Mac OS X Command Execution & Security Bypass Issues

French Security Incident Response Team (FrSIRT) has reported multiple vulnerabilities in Apple Mac OS X, which could be exploited by remote or local attackers to cause a denial of service (DoS) attack.

The attack could disclose sensitive information, bypass security restrictions or seriously compromise an affected system.

Affected Products include: Apple Mac OS X version 10.5.2 and prior and Apple Mac OS X Server version 10.5.2 and prior.

These issues are caused by implementation, data validation, and buffer overflow errors in the following applications:

AFP Client, AFP Server, Apache, AppKit, Application Firewall, CFNetwork, ClamAV, CoreFoundation, CoreServices, CUPS, curl, Emacs, file, Foundation, Help Viewer, Image Raw, Kerberos, libc, mDNSResponder, notifyd, OpenSSH, pax, PHP, Podcast Producer, Preview, Printing, System Configuration, UDF, Wiki Server, and X11.

These errors could be exploited by attackers to bypass security checks, gain knowledge of sensitive information, cause a denial of service or execute arbitrary commands or scripting code.

Note: Some of reported vulnerabilities can be resolved by applying APPLE-SA-2008-03-18 Security Update.