Alert GCSA-07048 - Vulnerabilita' multiple in Apple Mac OS X (Security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
*****************************************************************************
Alert ID : GCSA-07048
Data : 25 Maggio 2007
Titolo : Vulnerabilita' multiple in Apple Mac OS X (Security Update
2007-005)
*****************************************************************************
:: Descrizione del problema:
Sono state riscontrate varie vulnerabilita' nel sistema operativo
Mac OS X 10.3.9 e 10.4.9 (client e Server); per risolverle la
Apple ha rilasciato il Security Update 2007-005.
Le vulnerabilita' riguardano le seguenti applicazioni:
* Alias Manager
* BIND
* CoreGraphics
* crontabs
* fetchmail
* file
* iChat
* mDNSResponder
* PPP
* ruby
* screen
* texinfo
* VPN
Per consultare il dettaglio delle singole vulnerabilita' fare
riferimento al documento "About Security Update 2007-005" sul sito
Apple http://docs.info.apple.com/article.html?artnum=305530
:: Piattaforme e Software interessati:
* Apple Mac OS X versione 10.3.9
* Apple Mac OS X Server versione 10.3.9
* Apple Mac OS X versione 10.4.9
* Apple Mac OS X Server versione 10.4.9
:: Impatto:
Esecuzione remota di codice arbitrario
Denial of Service
Bypass delle restrizioni di sicurezza
Information disclosure
:: Soluzione:
Applicare l'Apple Security Update 2007-005 attraverso lo strumento
Apple Update o da Apple Downloads:
http://www.apple.com/support/downloads/
:: Riferimenti:
Apple - About Security Update 2007-005:
http://docs.info.apple.com/article.html?artnum=305530
FrSirt:
http://www.frsirt.com/english/advisories/2007/1939
iDefense Lab - Mac OS X pppd Plugin Loading Privilege Escalation Vuln.
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=537
Mitre's CVE ID:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0740
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0493
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0494
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0495
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0496
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0750
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0751
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1558
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1536
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2390
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2386
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0752
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5467
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6303
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4573
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3011
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0753
-----BEGIN PGP SIGNATURE-----
iQCVAwUBRlaiNfOB+SpikaiRAQJXSgP/XurmgRXrwJUPWzgniB4x1JfCGlZIoSrS
CW+yuU1kAxJEmRUZYEXkOEz+Wb1yU8ihaGx9VMjUHIwkCZ02aV74sxlMt/xUnIYx
LJyJs0GPYzSIyWs/6RR2O6ExpZ4kMg45jD37SGst3/6CDHrAL61RR1UBuhMKUrr9
YYLoZYi5u38=
=vdo9
-----END PGP SIGNATURE-----
Hash: SHA1
*****************************************************************************
Alert ID : GCSA-07048
Data : 25 Maggio 2007
Titolo : Vulnerabilita' multiple in Apple Mac OS X (Security Update
2007-005)
*****************************************************************************
:: Descrizione del problema:
Sono state riscontrate varie vulnerabilita' nel sistema operativo
Mac OS X 10.3.9 e 10.4.9 (client e Server); per risolverle la
Apple ha rilasciato il Security Update 2007-005.
Le vulnerabilita' riguardano le seguenti applicazioni:
* Alias Manager
* BIND
* CoreGraphics
* crontabs
* fetchmail
* file
* iChat
* mDNSResponder
* PPP
* ruby
* screen
* texinfo
* VPN
Per consultare il dettaglio delle singole vulnerabilita' fare
riferimento al documento "About Security Update 2007-005" sul sito
Apple http://docs.info.apple.com/article.html?artnum=305530
:: Piattaforme e Software interessati:
* Apple Mac OS X versione 10.3.9
* Apple Mac OS X Server versione 10.3.9
* Apple Mac OS X versione 10.4.9
* Apple Mac OS X Server versione 10.4.9
:: Impatto:
Esecuzione remota di codice arbitrario
Denial of Service
Bypass delle restrizioni di sicurezza
Information disclosure
:: Soluzione:
Applicare l'Apple Security Update 2007-005 attraverso lo strumento
Apple Update o da Apple Downloads:
http://www.apple.com/support/downloads/
:: Riferimenti:
Apple - About Security Update 2007-005:
http://docs.info.apple.com/article.html?artnum=305530
FrSirt:
http://www.frsirt.com/english/advisories/2007/1939
iDefense Lab - Mac OS X pppd Plugin Loading Privilege Escalation Vuln.
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=537
Mitre's CVE ID:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0740
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0493
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0494
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0495
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0496
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0750
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0751
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1558
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1536
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2390
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2386
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0752
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5467
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6303
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4573
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3011
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0753
-----BEGIN PGP SIGNATURE-----
iQCVAwUBRlaiNfOB+SpikaiRAQJXSgP/XurmgRXrwJUPWzgniB4x1JfCGlZIoSrS
CW+yuU1kAxJEmRUZYEXkOEz+Wb1yU8ihaGx9VMjUHIwkCZ02aV74sxlMt/xUnIYx
LJyJs0GPYzSIyWs/6RR2O6ExpZ4kMg45jD37SGst3/6CDHrAL61RR1UBuhMKUrr9
YYLoZYi5u38=
=vdo9
-----END PGP SIGNATURE-----