Apple Security Update 2007-001 in Software Update, fixes MOAB-01-01-2007

2 views
Skip to first unread message

John Bafford

unread,
Jan 23, 2007, 5:31:29 PM1/23/07
to moab...@googlegroups.com
Now, all we need is Apple fixes for the rest of the Apple MOAB fixes...


From http://docs.info.apple.com/article.html?artnum=304989:
Security Update 2007-001

QuickTime

CVE-ID: CVE-2007-0015

Available for: QuickTime 7.1.3 on Mac OS X v10.3.9, Mac OS X Server
v10.3.9, Mac OS X v10.4.8, Mac OS X Server v10.4.8, Windows XP/2000

Impact: Visiting malicious websites may lead to arbitrary code execution

Description: A buffer overflow exists in QuickTime's handling of RTSP
URLs. By enticing a user to access a maliciously-crafted RTSP URL, an
attacker can trigger the buffer overflow, which may lead to arbitrary
code execution. A QTL file that triggers this issue has been
published on the Month of Apple Bugs web site (MOAB-01-01-2007). This
update addresses the issue by performing additional validation of
RTSP URLs.

--
John Bafford
dsh...@zort.net
http://www.dshadow.com/


frozenINcarbonite

unread,
Jan 23, 2007, 9:56:30 PM1/23/07
to MOAB Fixes
> Now, all we need is Apple fixes for the rest of the Apple MOAB fixes...

With only one bug fixed this time, I have a bad feeling that this is
going to be a long process.

On Jan 23, 5:31 pm, John Bafford <dsha...@zort.net> wrote:
> Now, all we need is Apple fixes for the rest of the Apple MOAB fixes...
>

> Fromhttp://docs.info.apple.com/article.html?artnum=304989:


> Security Update 2007-001
>
> QuickTime
>
> CVE-ID: CVE-2007-0015
>
> Available for: QuickTime 7.1.3 on Mac OS X v10.3.9, Mac OS X Server
> v10.3.9, Mac OS X v10.4.8, Mac OS X Server v10.4.8, Windows XP/2000
>
> Impact: Visiting malicious websites may lead to arbitrary code execution
>
> Description: A buffer overflow exists in QuickTime's handling of RTSP
> URLs. By enticing a user to access a maliciously-crafted RTSP URL, an
> attacker can trigger the buffer overflow, which may lead to arbitrary
> code execution. A QTL file that triggers this issue has been
> published on the Month of Apple Bugs web site (MOAB-01-01-2007). This
> update addresses the issue by performing additional validation of
> RTSP URLs.
>
> --
> John Bafford

> dsha...@zort.nethttp://www.dshadow.com/

frozenINcarbonite

unread,
Jan 23, 2007, 10:12:14 PM1/23/07
to MOAB Fixes
And besides this patch doesn't help with the new MOAB #23.

On Jan 23, 9:56 pm, "frozenINcarbonite" <adr...@gosquareone.com> wrote:
> > Now, all we need is Apple fixes for the rest of the Apple MOAB fixes...With only one bug fixed this time, I have a bad feeling that this is

Rosyna

unread,
Jan 23, 2007, 10:34:58 PM1/23/07
to moab...@googlegroups.com, frozenINcarbonite
Why would it? QuickTime and QuickDraw are entirely different
subsystems on Mac OS X.

Ah, #23 explains #22 a little. It almost seems like they're wording
it so a crash could lead to a root shell in all cases. When it'd only
do such a thing if you actively had an real malicious input manager
installed already that overwrite a file. (Because the dialog
notifying you of a crash launches the User Notification Center
application, which is what the input manager uses to do its thing).

But a crash would only lead to this particular series of events if
you had such an input manager installed already.

Ack, at 1/23/07, frozenINcarbonite said:

>And besides this patch doesn't help with the new MOAB #23.
>
>On Jan 23, 9:56 pm, "frozenINcarbonite" <adr...@gosquareone.com> wrote:
>> > Now, all we need is Apple fixes for the rest of the Apple MOAB
>>fixes...With only one bug fixed this time, I have a bad feeling
>>that this is
>> going to be a long process.
> >

--


Sincerely,
Rosyna Keller
Technical Support/Carbon troll/Always needs a hug

Unsanity: Unsane Tools for Insanely Great People

It's either this, or imagining Phil Schiller in a thong.

dinornis

unread,
Jan 27, 2007, 12:51:18 AM1/27/07
to MOAB Fixes

On Jan 24, 4:34 pm, Rosyna <ros...@gmail.com> wrote:
>
> But a crash would only lead to this particular series of events if

> you had such an [malicious] input manager installed already.
>

that was my take on #22 too, but then I'm already quoted
in their source as a doofus....

d

Rosyna

unread,
Jan 27, 2007, 11:23:54 PM1/27/07
to moab...@googlegroups.com, dinornis
Seems it's already being reported this way.

http://www.itwire.com.au/content/view/8985/53/

"If you have already installed a [malicious] input manager...."

--

Reply all
Reply to author
Forward
0 new messages