Apple Security Update, Various Overflows

Apple has released security update 2007-009. This update contains fixes for several critical vulnerabilities, plus fixes for other issues.  Updates are available for 10.4.11 and 10.5.1. For a complete list of vulnerabilities fixed, please visit http://docs.info.apple.com/article.html?artnum=307179.

There is buffer overflow in HP-UX. The issue lies in a function call to sw_rpc_agent_init within swagentd that if given malformed arguments, could result in a buffer overflow. This could allow attackers to execute arbitrary code. Authentication is not required. Hewlett-Packard has released an update to address this vulnerability, available from HP document ID #SB2294r1.

Trend Micro ServerProtect contains an insecure method exposure in the StRpcSrv.dll. The bug exists in the SpntSvc.exe daemon running on TCP port 5168. An attack against this vector could result in full file system access that could be leveraged to execute arbitrary code. An update to this issue has been release, and more information can be found at http://www.trendmicro.com/ftp/documentation/readme/spnt_558_win_en_securitypatch4_readme.txt.

The perl package Net::DNS is vulnerable to a denial of service. By sending a malformed DNS reply to a server or application running Net::DNS, it is possible to cause the package to crash. This would in turn crash any application running the Net::DNS module.  Net::DNS version 0.60 build 654 is vulnerable. This issue has been assigned CVE-2007-6341.

St. Bernard Open File Manager is vulnerable to a heap-based buffer overflow. This is due to a boundary error in ofmnt.exe, in which an attacker can send a malicious packet to the service and cause the overflow. This could result in the execution of code as a SYSTEM user. Version 9.6 build 602 available to customers addresses this issue. Other vendors using this software may have made updates available as well.

Leave a Reply