Apple Mac Os X Server vulnerabilities

CVE-2008-2330 [MEDIUM] CWE-200 CVE-2008-2330: slapconfig in Directory Services in Apple Mac OS X 10.5 through 10.5.4 allows local users to select slapconfig in Directory Services in Apple Mac OS X 10.5 through 10.5.4 allows local users to select a readable output file into which the server password will be written by an OpenLDAP system administrator, related to the mkfifo function, aka an "insecure file operation issue."

CVE-2008-3611 [MEDIUM] CWE-287 CVE-2008-3611: Login Window in Apple Mac OS X 10.4.11 does not clear the current password when a user makes a passw Login Window in Apple Mac OS X 10.4.11 does not clear the current password when a user makes a password-change attempt that is denied by policy, which allows opportunistic, physically proximate attackers to bypass authentication and change this user's password by later entering an acceptable new password on the same login screen.

CVE-2008-3619 [LOW] CWE-264 CVE-2008-3619: Time Machine in Apple Mac OS X 10.5 through 10.5.4 uses weak permissions for Time Machine Backup log Time Machine in Apple Mac OS X 10.5 through 10.5.4 uses weak permissions for Time Machine Backup log files, which allows local users to obtain sensitive information by reading these files.

CVE-2008-2329 [LOW] CWE-200 CVE-2008-2329: Directory Services in Apple Mac OS X 10.5 through 10.5.4, when Active Directory is used, allows atta Directory Services in Apple Mac OS X 10.5 through 10.5.4, when Active Directory is used, allows attackers to enumerate user names via wildcard characters in the Login Window.

CVE-2008-2324 [MEDIUM] CWE-264 CVE-2008-2324: The Repair Permissions tool in Disk Utility in Apple Mac OS X 10.4.11 adds the setuid bit to the ema The Repair Permissions tool in Disk Utility in Apple Mac OS X 10.4.11 adds the setuid bit to the emacs executable file, which allows local users to gain privileges by executing commands within emacs.

CVE-2008-2311 [HIGH] CWE-59 CVE-2008-2311: Launch Services in Apple Mac OS X before 10.5, when Open Safe Files is enabled, allows remote attack Launch Services in Apple Mac OS X before 10.5, when Open Safe Files is enabled, allows remote attackers to execute arbitrary code via a symlink attack, probably related to a race condition and automatic execution of a downloaded file.

CVE-2008-2309 [MEDIUM] CWE-264 CVE-2008-2309: Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.5.4 allows user-assisted Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.5.4 allows user-assisted remote attackers to execute arbitrary code via a (1) .xht or (2) .xhtm file, which does not trigger a "potentially unsafe" warning message in (a) the Download Validation feature in Mac OS X 10.4 or (b) the Quarantine feature in Mac OS X 10.5.

CVE-2008-2314 [MEDIUM] CWE-264 CVE-2008-2314: Dock in Apple Mac OS X 10.5 before 10.5.4, when Exposé hot corners is enabled, allows physically pro Dock in Apple Mac OS X 10.5 before 10.5.4, when Exposé hot corners is enabled, allows physically proximate attackers to gain access to a locked session in (1) sleep mode or (2) screen saver mode via unspecified vectors.

CVE-2008-2310 [MEDIUM] CWE-134 CVE-2008-2310: Format string vulnerability in c++filt in Apple Mac OS X 10.5 before 10.5.4 allows user-assisted att Format string vulnerability in c++filt in Apple Mac OS X 10.5 before 10.5.4 allows user-assisted attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string in (1) C++ or (2) Java source code.

CVE-2008-2313 [MEDIUM] CWE-264 CVE-2008-2313: Apple Mac OS X before 10.5 uses weak permissions for the User Template directory, which allows local Apple Mac OS X before 10.5 uses weak permissions for the User Template directory, which allows local users to gain privileges by inserting a Trojan horse file into this directory.

CVE-2008-2308 [MEDIUM] CWE-264 CVE-2008-2308: Unspecified vulnerability in Alias Manager in Apple Mac OS X 10.5.1 and earlier on Intel platforms a Unspecified vulnerability in Alias Manager in Apple Mac OS X 10.5.1 and earlier on Intel platforms allows local users to gain privileges or cause a denial of service (memory corruption and application crash) by resolving an alias that contains crafted AFP volume mount information.

CVE-2008-1577 [CRITICAL] CVE-2008-1577: Unspecified vulnerability in the Pixlet codec in Apple Pixlet Video in Apple Mac OS X before 10.5.3 Unspecified vulnerability in the Pixlet codec in Apple Pixlet Video in Apple Mac OS X before 10.5.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file, related to "multiple memory corruption issues."

CVE-2008-1031 [CRITICAL] CWE-119 CVE-2008-1031: CoreGraphics in Apple Mac OS X before 10.5.3 allows remote attackers to execute arbitrary code or ca CoreGraphics in Apple Mac OS X before 10.5.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document, related to an uninitialized variable.

CVE-2008-1030 [CRITICAL] CWE-20 CVE-2008-1030: Integer overflow in the CFDataReplaceBytes function in the CFData API in CoreFoundation in Apple Mac Integer overflow in the CFDataReplaceBytes function in the CFData API in CoreFoundation in Apple Mac OS X before 10.5.3 allows context-dependent attackers to execute arbitrary code or cause a denial of service (crash) via an invalid length argument, which triggers a heap-based buffer overflow.

CVE-2008-1574 [CRITICAL] CWE-119 CVE-2008-1574: Integer overflow in ImageIO in Apple Mac OS X before 10.5.3 allows remote attackers to execute arbit Integer overflow in ImageIO in Apple Mac OS X before 10.5.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG2000 image that triggers a heap-based buffer overflow.

CVE-2008-1028 [CRITICAL] CWE-20 CVE-2008-1028: Unspecified vulnerability in AppKit in Apple Mac OS X before 10.5 allows user-assisted remote attack Unspecified vulnerability in AppKit in Apple Mac OS X before 10.5 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document file, as demonstrated by opening the document with TextEdit.

CVE-2008-1575 [CRITICAL] CWE-399 CVE-2008-1575: Unspecified vulnerability in the Apple Type Services (ATS) server in Apple Mac OS X 10.5 before 10.5 Unspecified vulnerability in the Apple Type Services (ATS) server in Apple Mac OS X 10.5 before 10.5.3 allows user-assisted remote attackers to execute arbitrary code via a crafted embedded font in a PDF document, related to memory corruption that occurs during printing.

CVE-2008-1573 [HIGH] CWE-119 CVE-2008-1573: The BMP and GIF image decoding engine in ImageIO in Apple Mac OS X before 10.5.3 allows remote attac The BMP and GIF image decoding engine in ImageIO in Apple Mac OS X before 10.5.3 allows remote attackers to obtain sensitive information (memory contents) via a crafted (1) BMP or (2) GIF image, which causes an out-of-bounds read.

CVE-2008-1572 [MEDIUM] CWE-264 CVE-2008-1572: Image Capture in Apple Mac OS X before 10.5 does not properly use temporary files, which allows loca Image Capture in Apple Mac OS X before 10.5 does not properly use temporary files, which allows local users to overwrite arbitrary files, and display images that are being resized by this application.

CVE-2008-1579 [MEDIUM] CWE-200 CVE-2008-1579: Wiki Server in Apple Mac OS X 10.5 before 10.5.3 allows remote attackers to obtain sensitive informa Wiki Server in Apple Mac OS X 10.5 before 10.5.3 allows remote attackers to obtain sensitive information (user names) by reading the error message produced upon access to a nonexistent blog.