And I can get 0wned just like you PC.
* ImageIO
CVE-ID: CVE-2006-3459, CVE-2006-3461, CVE-2006-3462, CVE-2006-3465
Available for: Mac OS X v10.4.7 Build 8K1079, Mac OS X Server v10.4.7 Build 8K1079
Impact: Viewing a maliciously-crafted TIFF image may lead to an application crash or arbitrary code execution
Description: Buffer overflows were discovered in TIFF tag handling (CVE-2006-3459, CVE-2006-3465), the TIFF PixarLog decoder (CVE-2006-3461), and the TIFF NeXT RLE decoder (CVE-2006-3462). By carefully crafting a corrupt TIFF image, an attacker can trigger a buffer overflow which may lead to an application crash or arbitrary code execution. This update addresses the issue by performing additional validation of TIFF images. Systems prior to Mac OS X v10.4 are affected only by the TIFF NeXT RLE decoder issue (CVE-2006-3462). Credit to Tavis Ormandy, Google Security Team for reporting this issue.
Note:A fifth issue discovered by Tavis Ormandy, CVE-2006-3460, does not affect Mac OS X.
* OpenSSH
CVE-ID: CVE-2006-0393
Available for: Mac OS X v10.4.7 Build 8K1079, Mac OS X Server v10.4.7 Build 8K1079
Impact: When remote login is enabled, remote attackers may cause a denial of service or determine whether an account exists
Description: Attempting to log in to an OpenSSH server (“Remote Login”) using a nonexistent account causes the authentication process to hang. An attacker can exploit this behavior to detect the existence of a particular account. A large number of such attempts may lead to a denial of service. This update addresses the issue by properly handling attempted logins by nonexistent users. This issue does not affect systems prior to Mac OS X v10.4. Credit to Rob Middleton of the Centenary Institute (Sydney, Australia) for reporting this issue.
Post a Comment