Dapper Dan Posted August 1, 2006 Share Posted August 1, 2006 **EDIT by Dax** The short version: Security Update 2006-004 is recommended for all users and improves the security of the following components. AFP Server Bluetooth Bom DHCP dyld fetchmail gnuzip ImageIO LaunchServices OpenSSH telnet WebKit For detailed information on this Update, please visit this website: http://docs.info.apple.com/article.html?artnum=61798 **Dax** The long version: Security Update 2006-004 is now available and addresses the following issues: AFP Server CVE-ID: CVE-2006-1472 Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9 Impact: When file sharing is enabled, file and folder items may be disclosed to unauthorized users Description: An issue in the AFP server allows search results to include files and folders for which the user performing the search has no access. This may lead to information disclosure if the names themselves are sensitive information. If the permissions of the items allow it, the contents may also be accessible. This update addresses the issue in Mac OS X v10.3.9 by ensuring that search results only include items for which the user is authorized. For Mac OS X v10.4 systems, the issue was addressed in Mac OS X v10.4.7. AFP Server CVE-ID: CVE-2006-1473 Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.7, Mac OS X Server v10.4.7 Impact: When file sharing is enabled, authenticated users may cause a crash or arbitrary code execution Description: The AFP server contains an integer overflow that can be triggered by an authenticated user. A malicious user with access to the AFP server may be able to cause a denial of service attack or aribtrary code execution with system privileges. The AFP server is not enabled by default on Mac OS X. This update addresses the issue by performing additional validation. Credit to Dino Dai Zovi of Matasano Security for reporting this issue. AFP Server CVE-ID: CVE-2006-3495 Available for: Mac OS X Server v10.3.9, Mac OS X Server v10.4.7 Impact: When file sharing is enabled, authenticated local users may be able to access files or folders of other users through AFP Description: On Mac OS X Server, the AFP server supports reconnection of file sharing sessions after a network outage. The storage of reconnect keys is world-readable. It may be possible for an authenticated local user to read the reconnect keys, use them to impersonate another user over AFP, and access files or folders with the privileges of the impersonated user. This update addresses the issue by protecting the reconnect keys with appropriate file system permissions. This issue only affects Mac OS X Server. AFP Server CVE-ID: CVE-2006-3496 Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.7, Mac OS X Server v10.4.7 Impact: When file sharing is enabled, a maliciously-crafted AFP request may cause the AFP server to crash Description: An unchecked error condition exists in the AFP server that may lead to a crash. By carefully crafting an invalid AFP request, an attacker may be able to trigger this condition and cause a denial of service. This update addresses the issue by handling the formerly unchecked error condition. AppKit, ImageIO CVE-ID: CVE-2006-3459, CVE-2006-3461, CVE-2006-3462, CVE-2006-3465 Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.7, Mac OS X Server v10.4.7 Impact: Viewing a maliciously-crafted TIFF image may lead to an application crash or arbitrary code execution Description: Buffer overflows were discovered in TIFF tag handling (CVE-2006-3459, CVE-2006-3465), the TIFF PixarLog decoder (CVE-2006-3461), and the TIFF NeXT RLE decoder (CVE-2006-3462). By carefully crafting a corrupt TIFF image, an attacker can trigger a buffer overflow which may lead to an application crash or arbitrary code execution. This update addresses the issue by performing additional validation of TIFF images. Systems prior to Mac OS X v10.4 are affected only by the TIFF NeXT RLE decoder issue (CVE-2006-3462). Credit to Tavis Ormandy, Google Security Team for reporting this issue. Note: A fifth issue discovered by Tavis Ormandy, CVE-2006-3460, does not affect Mac OS X. Bluetooth Setup Assistant Available for: Mac OS X v10.4.7, Mac OS X Server v10.4.7 Impact: Passkey length increased for Bluetooth pairing Description: The length of the automatically generated passkey used for pairing has been increased from six characters to eight characters. This enhancement does not require a CVE ID. Bom CVE-ID: CVE-2006-3497 Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.7, Mac OS X Server v10.4.7 Impact: Opening a maliciously-crafted archive may lead to an application crash or arbitrary code execution Description: An issue in Bom's compression state handling may cause heap corruption. By carefully crafting a corrupt Zip archive and persuading a victim to open it, an attacker may be able to trigger this condition which could lead to an application crash or arbitrary code execution. Note that Safari will automatically open archives when "Open `safe' files after downloading" is enabled. This update addresses the issue by properly handling such malformed Zip archives. Credit to Tom Ferris of Security-Protocols.com for reporting this issue. DHCP CVE-ID: CVE-2006-3498 Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.7, Mac OS X Server v10.4.7 Impact: When bootpd is enabled, a maliciously-crafted BOOTP request may cause arbitrary code execution Description: A stack buffer overflow exists in bootpd's request processing. By carefully crafting a malicious BOOTP request, a remote attacker may be able to trigger the overflow and cause arbitrary code execution with the privileges of the system. Note that bootpd is not enabled by default in Mac OS X, and must be manually configured in order to be enabled. This update addresses the issue by performing additional bounds checking. dyld CVE-ID: CVE-2006-3499 Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.7, Mac OS X Server v10.4.7 Impact: Malicious local users may influence dynamic linker output with undesirable consequences Description: Malicious local system users may specify dynamic linker options that cause output to standard error. This output contains informational content and potentially user-specified content. As a result, privileged applications that parse or reuse standard error may be influenced inappropriately. This update addresses the issue by ignoring the problematic dynamic linker options in privileged applications. Credit to Neil Archibald of Suresec LTD for reporting this issue. dyld CVE-ID: CVE-2006-3500 Available for: Mac OS X v10.4.7, Mac OS X Server v10.4.7 Impact: Malicious local users may influence the loading of dynamic libraries in order to gain elevated privileges Description: An improperly handled condition in the dynamic linker may lead to including dangerous paths when searching for libraries to load into privileged applications. As a result, malicious local users may cause the dynamic linker to load and execute arbitrary code with elevated privileges. This update addresses the issue by properly selecting search paths when executing privileged applications. Credit to Neil Archibald of Suresec LTD for reporting this issue. fetchmail CVE-ID: CVE-2005-2335, CVE-2005-3088, CVE-2005-4348, CVE-2006-0321 Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.7, Mac OS X Server v10.4.7 Impact: Multiple issues in the fetchmail utility may lead to denial of service or arbitrary code execution Description: Several issues in the fetchmail utility were discovered. The most serious issue could lead to arbitrary code execution when fetching mail from a malicious POP3 mail server. All issues are described at the fetchmail website (fetchmail.berlios.de). This update addresses the issues by updating fetchmail to version 6.3.4. In addition, fetchmail is no longer distributed as a privileged utility. gunzip CVE-ID: CVE-2005-0988 Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.7, Mac OS X Server v10.4.7 Impact: Malicious local users may be able to modify permissions of files owned by another user when the command line tool gunzip is run Description: A race condition may allow a malicious local user to modify the permissions of files owned by another user executing gunzip. This issue is only exploitable when executing gunzip on files in directories that are modifiable by other users. This update addresses the issue by properly handling files while decompressing. gunzip CVE-ID: CVE-2005-1228 Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.7, Mac OS X Server v10.4.7 Impact: Decompressing maliciously-crafted files with "gunzip -N" may lead to arbitrary file replacement or creation Description: A directory traversal vulnerability is present in the command line utility gunzip when it is used with the non-default "-N" option. By carefully crafting a malicious compressed file and persuading a user to open it with "gunzip - -N", an attacker may replace or create arbitrary files with the privileges of the victim. This update addresses the issue by properly stripping paths from files when decompressing. Image RAW CVE-ID: CVE-2006-0392 Available for: Mac OS X v10.4.7, Mac OS X Server v10.4.7 Impact: Viewing a maliciously-crafted Canon RAW image may lead to an application crash or arbitrary code execution Description: By carefully crafting a corrupt Canon RAW image, an attacker can trigger a buffer overflow which may lead to an application crash or arbitrary code execution. This update addresses the issue by performing additional validation of Canon RAW images. This issue does not affect systems prior to Mac OS X v10.4. ImageIO CVE-ID: CVE-2006-3501 Available for: Mac OS X v10.4.7, Mac OS X Server v10.4.7 Impact: Viewing a maliciously-crafted Radiance image may lead to an application crash or arbitrary code execution Description: By carefully crafting a corrupt Radiance image, an attacker can trigger an integer overflow which may lead to an application crash or arbitrary code execution. This update addresses the issue by performing additional validation of Radiance images. This issue does not affect systems prior to Mac OS X v10.4. ImageIO CVE-ID: CVE-2006-3502 Available for: Mac OS X v10.4.7, Mac OS X Server v10.4.7 Impact: Viewing a maliciously-crafted GIF image may lead to an application crash or arbitrary code execution Description: By carefully crafting a corrupt GIF image, an attacker can trigger an undetected memory allocation failure which may lead to an application crash or arbitrary code execution. This update addresses the issue by performing additional validation of GIF images. This issue does not affect systems prior to Mac OS X v10.4. ImageIO CVE-ID: CVE-2006-3503 Available for: Mac OS X v10.4.7, Mac OS X Server v10.4.7 Impact: Viewing a maliciously-crafted GIF image may lead to an application crash or arbitrary code execution Description: By carefully crafting a corrupt GIF image, an attacker can trigger an integer overflow which may lead to an application crash or arbitrary code execution. This update addresses the issue by performing additional validation of GIF images. This issue does not affect systems prior to Mac OS X v10.4. Credit to Tom Ferris of Security-Protocols.com for reporting this issue. LaunchServices CVE-ID: CVE-2006-3504 Available for: Mac OS X v10.4.7, Mac OS X Server v10.4.7 Impact: Visiting a malicious web site could cause JavaScript to execute in the local domain Description: Download Validation may erroneously identify certain files containing HTML as "safe". If such a file is downloaded in Safari and Safari's "Open `safe' files after downloading" option is enabled, the HTML document will automatically be opened from a local URI. This would allow any JavaScript code embedded in the document to bypass access restrictions normally imposed on remote content. This update provides additional checks to identify potentially malicious file types so that they are not automatically opened. This issue does not affect systems prior to Mac OS X v10.4. OpenSSH CVE-ID: CVE-2006-0393 Available for: Mac OS X v10.4.7, Mac OS X Server v10.4.7 Impact: When remote login is enabled, remote attackers may cause a denial of service or determine whether an account exists Description: Attempting to log in to an OpenSSH server ("Remote Login") using a nonexistent account causes the authentication process to hang. An attacker can exploit this behavior to detect the existence of a particular account. A large number of such attempts may lead to a denial of service. This update addresses the issue by properly handling attempted logins by nonexistent users. This issue does not affect systems prior to Mac OS X v10.4. Credit to Rob Middleton of the Centenary Institute (Sydney, Australia) for reporting this issue. telnet CVE-ID: CVE-2005-0488 Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.7, Mac OS X Server v10.4.7 Impact: When the command line tool telnet is used to connect to a malicious TELNET server, environmental variables may be disclosed Description: When connected to a TELNET server, the client may send the contents of arbitrary environment variables to the server if the server requests them. Some environment variables may contain sensitive information that should not be sent over the network. This update addresses the issue by ensuring that only non-sensitive variables and variables that the user has explicitly requested are are shared with the server. Credit to Gael Delalleau and iDEFENSE for reporting this issue. WebKit CVE-ID: CVE-2006-3505 Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.7, Mac OS X Server v10.4.7 Impact: Visiting a malicious web site may lead to arbitrary code execution Description: A maliciously-crafted HTML document could cause a previously deallocated object to be accessed. This may lead to an application crash or arbitrary code execution. This update addresses the issue by properly handling such documents. Credit to Jesse Ruderman of Mozilla Corporation for reporting this issue. Link to comment Share on other sites More sharing options...
domino Posted August 1, 2006 Share Posted August 1, 2006 First don't download the file linked to MU. It's the PPC version. Go straight to Apple's download page and get the intel version (8mb). I looked into the files and found nothing that affected Semjaza'a work. I updated straight from the dmg. It rebooted fine but who's to say nothing's broke? Will know in the days to come. PS. Always repair permissions before and after any update. Link to comment Share on other sites More sharing options...
zu1u Posted August 1, 2006 Share Posted August 1, 2006 not going to install this just yet.. will wait for more official clearance Link to comment Share on other sites More sharing options...
Dapper Dan Posted August 1, 2006 Author Share Posted August 1, 2006 Verified installation through Software Update on 10.4.7 JaS Link to comment Share on other sites More sharing options...
TokinDerrick Posted August 2, 2006 Share Posted August 2, 2006 so we can just straight install this from the update, no problems? I'm gonna wait for some of the members I trust (if they still post here, this is actually my first time back in a while) say that its ok to install. Link to comment Share on other sites More sharing options...
Bruce Wang Posted August 2, 2006 Share Posted August 2, 2006 Installed directly from Software Update, everything works well. Bruce Link to comment Share on other sites More sharing options...
Baliw Posted August 2, 2006 Share Posted August 2, 2006 Installed directly from Software Update, everything works well. Bruce Same here Link to comment Share on other sites More sharing options...
TokinDerrick Posted August 2, 2006 Share Posted August 2, 2006 I just did the update through the updater aswell, worked fine. I did however, repair permissions before clicking "restart" just to make sure. Link to comment Share on other sites More sharing options...
tyre777 Posted August 2, 2006 Share Posted August 2, 2006 tnx for the info guys!! will update from the updater as well.. Link to comment Share on other sites More sharing options...
StarForge Posted August 2, 2006 Share Posted August 2, 2006 Just did the update, thanks! Link to comment Share on other sites More sharing options...
SaxMachine Posted August 2, 2006 Share Posted August 2, 2006 SecurityUdate2006-004(intel) Work for AMD? Can I also update? J2SE 5.0 Release 4 QuickTime iTunes iPodUpdate Link to comment Share on other sites More sharing options...
cyclonefr Posted August 2, 2006 Share Posted August 2, 2006 yes Link to comment Share on other sites More sharing options...
SaxMachine Posted August 2, 2006 Share Posted August 2, 2006 Yes for the working on to AMD or bring everything update? Link to comment Share on other sites More sharing options...
zu1u Posted August 2, 2006 Share Posted August 2, 2006 yes for both.. the update works on an AMD machine.. though i've experienced slower booting afterwards.. Link to comment Share on other sites More sharing options...
ernando Posted August 2, 2006 Share Posted August 2, 2006 I come to confirm that the newest secupd also works on my 10.4.7 JaS, but I didn't use soft updater, I use the updater installation from Apple Link to comment Share on other sites More sharing options...
SaxMachine Posted August 2, 2006 Share Posted August 2, 2006 yes for both.. the update works on an AMD machine.. though i've experienced slower booting afterwards.. Work perfectly. Thanks for info... For fast boot look my sig! Link to comment Share on other sites More sharing options...
belgrano Posted August 2, 2006 Share Posted August 2, 2006 yes for both.. the update works on an AMD machine.. though i've experienced slower booting afterwards.. After an update the first boot is always slow... Link to comment Share on other sites More sharing options...
SaxMachine Posted August 2, 2006 Share Posted August 2, 2006 Not for me...My Hackintosh bot in 13 second. HVSensor FasterBoot Link to comment Share on other sites More sharing options...
zu1u Posted August 2, 2006 Share Posted August 2, 2006 Not for me...My Hackintosh bot in 13 second. HVSensor FasterBoot that actually causes a kernel panic.. i just restored it Link to comment Share on other sites More sharing options...
Konami® Posted August 2, 2006 Share Posted August 2, 2006 updating now, thanks guys!! Link to comment Share on other sites More sharing options...
sev7en Posted August 2, 2006 Share Posted August 2, 2006 Downloading updates now by softupdate... how do I do to store these updates? Link to comment Share on other sites More sharing options...
Rammjet Posted August 2, 2006 Share Posted August 2, 2006 Review the "Update" menu in Software Update Link to comment Share on other sites More sharing options...
Konami® Posted August 2, 2006 Share Posted August 2, 2006 well let me tell my experience, I updated then when I restart the computer I saw a kernel panic and os x crash, then I turn off and on again and it works, maybe is common to get a kernel panic when the computer is booting. Link to comment Share on other sites More sharing options...
Takuro Posted August 2, 2006 Share Posted August 2, 2006 It feels refreshing to finally update without worrying about hacks and tweaks. Maybe Apple is slowly loosening its grip on Tiger in order to focus more on Leopard. At this point, they need to admit that Tiger is pretty much a lost cause when it comes to preventing illegal use. Link to comment Share on other sites More sharing options...
jihuiwen Posted August 3, 2006 Share Posted August 3, 2006 I installed the update, at first every went ok, but when i tried to repair permissions it gives me this Disk Utility internal error Disk Utility has lost its connection with the Disk Management Tool and cannot continue. Please quit and relaunch Disk Utility. and installer refused to work aswell could someone please tell me what i can do to fix that? p.s. everything else works perfectly Link to comment Share on other sites More sharing options...
Recommended Posts