Apple has issued a security update for Mac OS X, which fixes various vulnerabilities.
1) The "at" family of utilities ("at", "atrm", "batch", "atq", and "atrun") does
not drop privileges properly. This can be exploited to delete arbitrary files,
execute arbitrary commands with escalated privileges, or read the contents of
arbitrary files.
The vulnerability has been reported in Mac OS X 10.3.4 (Darwin kernel xnu-517.7.7)
and has been confirmed in Mac OS X 10.3.7 (Darwin kernel xnu-517.9.5). Other versions
may also be affected.
2) A boundary error in the ColorSync component when processing ICC color profiles
can be exploited to cause a heap-based buffer overflow. This allows execution
of arbitrary code via a specially crafted ICC color profile.
3) Various vulnerabilities in the libxml2 component can potentially be exploited
to compromise a vulnerable system.
4) An information disclosure weakness in the Mail component makes it possible
to determine the system from which an email has been sent. The problem is that
an identifier associated with the Ethernet networking hardware is included in
the "Message-ID" header.
5) Multiple vulnerabilities in PHP can be exploited to e.g. cause a DoS (Denial
of Service) or execute arbitrary code.
6) A vulnerability in Safari can be exploited by malicious people to spoof the
content of web sites.
7) A vulnerability in SquirrelMail can be exploited by malicious people to conduct
script insertion attacks.
OPERATING SYSTEM:
Apple Macintosh OS X
SOLUTION:
Apply Security Update 2005-001.
PROVIDED AND/OR DISCOVERED BY:
1) Immunity (vendor credits kf_lists[at]digitalmunition[dot]com)
4) Carl Purvis
6) Secunia Research
ORIGINAL ADVISORY:
Apple:
http://docs.info.apple.com/article.html?artnum=300770
VERIFY ADVISORY:
http://secunia.com/advisories/14005/
Secunia Security Advisories
http://community.securityteam.us/article.php/20050210102331605