:
* GNU Tar
* MIT Kerberos
* Fetchmail
:: Piattaforme e Software interessati:
* Apple Mac OS X versioni 10.3.x e 10.4.x
* Apple Mac OS X Server versioni 10.3.x e 10.4.x
:: Impatto:
Esecuzione remota di codice arbitrario
Denial of Service
Bypass delle restrizioni di sicurezza
:: Soluzione:
Applicare l'Apple Security Update 2007-004 attraverso Apple Update o
da Apple Downloads:
http://www.apple.com/support/downloads/
:: Riferimenti:
Apple - About Security Update 2007-002:
http://docs.info.apple.com/article.html?artnum=305391
FrSirt:
http://www.frsirt.com/english/advisories/2007/1470
US-CERT Technical Cyber Security Alert TA07-109A -
http://www.us-cert.gov/cas/techalerts/TA07-109A.html
Vulnerability notes for Apple Security Update 2007-004 -
http://www.kb.cert.org/vuls/byid?searchview&query=apple_2007-004
Mitre's CVE ID:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0300
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5867
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6143
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6652
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0022
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0465
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0646
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0724
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0725
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0729
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0732
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0734
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0735
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0736
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0737
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0738
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0739
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0741
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0742
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0743
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0744
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0746
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0747
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0957
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1216
-----BEGIN PGP SIGNATURE-----
iQCVAwUBRijMRvOB+SpikaiRAQJm4gP7B7nwRy5X4Ykszs2TesISaTnmw3P8i1TP
JyguwsSAQWyYqn+pijDSQOIh3yVEEi+FsllmJpzaRMBUAMU3wixWuldOfj2TnW/a
Vy6s0fsWTZGo76aC9dgf4egljvJeAegLj+PWEZ/C5V0AqkR71DvPvkZUa/fZAiSH
DJqARFtp7Nk=
=a9Pq
-----END PGP SIGNATURE-----