Apple Mac Os X Server vulnerabilities

CVE-2010-0057 [HIGH] CWE-264 CVE-2010-0057: AFP Server in Apple Mac OS X before 10.6.3 does not prevent guest use of AFP shares when guest acces AFP Server in Apple Mac OS X before 10.6.3 does not prevent guest use of AFP shares when guest access is disabled, which allows remote attackers to bypass intended access restrictions via a mount request.

CVE-2010-0509 [HIGH] CWE-264 CVE-2010-0509: SFLServer in OS Services in Apple Mac OS X before 10.6.3 allows local users to gain privileges via v SFLServer in OS Services in Apple Mac OS X before 10.6.3 allows local users to gain privileges via vectors related to use of wheel group membership during access to the home directories of user accounts.

CVE-2010-0524 [HIGH] CWE-264 CVE-2010-0524: The default configuration of the FreeRADIUS server in Apple Mac OS X Server before 10.6.3 permits EA The default configuration of the FreeRADIUS server in Apple Mac OS X Server before 10.6.3 permits EAP-TLS authenticated connections on the basis of an arbitrary client certificate, which allows remote attackers to obtain network connectivity via a crafted RADIUS Access Request message.

CVE-2010-0504 [HIGH] CWE-119 CVE-2010-0504: Multiple stack-based buffer overflows in iChat Server in Apple Mac OS X Server before 10.6.3 allow r Multiple stack-based buffer overflows in iChat Server in Apple Mac OS X Server before 10.6.3 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.

CVE-2010-0056 [MEDIUM] CWE-119 CVE-2010-0056: Buffer overflow in Cocoa spell checking in AppKit in Apple Mac OS X 10.5.8 allows user-assisted remo Buffer overflow in Cocoa spell checking in AppKit in Apple Mac OS X 10.5.8 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document.

CVE-2010-0065 [MEDIUM] CWE-119 CVE-2010-0065: Disk Images in Apple Mac OS X before 10.6.3 allows user-assisted remote attackers to execute arbitra Disk Images in Apple Mac OS X before 10.6.3 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted disk image with bzip2 compression.

CVE-2010-0507 [MEDIUM] CWE-119 CVE-2010-0507: Buffer overflow in Image RAW in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbi Buffer overflow in Image RAW in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PEF image.

CVE-2010-0064 [MEDIUM] CWE-264 CVE-2010-0064: DesktopServices in Apple Mac OS X 10.6 before 10.6.3 preserves file ownership during an authenticate DesktopServices in Apple Mac OS X 10.6 before 10.6.3 preserves file ownership during an authenticated Finder copy, which might allow local users to bypass intended disk-quota restrictions and have unspecified other impact by copying files owned by other users.

CVE-2010-0521 [MEDIUM] CWE-287 CVE-2010-0521: Server Admin in Apple Mac OS X Server before 10.6.3 does not properly enforce authentication for dir Server Admin in Apple Mac OS X Server before 10.6.3 does not properly enforce authentication for directory binding, which allows remote attackers to obtain potentially sensitive information from Open Directory via unspecified LDAP requests.

CVE-2010-0059 [MEDIUM] CWE-119 CVE-2010-0059: CoreAudio in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause CoreAudio in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted audio content with QDM2 encoding, which triggers a buffer overflow due to inconsistent length fields, related to QDCA.

CVE-2010-0506 [MEDIUM] CWE-119 CVE-2010-0506: Buffer overflow in Image RAW in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary c Buffer overflow in Image RAW in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted NEF image.

CVE-2010-0501 [MEDIUM] CWE-22 CVE-2010-0501: Directory traversal vulnerability in FTP Server in Apple Mac OS X Server before 10.6.3 allows remote Directory traversal vulnerability in FTP Server in Apple Mac OS X Server before 10.6.3 allows remote authenticated users to read arbitrary files via crafted filenames.

CVE-2010-0523 [MEDIUM] CWE-200 CVE-2010-0523: Wiki Server in Apple Mac OS X 10.5.8 does not restrict the file types of uploaded files, which allow Wiki Server in Apple Mac OS X 10.5.8 does not restrict the file types of uploaded files, which allows remote attackers to obtain sensitive information or possibly have unspecified other impact via a crafted file, as demonstrated by a Java applet.

CVE-2010-0518 [MEDIUM] CWE-119 CVE-2010-0518: QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with Sorenson encoding.

CVE-2010-0060 [MEDIUM] CWE-119 CVE-2010-0060: CoreAudio in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause CoreAudio in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted audio content with QDMC encoding.

CVE-2010-0517 [MEDIUM] CWE-119 CVE-2010-0517: Heap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to e Heap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with M-JPEG encoding, which causes QuickTime to calculate a buffer size using height and width fields, but to use a different field to control the length of

CVE-2010-0502 [MEDIUM] CVE-2010-0502: iChat Server in Apple Mac OS X Server before 10.6.3, when group chat is used, does not perform loggi iChat Server in Apple Mac OS X Server before 10.6.3, when group chat is used, does not perform logging for all types of messages, which might allow remote attackers to avoid message auditing via an unspecified selection of message type.

CVE-2010-0519 [MEDIUM] CWE-189 CVE-2010-0519: Integer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arb Integer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a FlashPix image with a malformed SubImage Header Stream containing a NumberOfTiles field with a large value.

CVE-2010-0526 [MEDIUM] CWE-119 CVE-2010-0526: Heap-based buffer overflow in QuickTimeMPEG.qtx in QuickTime in Apple Mac OS X before 10.6.3 allows Heap-based buffer overflow in QuickTimeMPEG.qtx in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted genl atom in a QuickTime movie file with MPEG encoding, which is not properly handled during decompression.

CVE-2010-0505 [MEDIUM] CWE-119 CVE-2010-0505: Heap-based buffer overflow in ImageIO in Apple Mac OS X before 10.6.3 allows remote attackers to exe Heap-based buffer overflow in ImageIO in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JP2 (JPEG2000) image, related to incorrect calculation and the CGImageReadGetBytesAtOffset function.