Wednesday, August 12, 2009

vsftpd-2.2.0 released

Not much of interest to add beyond the interesting network isolation support previously discussed. Some minor bugs were fixed. A bunch of compile errors were addressed. There is now support for PAM modules which remap the underlying user account. There is also a new command-line option to pass config file options directly.

Wednesday, August 5, 2009

Apple ColorSync heap overflow

Apple just released the Mac OS X 10.5.8 update, which includes security fixes:

http://support.apple.com/kb/HT3757

One of the fixes is for a heap-based buffer overflow in the ColorSync component (which handles the parsing of ICC profiles). Limited details are here:

http://scary.beasts.org/security/CESA-2009-011.html

This vulnerability could likely be used to execute arbitrary code in contexts such as Safari browsing to a malicious page. Mail clients (both web-based and local client based) might make an interesting target.

This was discovered because the test case for my earlier LittleCMS (lcms) vulnerabilities happens to crash Safari when you hit it:

https://cevans-app.appspot.com/static/CVE-2009-0733.jpg