Alert GCSA-07114 - Vulnerabilita' in Apple Mac OS X (Security Update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
*****************************************************************************
Alert ID : GCSA-07114
Data : 16 Novembre 2007
Titolo : Vulnerabilita' in Apple Mac OS X (Security Update 2007-008)
*****************************************************************************
:: Descrizione del problema
Sono state riscontrate varie vulnerabilita' nel sistema operativo
Mac OS X 10.3.9 e 10.4.10 (client e Server); per risolverle la
Apple ha rilasciato il Security Update 2007-008.
Le vulnerabilita' riguardano le seguenti applicazioni:
* Flash Player Plug-in
* AppleRAID
* BIND
* bzip2
* CFFTP
* CFNetwork
* CoreFoundation
* CoreText
* Kerberos
* Kernel
* remote_cmds
* Networking
* NFS
* NSURL
* Safari
* SecurityAgent
* WebCore
* WebKit
Per consultare il dettaglio delle singole vulnerabilita' fare
riferimento al documento "About Security Update 2007-008"
sul sito Apple
http://docs.info.apple.com/article.html?artnum=307041
:: Piattaforme e Software interessati
Apple Mac OS X versione 10.3.9 e precedenti
Apple Mac OS X Server versione 10.3.9 e precedenti
Apple Mac OS X versione 10.4.10 e precedenti
Apple Mac OS X Server versione 10.4.10 e precedenti
:: Impatto
Esecuzione remota di codice arbitrario
Denial of Service
Bypass delle restrizioni di sicurezza
Information disclosure
Cross-site scripting
Spoofing
Privilege escalation
Accesso al sistema
:: Soluzione
Applicare l'Apple Security Update 2007-008 attraverso lo strumento
Apple Update o da Apple Downloads:
http://www.apple.com/support/downloads/
:: Riferimenti
Apple - About Security Update 2007-008
http://docs.info.apple.com/article.html?artnum=307041
FrSirt
http://www.frsirt.com/english/advisories/2007/3868
Secunia
http://secunia.com/advisories/27643
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0953
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1260
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0464
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0646
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2926
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3456
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3749
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3756
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3758
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3760
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3999
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4267
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4268
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4269
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4671
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4678
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4679
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4680
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4681
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4682
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4683
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4684
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4685
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4686
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4687
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4688
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4689
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4690
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4691
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4692
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4693
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4694
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4695
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4696
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4697
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4698
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4699
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4700
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4701
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4743
-----BEGIN PGP SIGNATURE-----
iQCVAwUBRz28CPOB+SpikaiRAQL2iAP+MgyG2eTJIx527Hs12T9SrN1+sjPzPYCo
6TJPxcGX3L4F86uKjrzNDU2iQ6IGkGBCsa4OznQNnz/pHMRdZMRMfypEzZLf7iLJ
b0v3sb0xIG36pLUSgGyu0I9mvVM0QHYn2++e+p54VCr4sQHDdCiAmD+1YteuyXms
XrtB57wr3pQ=
=+rm3
-----END PGP SIGNATURE-----
Hash: SHA1
*****************************************************************************
Alert ID : GCSA-07114
Data : 16 Novembre 2007
Titolo : Vulnerabilita' in Apple Mac OS X (Security Update 2007-008)
*****************************************************************************
:: Descrizione del problema
Sono state riscontrate varie vulnerabilita' nel sistema operativo
Mac OS X 10.3.9 e 10.4.10 (client e Server); per risolverle la
Apple ha rilasciato il Security Update 2007-008.
Le vulnerabilita' riguardano le seguenti applicazioni:
* Flash Player Plug-in
* AppleRAID
* BIND
* bzip2
* CFFTP
* CFNetwork
* CoreFoundation
* CoreText
* Kerberos
* Kernel
* remote_cmds
* Networking
* NFS
* NSURL
* Safari
* SecurityAgent
* WebCore
* WebKit
Per consultare il dettaglio delle singole vulnerabilita' fare
riferimento al documento "About Security Update 2007-008"
sul sito Apple
http://docs.info.apple.com/article.html?artnum=307041
:: Piattaforme e Software interessati
Apple Mac OS X versione 10.3.9 e precedenti
Apple Mac OS X Server versione 10.3.9 e precedenti
Apple Mac OS X versione 10.4.10 e precedenti
Apple Mac OS X Server versione 10.4.10 e precedenti
:: Impatto
Esecuzione remota di codice arbitrario
Denial of Service
Bypass delle restrizioni di sicurezza
Information disclosure
Cross-site scripting
Spoofing
Privilege escalation
Accesso al sistema
:: Soluzione
Applicare l'Apple Security Update 2007-008 attraverso lo strumento
Apple Update o da Apple Downloads:
http://www.apple.com/support/downloads/
:: Riferimenti
Apple - About Security Update 2007-008
http://docs.info.apple.com/article.html?artnum=307041
FrSirt
http://www.frsirt.com/english/advisories/2007/3868
Secunia
http://secunia.com/advisories/27643
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0953
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1260
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0464
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0646
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2926
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3456
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3749
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3756
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3758
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3760
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3999
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4267
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4268
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4269
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4671
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4678
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4679
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4680
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4681
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4682
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4683
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4684
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4685
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4686
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4687
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4688
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4689
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4690
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4691
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4692
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4693
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4694
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4695
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4696
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4697
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4698
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4699
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4700
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4701
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4743
-----BEGIN PGP SIGNATURE-----
iQCVAwUBRz28CPOB+SpikaiRAQL2iAP+MgyG2eTJIx527Hs12T9SrN1+sjPzPYCo
6TJPxcGX3L4F86uKjrzNDU2iQ6IGkGBCsa4OznQNnz/pHMRdZMRMfypEzZLf7iLJ
b0v3sb0xIG36pLUSgGyu0I9mvVM0QHYn2++e+p54VCr4sQHDdCiAmD+1YteuyXms
XrtB57wr3pQ=
=+rm3
-----END PGP SIGNATURE-----