Alert GCSA-07075 - Vulnerabilita' multiple in Apple Mac OS X (Security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
*****************************************************************************
Alert ID : GCSA-07075
Data : 1 Agosto 2007
Titolo : Vulnerabilita' multiple in Apple Mac OS X (Security
Update 2007-007)
*****************************************************************************
:: Descrizione del problema:
Sono state riscontrate varie vulnerabilita' nel sistema operativo
Mac OS X 10.3.9 e 10.4.10 (client e Server); per risolverle la
Apple ha rilasciato il Security Update 2007-007.
Le vulnerabilita' riguardano le seguenti applicazioni:
* CFNetwork
* CoreAudio
* iChat
* mDNSResponder
* PDFKit
* Quartz Composer
* WebCore
* WebKit
* bzip2
* cscope
* gnuzip
* Kerberos
* PHP
* Samba
* SquirrelMail
* Tomcat
Per consultare il dettaglio delle singole vulnerabilita' fare
riferimento al documento "About Security Update 2007-007" sul sito
Apple http://docs.info.apple.com/article.html?artnum=306172
:: Piattaforme e Software interessati:
* Apple Mac OS X versione 10.3.9 e precedenti
* Apple Mac OS X Server versione 10.3.9 e precedenti
* Apple Mac OS X versione 10.4.10 e precedenti
* Apple Mac OS X Server versione 10.4.10 e precedenti
:: Impatto:
Esecuzione remota di codice arbitrario
Denial of Service
Bypass delle restrizioni di sicurezza
Information disclosure
:: Soluzione:
Applicare l'Apple Security Update 2007-007 attraverso lo strumento
Apple Update o da Apple Downloads:
http://www.apple.com/support/downloads/
:: Riferimenti:
Apple - About Security Update 2007-007:
http://docs.info.apple.com/article.html?artnum=306172
FrSirt:
http://www.frsirt.com/english/advisories/2007/2732
Secunia
http://secunia.com/advisories/26235/
Mitre's CVE ID:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0758
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2403
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2404
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3745
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3746
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3747
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0996
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2541
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0758
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3748
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2442
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2443
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2798
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3744
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2405
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1001
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1287
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1460
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1461
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1484
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1521
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1583
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1711
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1717
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2406
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2446
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2447
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2407
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3128
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2842
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3174
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4019
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6142
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1262
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2589
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2408
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0478
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2409
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2410
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3742
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3944
-----BEGIN PGP SIGNATURE-----
iQCVAwUBRrCZR/OB+SpikaiRAQK6CAP/Q89ZdV6dbwnnDEdma9eMznOqIMkB5Tcg
yVimHVxw2t8PNYoIUbxLJ5WH0BIkYhY8Isk300PmrOL6I3XkI76+MsRajhvGDe5b
+rmJncGmP6up7fWfi4x755w/nwlC6xOdI83jv2os0MliKOkfDdxLGQV5dcqjBxBr
43BJdgNdgRI=
=PCmX
-----END PGP SIGNATURE-----
Hash: SHA1
*****************************************************************************
Alert ID : GCSA-07075
Data : 1 Agosto 2007
Titolo : Vulnerabilita' multiple in Apple Mac OS X (Security
Update 2007-007)
*****************************************************************************
:: Descrizione del problema:
Sono state riscontrate varie vulnerabilita' nel sistema operativo
Mac OS X 10.3.9 e 10.4.10 (client e Server); per risolverle la
Apple ha rilasciato il Security Update 2007-007.
Le vulnerabilita' riguardano le seguenti applicazioni:
* CFNetwork
* CoreAudio
* iChat
* mDNSResponder
* PDFKit
* Quartz Composer
* WebCore
* WebKit
* bzip2
* cscope
* gnuzip
* Kerberos
* PHP
* Samba
* SquirrelMail
* Tomcat
Per consultare il dettaglio delle singole vulnerabilita' fare
riferimento al documento "About Security Update 2007-007" sul sito
Apple http://docs.info.apple.com/article.html?artnum=306172
:: Piattaforme e Software interessati:
* Apple Mac OS X versione 10.3.9 e precedenti
* Apple Mac OS X Server versione 10.3.9 e precedenti
* Apple Mac OS X versione 10.4.10 e precedenti
* Apple Mac OS X Server versione 10.4.10 e precedenti
:: Impatto:
Esecuzione remota di codice arbitrario
Denial of Service
Bypass delle restrizioni di sicurezza
Information disclosure
:: Soluzione:
Applicare l'Apple Security Update 2007-007 attraverso lo strumento
Apple Update o da Apple Downloads:
http://www.apple.com/support/downloads/
:: Riferimenti:
Apple - About Security Update 2007-007:
http://docs.info.apple.com/article.html?artnum=306172
FrSirt:
http://www.frsirt.com/english/advisories/2007/2732
Secunia
http://secunia.com/advisories/26235/
Mitre's CVE ID:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0758
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2403
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2404
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3745
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3746
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3747
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0996
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2541
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0758
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3748
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2442
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2443
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2798
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3744
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2405
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1001
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1287
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1460
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1461
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1484
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1521
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1583
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1711
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1717
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2406
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2446
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2447
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2407
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3128
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2842
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3174
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4019
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6142
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1262
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2589
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2408
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0478
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2409
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2410
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3742
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3944
-----BEGIN PGP SIGNATURE-----
iQCVAwUBRrCZR/OB+SpikaiRAQK6CAP/Q89ZdV6dbwnnDEdma9eMznOqIMkB5Tcg
yVimHVxw2t8PNYoIUbxLJ5WH0BIkYhY8Isk300PmrOL6I3XkI76+MsRajhvGDe5b
+rmJncGmP6up7fWfi4x755w/nwlC6xOdI83jv2os0MliKOkfDdxLGQV5dcqjBxBr
43BJdgNdgRI=
=PCmX
-----END PGP SIGNATURE-----