Apple Mac Os X Server vulnerabilities

CVE-2007-0721 [MEDIUM] CVE-2007-0721: Unspecified vulnerability in diskimages-helper in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allo Unspecified vulnerability in diskimages-helper in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote user-assisted attackers to execute arbitrary code via a crafted compressed disk image that triggers memory corruption.

CVE-2007-0722 [MEDIUM] CVE-2007-0722: Integer overflow in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote user-assisted attack Integer overflow in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote user-assisted attackers to execute arbitrary code via a crafted AppleSingleEncoding disk image.

CVE-2007-1071 [HIGH] CVE-2007-1071: Integer overflow in the gifGetBandProc function in ImageIO in Apple Mac OS X 10.4.8 allows remote at Integer overflow in the gifGetBandProc function in ImageIO in Apple Mac OS X 10.4.8 allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image that triggers the overflow during decompression. NOTE: this is a different issue than CVE-2006-3502 and CVE-2006-3503.

CVE-2007-0897 [HIGH] CWE-772 CVE-2007-0897: Clam AntiVirus ClamAV before 0.90 does not close open file descriptors under certain conditions, whi Clam AntiVirus ClamAV before 0.90 does not close open file descriptors under certain conditions, which allows remote attackers to cause a denial of service (file descriptor consumption and failed scans) via CAB archives with a cabinet header record length of zero, which causes a function to return without closing a file descriptor.

CVE-2007-0229 [HIGH] CVE-2007-0229: Integer overflow in the ffs_mountfs function in Mac OS X 10.4.8 and FreeBSD 6.1 allows local users t Integer overflow in the ffs_mountfs function in Mac OS X 10.4.8 and FreeBSD 6.1 allows local users to cause a denial of service (panic) and possibly gain privileges via a crafted DMG image that causes "allocation of a negative size buffer" leading to a heap-based buffer overflow, a related issue to CVE-2006-5679. NOTE: a third party states that this issue does

CVE-2007-0117 [CRITICAL] CVE-2007-0117: DiskManagementTool in the DiskManagement.framework 92.29 on Mac OS X 10.4.8 does not properly valida DiskManagementTool in the DiskManagement.framework 92.29 on Mac OS X 10.4.8 does not properly validate Bill of Materials (BOM) files, which allows attackers to gain privileges via a BOM file under /Library/Receipts/, which triggers arbitrary file permission changes upon execution of a diskutil permission repair operation.

CVE-2006-5681 [LOW] CVE-2006-5681: QuickTime for Java on Mac OS X 10.4 through 10.4.8, when used with Quartz Composer, allows remote at QuickTime for Java on Mac OS X 10.4 through 10.4.8, when used with Quartz Composer, allows remote attackers to obtain sensitive information (screen images) via a Java applet that accesses images that are being rendered by other embedded QuickTime objects.

CVE-2006-6353 [MEDIUM] CVE-2006-6353: Multiple unspecified vulnerabilities in BOMArchiveHelper in Mac OS X allow user-assisted remote atta Multiple unspecified vulnerabilities in BOMArchiveHelper in Mac OS X allow user-assisted remote attackers to cause a denial of service (application crash) via unspecified vectors related to (1) certain KERN_PROTECTION_FAILURE thread crashes and (2) certain KERN_INVALID_ADDRESS thread crashes, as discovered with the "iSec Partners FileP fuzzer".

CVE-2006-6129 [MEDIUM] CVE-2006-6129: Integer overflow in the fatfile_getarch2 in Apple Mac OS X allows local users to cause a denial of s Integer overflow in the fatfile_getarch2 in Apple Mac OS X allows local users to cause a denial of service and possibly execute arbitrary code via a crafted Mach-O Universal program that triggers memory corruption.

CVE-2006-6127 [LOW] CVE-2006-6127: Apple Mac OS X kernel allows local users to cause a denial of service via a process that uses kevent Apple Mac OS X kernel allows local users to cause a denial of service via a process that uses kevent to register a queue and an event, then fork a child process that uses kevent to register an event for the same queue as the parent.

CVE-2006-6126 [LOW] CVE-2006-6126: Apple Mac OS X allows local users to cause a denial of service (memory corruption) via a crafted Mac Apple Mac OS X allows local users to cause a denial of service (memory corruption) via a crafted Mach-O binary with a malformed load_command data structure.

CVE-2006-6061 [CRITICAL] CVE-2006-6061: com.apple.AppleDiskImageController in Apple Mac OS X 10.4.8, and possibly other versions, allows rem com.apple.AppleDiskImageController in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attackers to execute arbitrary code via a malformed DMG image that triggers memory corruption. NOTE: the severity of this issue has been disputed by a third party, who states that the impact is limited to a denial of service (kernel panic) due to a vm_fau

CVE-2006-6062 [MEDIUM] CVE-2006-6062: Unspecified vulnerability in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attac Unspecified vulnerability in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attackers to cause a denial of service (crash) via a malformed UDTO HFS+ disk image, such as with "bad sectors," which triggers memory corruption.

CVE-2006-5051 [HIGH] CWE-415 CVE-2006-5051: Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of ser Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free.

CVE-2006-3507 [HIGH] CVE-2006-3507: Multiple stack-based buffer overflows in the AirPort wireless driver on Apple Mac OS X 10.3.9 and 10 Multiple stack-based buffer overflows in the AirPort wireless driver on Apple Mac OS X 10.3.9 and 10.4.7 allow physically proximate attackers to execute arbitrary code by injecting crafted frames into a wireless network.

CVE-2006-3508 [HIGH] CVE-2006-3508: Heap-based buffer overflow in the AirPort wireless driver on Apple Mac OS X 10.4.7 allows physically Heap-based buffer overflow in the AirPort wireless driver on Apple Mac OS X 10.4.7 allows physically proximate attackers to cause a denial of service (crash), gain privileges, and execute arbitrary code via a crafted frame that is not properly handled during scan cache updates.

CVE-2006-3509 [HIGH] CVE-2006-3509: Integer overflow in the API for the AirPort wireless driver on Apple Mac OS X 10.4.7 might allow phy Integer overflow in the API for the AirPort wireless driver on Apple Mac OS X 10.4.7 might allow physically proximate attackers to cause a denial of service (crash) or execute arbitrary code in third-party wireless software that uses the API via crafted frames.

CVE-2006-4866 [MEDIUM] CVE-2006-4866: Buffer overflow in kextload in Apple OS X, as used by TDIXSupport in Roxio Toast Titanium and possib Buffer overflow in kextload in Apple OS X, as used by TDIXSupport in Roxio Toast Titanium and possibly other products, allows local users to execute arbitrary code via a long extension argument.

CVE-2006-4095 [HIGH] CWE-617 CVE-2006-4095: BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to cause a denial of service BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to cause a denial of service (crash) via certain SIG queries, which cause an assertion failure when multiple RRsets are returned.

CVE-2006-3506 [MEDIUM] CVE-2006-3506: Buffer overflow in the Xsan Filesystem driver on Mac OS X 10.4.7 and OS X Server 10.4.7 allows local Buffer overflow in the Xsan Filesystem driver on Mac OS X 10.4.7 and OS X Server 10.4.7 allows local users with Xsan write access, to execute arbitrary code via unspecified vectors related to "processing a path name."