__________________________________________________________ The U.S. Department of Energy Cyber Incident Response Capability __ __ __ ___ __ __ ___ ___ | \ | | |_ __ / | |__| / |__/ |__| |__ \___ __|__ | \ \___ __________________________________________________________ INFORMATION BULLETIN Mac OS X v10.5.5 and Security Update 2008-006 [HT3137] October 15, 2008 21:00 GMT Number T-013 ______________________________________________________________________________ PROBLEM: A heap buffer overflow exists in Apple Type Services' handling a PostScript font names. Viewing a document containing a maliciously crafted font may lead to arbitrary code execution. PLATFORM: Mac OS X v10.4.11, v10.5 through v10.5.4 Mac OS X Server v10.4.11, v10.5 through v10.5.4 DAMAGE: Execution of arbritary code. SOLUTION: Upgrade to the appropriate version. ______________________________________________________________________________ VULNERABILITY The risk is MEDIUM. Viewing a document containing a maliciously ASSESSMENT: crafted font may lead to arbritary code execution. ______________________________________________________________________________ CVSS 2 BASE SCORE: 6.8 TEMPORAL SCORE: 5.6 VECTOR: (AV:N/AC:M/Au:N/C:P/I:P/A:P/E:F/RL:OF/RC:C) ______________________________________________________________________________ LINKS: DOE-CIRC BULLETIN: http://doecirc.energy.gov/ciac/bulletins/t-013.shtml ORIGINAL BULLETIN: http://support.apple.com/kb/HT3137 CVE: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name= CVE-2008-0314 CVE-2008-1100 CVE-2008-1382 CVE-2008-1387 CVE-2008-1447 CVE-2008-1483 CVE-2008-1657 CVE-2008-1833 CVE-2008-1835 CVE-2008-1836 CVE-2008-1837 CVE-2008-2305 CVE-2008-2312 CVE-2008-2327 CVE-2008-2329 CVE-2008-2330 CVE-2008-2331 CVE-2008-2332 CVE-2008-2376 CVE-2008-2713 CVE-2008-3215 CVE-2008-3608 CVE-2008-3609 CVE-2008-3610 CVE-2008-3611 CVE-2008-3613 CVE-2008-3614 CVE-2008-3616 CVE-2008-3617 CVE-2008-3618 CVE-2008-3619 CVE-2008-3621 CVE-2008-3622 ______________________________________________________________________________ [***** Start HT3137 *****] Please visit Apple's Web site to view their Apple Security Update 20008-006 and Mac OS X 10.5.5 http://support.apple.com/kb/HT3137 [***** End HT3137 *****] _______________________________________________________________________________ DOE-CIRC wishes to acknowledge the contributions of Apple for the information contained in this bulletin. _______________________________________________________________________________ DOE-CIRC provides the U.S. Department of Energy with incident response, reporting, and tracking, along with other computer security support. DOE-CIRC is a member of GFIRST, the Government Forum of Incident Responders and Security Teams and FIRST an international incident response and security organization. DOE-CIRC services are available to DOE and DOE contractors. DOE-CIRC can be contacted at: Voice: +1 866-941-2472 (7x24) FAX: +1 702-932-0189 STU-III: Call the voice number. E-mail: doecirc@doecirc.energy.gov Previous DOE-CIRC notices, anti-virus software, and other information are available from the DOE-CIRC Computer Security Archive. World Wide Web: http://doecirc.energy.gov/ Anonymous FTP: ftp.ciac.org PLEASE NOTE: Many users outside of the DOE and ESnet computing communities receive DOE-CIRC bulletins. If you are not part of these communities, please contact your agency's response team to report incidents. Your agency's team will coordinate with DOE-CIRC. The Forum of Incident Response and Security Teams (FIRST) is a world-wide organization. A list of FIRST member organizations and their constituencies can be obtained via WWW at http://www.first.org/. This document was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government nor any agency thereof, nor any of their employees, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial product, process, or service by trade name, trademark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation, or favoring by the United States Government or any agency thereof. The views and opinions of originators expressed herein do not necessarily state or reflect those of the United States Government or any agency thereof. LAST 10 DOE-CIRC Bulletins S-213: Nukedit 'email' Parameter Vulnerability S-214: SurgeMail and WebMail 'Page' Command Vulnerability S-215: Symantec Backup Exec Scheduler ActiveX Control Multiple Vulnerabilities S-216: Juniper Networks Secure Access 2000 'rdremediate.cgi' Vulnerability S-217: Drupal Multiple HTML Vulnerabilities S-218: gd Security Update S-219: Juniper Networks Secure Access 2000 Web Root Path Vulnerability S-220: PHP-Nuke My_eGallery Module 'gid' Parameter Vulnerability S-221: Learn2 STRunner ActiveX Control Vulnerabilities S-222: Evolution Security Update