Apple Mac Os X Server vulnerabilities

CVE-2005-2739 [LOW] CVE-2005-2739: Keychain Access in Mac OS X 10.4.2 and earlier keeps a password visible even if a keychain times out Keychain Access in Mac OS X 10.4.2 and earlier keeps a password visible even if a keychain times out while the password is being viewed, which could allow attackers with physical access to obtain the password.

CVE-2005-2741 [HIGH] CWE-264 CVE-2005-2741: Authorization Services in securityd for Apple Mac OS X 10.3.9 allows local users to gain privileges Authorization Services in securityd for Apple Mac OS X 10.3.9 allows local users to gain privileges by granting themselves certain rights that should be restricted to administrators.

CVE-2005-2743 [HIGH] CVE-2005-2743: The Java extensions for QuickTime 6.52 and earlier in Apple Mac OS X 10.3.9 allow untrusted applets The Java extensions for QuickTime 6.52 and earlier in Apple Mac OS X 10.3.9 allow untrusted applets to call arbitrary functions in system libraries, which allows remote attackers to execute arbitrary code.

CVE-2005-2742 [MEDIUM] CVE-2005-2742: SecurityAgent in Apple Mac OS X 10.4.2, under certain circumstances, can cause the "Switch User..." SecurityAgent in Apple Mac OS X 10.4.2, under certain circumstances, can cause the "Switch User..." button to appear even though the "Enable fast user switching" setting is disabled, which can allow attackers with physical access to gain access to the desktop and bypass the "Require password to wake this computer from sleep or screen saver" setting.

CVE-2005-2524 [MEDIUM] CVE-2005-2524: Safari after 2.0 in Apple Mac OS X 10.3.9 allows remote attackers to bypass domain restrictions via Safari after 2.0 in Apple Mac OS X 10.3.9 allows remote attackers to bypass domain restrictions via crafted web archives that cause Safari to render them as if they came from a different site.

CVE-2005-2746 [MEDIUM] CVE-2005-2746: Mail.app in Mail for Apple Mac OS X 10.3.9 and 10.4.2 includes message contents when using auto-repl Mail.app in Mail for Apple Mac OS X 10.3.9 and 10.4.2 includes message contents when using auto-reply rules, which could cause Mail.app to include decrypted message contents for encrypted messages.

CVE-2005-2745 [MEDIUM] CVE-2005-2745: Mail.app in Mail for Apple Mac OS X 10.3.9, when using Kerberos 5 for SMTP authentication, can inclu Mail.app in Mail for Apple Mac OS X 10.3.9, when using Kerberos 5 for SMTP authentication, can include uninitialized memory in a message, which might allow remote attackers to obtain sensitive information.

CVE-2005-2747 [HIGH] CVE-2005-2747: Buffer overflow in ImageIO for Apple Mac OS X 10.4.2, as used by applications such as WebCore and Sa Buffer overflow in ImageIO for Apple Mac OS X 10.4.2, as used by applications such as WebCore and Safari, allows remote attackers to execute arbitrary code via a crafted GIF file.

CVE-2005-2744 [MEDIUM] CVE-2005-2744: Buffer overflow in QuickDraw Manager for Apple OS X 10.3.9 and 10.4.2, as used by applications such Buffer overflow in QuickDraw Manager for Apple OS X 10.3.9 and 10.4.2, as used by applications such as Safari, Mail, and Finder, allows remote attackers to execute arbitrary code via a crafted PICT file.

CVE-2005-2748 [LOW] CVE-2005-2748: The malloc function in the libSystem library in Apple Mac OS X 10.3.9 and 10.4.2 allows local users The malloc function in the libSystem library in Apple Mac OS X 10.3.9 and 10.4.2 allows local users to overwrite arbitrary files by setting the MallocLogFile environment variable to the target file before running a setuid application.

CVE-2005-2511 [CRITICAL] CVE-2005-2511: Unknown vulnerability in Mac OS X 10.4.2 and earlier, when using Kerberos authentication with LDAP, Unknown vulnerability in Mac OS X 10.4.2 and earlier, when using Kerberos authentication with LDAP, allows attackers to gain access to a root Terminal window.

CVE-2005-2507 [HIGH] CVE-2005-2507: Buffer overflow in Directory Services in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to execu Buffer overflow in Directory Services in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to execute arbitrary code during authentication.

CVE-2005-2501 [HIGH] CVE-2005-2501: Buffer overflow in AppKit for Mac OS X 10.3.9 and 10.4.2 allows external user-assisted attackers to Buffer overflow in AppKit for Mac OS X 10.3.9 and 10.4.2 allows external user-assisted attackers to execute arbitrary code via a crafted Rich Text Format (RTF) file.

CVE-2005-2504 [HIGH] CVE-2005-2504: The System Profiler in Mac OS X 10.4.2 labels a Bluetooth device with "Requires Authentication: No" The System Profiler in Mac OS X 10.4.2 labels a Bluetooth device with "Requires Authentication: No" even when the user has selected the "Require pairing for security" option, which could confuse users about which setting is valid.

CVE-2005-2503 [MEDIUM] CVE-2005-2503: AppKit for Mac OS X 10.3.9 and 10.4.2 allows attackers with physical access to create local accounts AppKit for Mac OS X 10.3.9 and 10.4.2 allows attackers with physical access to create local accounts by forcing a particular error to occur at the login window.

CVE-2005-2508 [MEDIUM] CVE-2005-2508: dsidentity in Directory Services in Mac OS X 10.4.2 allows local users to add or remove user account dsidentity in Directory Services in Mac OS X 10.4.2 allows local users to add or remove user accounts.

CVE-2005-2510 [MEDIUM] CVE-2005-2510: The Server Admin tool in servermgr_ipfilter for Mac OS X 10.4 to 10.4.2, when using multiple subnets The Server Admin tool in servermgr_ipfilter for Mac OS X 10.4 to 10.4.2, when using multiple subnets and Address Groups, does not always properly write firewall rules to the Active Rules when certain conditions occur, which could result in firewall policies that are less restrictive than intended by the administrator.

CVE-2005-2506 [MEDIUM] CVE-2005-2506: Algorithmic complexity vulnerability in CoreFoundation in Mac OS X 10.3.9 and 10.4.2 allows attacker Algorithmic complexity vulnerability in CoreFoundation in Mac OS X 10.3.9 and 10.4.2 allows attackers to cause a denial of service (CPU consumption) via crafted Gregorian dates.

CVE-2005-2502 [MEDIUM] CVE-2005-2502: Buffer overflow in AppKit for Mac OS X 10.3.9 and 10.4.2, as used in applications such as TextEdit, Buffer overflow in AppKit for Mac OS X 10.3.9 and 10.4.2, as used in applications such as TextEdit, allows external user-assisted attackers to execute arbitrary code via a crafted Microsoft Word file.

CVE-2005-2509 [LOW] CVE-2005-2509: Unknown vulnerability in loginwindow in Mac OS X 10.4.2 and earlier, when Fast User Switching is ena Unknown vulnerability in loginwindow in Mac OS X 10.4.2 and earlier, when Fast User Switching is enabled, allows attackers to log into other accounts if they know the passwords to at least two accounts.