Chercher :
Newsletter :  
Exoscan : audit gratuit de failles
Revue :
- Tous
- Français
- Par mot clé
- Par site
- Le tagwall



Sommaires :
- Tendances
- Failles
- Virus
- Concours
- Reportages
- Acteurs
- Outils
- Breves
- Infrastructures
- Livres
- Tutoriels
- Interviews
- Podcasts
- Communiques
- Commentaires

Top :
- Ensemble
- Articles
- Revue
- Videos
- Auteurs


Articles :
- Par mot clé
- Par auteur
- Par organisme
- Le tagwall


Videos :
- Toutes
- Par mot clé
- Par site
- Le tagwall


Exostat :
:: Détails tests
:: Top Failles
:: Top Divers
:: Top Tests

Secumail :
- Secunia
- Full Disclosure
- Bugtraq
- DailyDave
- Vulnwatch
- Vulndiscuss
- FunSec
- Focus-IDS
- WebAppSec
- Security-Basis

RSS/XML :
- Articles
- Brèves
- Revue
- Revue FR
- Videos
- Secunia
- Full Disclosure
- Bugtraq
- DailyDave
- Vulnwatch
- Vulndiscuss
- FunSec
- Focus-IDS
- WebAppSec
- Security-Basis

RSS SecuObs :
- sécurité
- windows
- exploit
- réseau
- vulnérabilité
- système

RSS Revue :
- security
- microsoft
- windows
- vulnérabilité
- network
- google

RSS Videos :
- virus
- spyware
- vmware
- firmware
- biometric
- lockpicking









Tous
Français



Revue de presse francophone :
- SIP : la fin du PBX dans les centres d'appels
- Fibre optique : le retard français aux journées internationales de l'IDATE
- Qui vole un film, vole un boeuf
- Action policière contre le warez Français
- La mafia Napolitaine investit dans le warez
- SIP : la fin du PBX dans les centres de contacts
- Sécurité > Passerelles de sécurité : Finjan lève 22 millions de dollars
- Arrêt de Grande Chambre 12/11/2008
- Mesures provisoires accordées - 18/11/2008
- Arrêts récents - 14/11/2008
- Salon Infosecurity : les tendances
- Les spécifications de l'USB 3.0 rendues publiques
- Audience en novembre
- Symantec Backup Exec pour Windows Servers : Vulnérabilités Diverses
- HP OpenView Network Node Manager : Vulnérabilités Cross-Site Scripting

Mini-Tagwall
Revue de presse : security, microsoft, windows, vulnérabilité, network, google, vulnerability, hacker, attack, inject, remote, mobile, server

+ de mots clés pour la revue de presse
Annuaires des videos : virus, spyware, vmware, firmware, biometric, lockpicking, wimax, password, kernel, malware, spammer, windows, iphone

+ de mots clés pour les videos

Dernier articles de SecuObs :
- Une vulnérabilité dans la pile TCP/IP des systèmes d'exploitation Microsoft Windows Vista
- Un système d’exploitation certifié EAL 6 commercialisé pour le secteur privé
- BotHunter une solution pour la détection des flux malveillants
- Netwitness Investigator, un outil de monitoring sous stéroïdes
- RepRap un projet Opensource de constructeur universel et de système de prototypage
- Des vulnérabilités découvertes dans plusieurs applications de gestion des flux VoIP
- IKAT un outil d'audit pour les terminaux des kiosques Internet
- Vxclass ou la classification de codes malveillants par isomorphisme graphique
- Des publicités Google Adsense pour le malware Antivirus XP 2008
- Des probabilités de visualisation des données en clair lors des connexions SSH

Top des articles de SecuObs
- WPA TKIP aurait été partiellement cassé
- Collecte d’informations et social engineering via les réseaux sociaux
- [Sécuriser un réseau sans fil - Partie 1] Introduction à la sécurité du WI-FI
- Rustock.C, un rootkit robuste
- Une nouvelle faille RPC dans les systèmes Windows

Top de la revue de presse
- 15 minutes pour casser une clé WPA TKIP
- Un logiciel pour dupliquer des clés à  distance
- Avis du CERTA : Bulletin d'actualité numéro 045 de l'année 2008
- scapy vs hping3 : spectrographe de distribution ISN
- VIPeers, un combiné Rapidshare et Bittorrent

Top de l'annuaire des videos
- metasploit 3 autopwn
- Fallout 3 Lockpicking tutorial
- HACK WINDOWS XP PASSWORD
- SSH into your iPod Touch/iPhone via USB on Windows!
- How to Remove Antivirus 2009 | Antivirus2009 Removal Guide

Revue de presse internationale :
- Microsoft dissed chipset before 'Vista Capable' changes
- Researchers find vulnerability in Windows Vista
- Firewall Testing Methodology & Webinar
- The Case of the Insecure Security Software
- The Case of the Unexpected PsList Error
- The Case of the Failed File Compression
- Vista Multimedia Playback and Network Throughput
- The Case of the Failed File Copy
- The Case of the Frozen Clock Gadget
- The Case of the Missing AutoPlay

Dernières brèves de SecuObs :
- Licence Checkpoint Zone Alarm Pro gratuite pour un an le 18 novembre 2008
- Version 3.0 du CD de secours F-Secure
- Appel de la dernière chance pour Gary McKinnon
- 20% de remise sur les certificats SSL VeriSign jusqu'au 31 mai 2008
- Vol de données à Harvard

Annuaire des videos
- whax
- Antispyware Adware Remover
- Demo 07: Ceelox, Inc. Scram
- Kirlian Camera Kaczynski Code / edit by Hipnosis Italy
- PS3 Firmware Update Video

Commentaires sur SecuObs :
- An Ad for DDoS Services - Network, Phone, Competition http://www
- How-to: The Bus Pirate, universal serial interface http://www.se
- FREE 1 Year BitDefender Antivirus 2009 Genuine License for EVERY
- Metasploit Framework 3.2 Released https://www.secuobs.com/secuma
- GPCode Ransom Trojan Decoder http://www.securescience.net/home/

Exostats/Exoscan
Nombre de tests inclus
24271
Tests ajoutés
Aujourd'hui
Ce mois
10
309
[Message Precedent sur la mailing][Message Suivant sur la mailing][Precedent dans le fil][Prochain dans le fil][Index par Date][Index par fil] [SA30430] Apple Mac OS X Security Update Fixes Multiple Vulnerabilities
Secunia Network Software Inspector 2.0 (NSI) - Public Beta The Public Beta has ended. Thanks to all that participated.

Learn more: link://[click]

TITLE: Apple Mac OS X Security Update Fixes Multiple Vulnerabilities

SECUNIA ADVISORY ID: SA30430

VERIFY ADVISORY: link://[click]

CRITICAL: Highly critical

IMPACT: Security Bypass, Cross Site Scripting, Exposure of system information, Exposure of sensitive information, Privilege escalation, DoS, System access

WHERE: From remote REVISION: 1.1 originally posted 2008-05-29

OPERATING SYSTEM: Apple Macintosh OS X link://[click]

DESCRIPTION: Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities.

1) An error in AFP server allows connected users or guests to access files and directories that are not within a shared directory.

2) Some vulnerabilities in Apache can be exploited by malicious people to conduct cross-site scripting attacks or to cause a DoS (Denial of Service).

For more information: SA18008 SA18307 SA26273 SA26636 SA28081 The vulnerabilities affect Mac OS X Server v10.4.x.

3) An unspecified error in AppKit can potentially be exploited to execute arbitrary code when a user opens a specially crafted document file with an editor that uses AppKit (e.g. TextEdit).

4) Multiple unspecified errors exist in the processing of Pixlet video files. These can be exploited to cause memory corruption and potentially allow for execution of arbitrary code when a user opens a specially crafted movie file.

5) An unspecified error exists in Apple Type Services when processing embedded fonts in PDF files. This can be exploited to cause a memory corruption when a PDF file containing a specially crafted embedded font is printed.

Successful exploitation may allow execution of arbitrary code.

6) An error in Safari's SSL client certificate handling can lead to an information disclosure of the first client certificate found in the keychain when a web server issues a client certificate request.

7) An integer overflow exists in CoreFoundation when handling CFData objects. This can be exploited to cause a heap-based buffer overflow if an application calls "CFDataReplaceBytes" with an invalid "length" argument.

8) An error due to an uninitialised variable in CoreGraphics can potentially be exploited to execute arbitrary code when a specially crafted PDF is opened.

9) A weakness is caused due to users not being warned before opening certain potentially unsafe content types.

10) An error when printing to password-protected printers with debug logging enabled may lead to the disclosure of sensitive information.

11) Some vulnerabilities in Adobe Flash Player can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, or to potentially compromise a user's system.

For more information: SA28083 12) An integer underflow error in Help Viewer when handling help:topic URLs can be exploited to cause a buffer overflow when a specially crafted help:topic URL is accessed.

Successful exploitation may allow execution of arbitrary code.

13) A conversion error exists in ICU when handling certain character encodings. This can potentially be exploited bypass content filters and may lead to cross-site scripting and disclosure of sensitive information.

14) Input passed to unspecified parameters in Image Capture's embedded web server is not properly sanitised before being used. This can be exploited to disclose the content of local files via directory traversal attacks.

15) An error in the handling of temporary files in Image Capture can be exploited by malicious, local users to manipulate files with the privilege of a user running Image Capture.

16) A boundary error in the BMP and GIF image decoding engine in ImageIO can be exploited to disclose content in memory.

17) Some vulnerabilities in ImageIO can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerabilities are caused due to the use of vulnerable libpng code.

For more information: SA27093 SA27130 18) An integer overflow error in ImageIO within the processing of JPEG2000 images can be exploited to cause a heap-based buffer overflow when a specially crafted JPEG2000 image is viewed.

Successful exploitation of this vulnerability may allow execution of arbitrary code.

19) An error in Mail is caused due to an uninitialised variable and can lead to disclosure of sensitive information and potentially execution of arbitrary code when mail is sent through an SMTP server over IPv6.

20) A vulnerability in Mongrel can be exploited by malicious people to disclose sensitive information.

For more information: SA28323 21) The sso_util command-line tool requires that passwords be passed to it in its arguments, which can be exploited by malicious, local users to disclose the passwords.

22) An error in Wiki Server can be exploited to determine valid local user names when nonexistent blogs are accessed.

SOLUTION: Update to Mac OS X 10.5.3 or apply Security Update 2008-003.

Security Update 2008-003 (PPC): link://[click] Security Update 2008-003 Server (PPC): link://[click] Security Update 2008-003 Server (Universal): link://[click] Security Update 2008-003 (Intel): link://[click] Mac OS X 10.5.3 Combo Update: link://[click] Mac OS X 10.5.3 Update: link://[click] Mac OS X Server 10.5.3 Combo Update: link://[click] Mac OS X Server 10.5.3 Update: link://[click] PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Alex deVries and Robert Rich 3) Rosyna of Unsanity 5) Melissa O'Neill, Harvey Mudd College 9) Brian Mastenbrook 12) Paul Haddad, PTH Consulting 16) Gynvael Coldwind, Hispasec 19) Derek Morr, Pennsylvania State University 21) Geoff Franks, Hauptman Woodward Institute 22) Don Rainwater, University of Cincinnati CHANGELOG: 2008-05-29: Added links to Mac OS X 10.5.3 in "Solution" section.



ORIGINAL ADVISORY: link://[click] OTHER REFERENCES: SA18008: link://[click] SA18307: link://[click] SA26273: link://[click] SA26636: link://[click] SA27093: link://[click] SA27130: link://[click] SA28081: link://[click] SA28083: link://[click] SA28323: link://[click]

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: link://[click]

Definitions: (Criticality, Where etc.) link://[click]

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link.

Secunia NEVER sends attached files with advisories.

Secunia does not advise people to install third party patches, only use those supplied by the vendor.


Archives de la liste de diffusion Secunia
Archives de la liste de diffusion BugTraq
Archives de la liste de diffusion DailyDave
Archives de la liste de diffusion FunSec
Archives de la liste de diffusion Full Disclosure
Archives de la liste de diffusion Focus-IDS (FD)
Archives de la liste de diffusion Webappsec (FD)
Archives de la liste de diffusion Security-basics (FD)
Archives de la liste de diffusion Vulndiscuss
Archives de la liste de diffusion Vulnwatch


Mini-Tagwall des articles publiés sur SecuObs :

Archives Failles Secunia :
- SA32774 Citrix XenServer Ext2/Ext3 Processing Security Bypass Vulnerability
- SA32761 No-IP Linux Dynamic Update Client Buffer Overflow Vulnerability
- SA32778 Ubuntu update for firefox, firefox-3.0, and xulrunner-1.9
- SA32659 E-topbiz Link Back Checker auth Cookie Security Bypass
- SA32745 Free Directory Script API_HOME_DIR File Inclusion Vulnerability

Archives Mailing Full Disclosure :
- Re: Full-disclosure Fwd: Three London hospitals have been forced to shut down their entire computer systems for at least 24 hours after being hit by a virus
- Re: Full-disclosure Fredrick Diggle Security is looking for a few good men (or mediocre women)
- Re: Full-disclosure Fwd: Three London hospitals have been forced to shut down their entire computer systems for at least 24 hours after being hit by a virus
- Re: Full-disclosure Fwd: Three London hospitals have been forced to shut down their entire computer systems for at least 24 hours after being hit by a virus
- Full-disclosure MDVSA-2008:220-1 kernel

Archives Mailing Bugtraq :
- MDVSA-2008:220-1 kernel
- Re: Re: Re: Re: Opera 9.6x file:// overflow
- Re: MDVSA-2008:232 dovecot
- Re: Re: Re: Re: Opera 9.6x file:// overflow
- MDVSA-2008:232 dovecot

Mini-Tagwall de l'annuaire video :

Mini-Tagwall des articles de la revue de presse :