This document describes the security content of the Mac OS X 10.3.9 Update, which can be downloaded and installed using Software Update, or from Apple Downloads.
For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred, and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.
For information about the Apple Product Security PGP Key, see "How To Use The Apple Product Security PGP Key."
Where possible, CVE IDs are used to reference the vulnerabilities for further information.
To learn about other Security Updates, see "Apple Security Updates."
To avoid a potential issue that may cause Java applications and Safari to unexpectedly quit, please review this article. Though the resolution to this issue utilizes a Security Update, it is not an actual security issue.
Security content of Mac OS X 10.3.9 Update
- Kernel
Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9
CVE ID: CAN-2005-0969
Impact: A kernel input validation issue can lead to a local denial of service.
Description: The kernel contains syscall emulation functionality that is not used in Mac OS X. Insufficient validation of an input parameter list could result in a heap overflow and a local denial of service through a kernel panic. The issue is addressed by removing the syscall emulation functionality. Credit to Dino Dai Zovi for reporting this issue.
- Kernel
Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9
CVE ID: CAN-2005-0970
Impact: Permitting SUID/SGID scripts to be installed could lead to privilege escalation.
Description: Mac OS X inherited the ability to run SUID/SGID scripts from FreeBSD. Apple does not distribute any SUID/SGID scripts, but the system would allow them to be installed or created. This update removes the ability of Mac OS X to run SUID/SGID scripts. Credit to Bruce Murphy of rattus.net and Justin Walker for reporting this issue.
- Kernel
Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9
CVE ID: CAN-2005-0971 CERT: VU#212190
Impact: A kernel stack overflow in the semop() system call could lead to a local privilege escalation.
Description: The incorrect handling of system call arguments could be used to obtain elevated privileges. This update includes a fix to check access to the kernel object.
- Kernel
Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9
CVE ID: CAN-2005-0972 CERT: VU#185702
Impact: An integer overflow in the searchfs() system call could allow an unprivileged local user to execute arbitrary code with elevated privileges.
Description: The searchfs() system call contains an integer overflow vulnerability that could allow an unprivileged local user to execute arbitrary code with elevated privileges. This update adds input validation on the parameters passed to searchfs() to correct the issue.
- Kernel
Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9
CVE ID: CAN-2005-0973
Impact: Local system users can cause a system resource starvation.
Description: A vulnerability in the handling of values passed to the setsockopt() call could allow unprivileged local users to exhaust available memory. Credit to Robert Stump (rds3792@cs.rit.com) for reporting this issue.
- Kernel
Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9
CVE ID: CAN-2005-0974 CERT: VU#713614
Impact: Local system users can cause a local denial of service.
Description: A vulnerability in the nfs_mount() call due to insufficient checks on input values could allow unprivileged local users to create a denial of service via a kernel panic.
- Kernel
Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9
CVE ID: CAN-2005-0975
Impact: Local system users can cause a temporary interruption of system operation.
Description: A vulnerability in the parsing of certain executable files could allow unprivileged local users to temporarily suspend system operations. Credit to Neil Archibald for reporting this issue.
- Safari
Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9
CVE ID: CAN-2005-0976
Impact: Remote sites could cause html and javascript to run in the local domain.
Description: This update closes a vulnerability that allowed remote websites to load javascript to execute in the local domain. Credit to David Remahl for reporting this issue.