Status Tracking Note TRTA07-319A

Apple Updates for Multiple Vulnerabilities

Overview

Apple has released Mac OS X 10.4.11 and Security Update 2007-008 to address multiple vulnerabilities affecting Apple Mac OS X and Mac OS X Server. The most serious of these vulnerabilities may allow a remote attacker to execute arbitrary code. Attackers may take advantage of the less serious vulnerabilities to bypass security restrictions or cause a denial of service.
Event Information

Date (UTC)Description
2007-11-16 03:02 RISE Security
RISE-2007004: Apple Mac OS X 10.4.x Kernel i386_set_ldt() Integer Overflow Vulnerability
i386_set_ldt Integer Overflow Vulnerability (CVE-2007-4684)
There exists a vulnerability within an architecture dependent function of the Apple Mac OS X 10.4.x kernel, which when properly exploited can lead to local compromise of the vulnerable system.
#Cid: osx-x86-ldt.c
2007-11-15 18:34 US-CERT
TA07-319A: Apple Updates for Multiple Vulnerabilities
Via US-CERT Mailing List
2007-11-15 12:43 US-CERT
Apple Releases Security Updates to Address Multiple Vulnerabilities
US-CERT Current Activity
Apple has released Mac OS X 10.4.11 and Security Update 2007-008 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or access the system with escalated privileges.
2007-11-13 Apple
Article ID: 307041: About the security content of Mac OS X 10.4.11 and Security Update 2007-008
2007-09-07 iDefense
Apple Mac OS X Mach Port Inheritance Privilege Escalation Vulnerability
Mach Port Privilege Escalation Vulnerability (CVE-2007-3749)
Vulnerability Reported
When executing a setuid-root binary, the Mach kernel does not reset the current thread Mach port, or the current thread Mach Exception Port.
2007-08-08 iDefense
Apple Mac OS X AppleTalk ASP Message Kernel Heap Overflow Vulnerability
AppleTalk ASP Message Kernel Heap Overflow Vulnerability (CVE-2007-4269)
Vulnerability Reported
The vulnerability exists within a function responsible for sending an ASP (AppleTalk Session Protocol) message on an AppleTalk socket.
2007-08-08 iDefense
Apple Mac OS X AppleTalk mbuf Kernel Heap Overflow Vulnerability
AppleTalk mbuf Kernel Heap Overflow Vulnerability (CVE-2007-4268)
Vulnerability Reported
The vulnerability exists within a function responsible for allocating an mbuf. mbufs are a BSD concept, long used by BSD kernels to allocate buffers for storing network related data.
2007-08-08 iDefense
Apple Mac OS X AppleTalk Socket IOCTL Kernel Stack Buffer Overflow Vulnerability
AppleTalk Socket IOCTL Kernel Stack Buffer Overflow Vulnerability (CVE-2007-4267)
Vulnerability Reported
The vulnerability exists within the function responsible for adding an AppleTalk zone to an interface's routing table.


Date first published (UTC): 2007-11-17T16:32+00:00
Date last updated (UTC): 2007-11-18T05:29+00:00