Apple Mac OS X Compact Font Format (CFF)堆溢出漏洞

漏洞起因
边界条件错误
 
影响系统
Apple Mac OS X Server 10.5.6
Apple Mac OS X Server 10.5.5
Apple Mac OS X Server 10.5.4
Apple Mac OS X Server 10.5.3
Apple Mac OS X Server 10.5.2
Apple Mac OS X Server 10.5.1
Apple Mac OS X Server 10.4.11
Apple Mac OS X Server 10.4.11
Apple Mac OS X Server 10.4.10
Apple Mac OS X Server 10.4.9
Apple Mac OS X Server 10.4.8
Apple Mac OS X Server 10.4.7
Apple Mac OS X Server 10.4.6
Apple Mac OS X Server 10.4.5
Apple Mac OS X Server 10.4.4
Apple Mac OS X Server 10.4.3
Apple Mac OS X Server 10.4.2
Apple Mac OS X Server 10.4.1
Apple Mac OS X Server 10.4
Apple Mac OS X Server 10.5
Apple Mac OS X 10.5.6
Apple Mac OS X 10.5.5
Apple Mac OS X 10.5.4
Apple Mac OS X 10.5.3
Apple Mac OS X 10.5.2
Apple Mac OS X 10.5.1
Apple Mac OS X 10.4.11
Apple Mac OS X 10.4.11
Apple Mac OS X 10.4.10
Apple Mac OS X 10.4.9
Apple Mac OS X 10.4.8
Apple Mac OS X 10.4.7
Apple Mac OS X 10.4.6
Apple Mac OS X 10.4.5
Apple Mac OS X 10.4.4
Apple Mac OS X 10.4.3
Apple Mac OS X 10.4.2
Apple Mac OS X 10.4.1
Apple Mac OS X 10.4
Apple Mac OS X 10.5
 
不受影响系统
Apple Mac OS X Server 10.5.7
Apple Mac OS X 10.5.7
 
危害
远程攻击可以利用漏洞以应用程序权限执行任意指令。
 
攻击所需条件
攻击者必须构建恶意文档,诱使用户访问。
 
漏洞信息
Apple Mac OS是一款基于BSD的操作系统。
Apple Mac OS Type服务处理CFF字体存在堆缓冲区溢出,远程攻击可以利用漏洞以应用程序权限执行任意指令。
构建嵌入恶意CFF字体的WEB文档,诱使用户打开,可触发此漏洞。
 
测试方法
 
厂商解决方案
升级程序:
Apple Mac OS X Server 10.5
Apple MacOSXServerUpdCombo10.5.7.dmg
http://support.apple.com/downloads/DL829/MacOSXServerUpdCombo10.5.7.dm g
Apple Mac OS X 10.5
Apple MacOSXUpdCombo10.5.7.dmg
http://support.apple.com/downloads/DL827/MacOSXUpdCombo10.5.7.dmg
Apple Mac OS X Server 10.4.11
Apple SecUpd2009-002Intel.dmg
(Intel)
http://support.apple.com/downloads/DL817/SecUpd2009-002Intel.dmg
Apple SecUpdSrvr2009-002PPC.dmg
(PowerPC)
http://support.apple.com/downloads/DL819/SecUpdSrvr2009-002PPC.dmg
Apple SecUpdSrvr2009-002Univ.dmg
(Universal)
http://support.apple.com/downloads/DL816/SecUpdSrvr2009-002Univ.dmg
Apple Mac OS X 10.4.11
Apple SecUpd2009-002PPC.dmg
(PowerPC)
http://support.apple.com/downloads/DL818/SecUpd2009-002PPC.dmg
Apple Mac OS X 10.5.1
Apple MacOSXUpdCombo10.5.7.dmg
http://support.apple.com/downloads/DL827/MacOSXUpdCombo10.5.7.dmg
Apple Mac OS X Server 10.5.1
Apple MacOSXServerUpdCombo10.5.7.dmg
http://support.apple.com/downloads/DL829/MacOSXServerUpdCombo10.5.7.dm g
Apple Mac OS X 10.5.2
Apple MacOSXUpdCombo10.5.7.dmg
http://support.apple.com/downloads/DL827/MacOSXUpdCombo10.5.7.dmg
Apple Mac OS X Server 10.5.2
Apple MacOSXServerUpdCombo10.5.7.dmg
http://support.apple.com/downloads/DL829/MacOSXServerUpdCombo10.5.7.dm g
Apple Mac OS X 10.5.3
Apple MacOSXUpdCombo10.5.7.dmg
http://support.apple.com/downloads/DL827/MacOSXUpdCombo10.5.7.dmg
Apple Mac OS X Server 10.5.3
Apple MacOSXServerUpdCombo10.5.7.dmg
http://support.apple.com/downloads/DL829/MacOSXServerUpdCombo10.5.7.dm g
Apple Mac OS X 10.5.4
Apple MacOSXUpdCombo10.5.7.dmg
http://support.apple.com/downloads/DL827/MacOSXUpdCombo10.5.7.dmg
Apple Mac OS X Server 10.5.4
Apple MacOSXServerUpdCombo10.5.7.dmg
http://support.apple.com/downloads/DL829/MacOSXServerUpdCombo10.5.7.dm g
Apple Mac OS X Server 10.5.5
Apple MacOSXServerUpdCombo10.5.7.dmg
http://support.apple.com/downloads/DL829/MacOSXServerUpdCombo10.5.7.dm g
Apple Mac OS X 10.5.5
Apple MacOSXUpdCombo10.5.7.dmg
http://support.apple.com/downloads/DL827/MacOSXUpdCombo10.5.7.dmg
Apple Mac OS X 10.5.6
Apple MacOSXUpd10.5.7.dmg
http://support.apple.com/downloads/DL826/MacOSXUpd10.5.7.dmg
Apple Mac OS X Server 10.5.6
Apple MacOSXServerUpd10.5.7.dmg
http://support.apple.com/downloads/DL828/MacOSXServerUpd10.5.7.dmg
 
漏洞提供者
Apple