Here are some of the most significant bugs from the past week in the BugBlog.
A bug in Apple Mac OS X 10.3.9 and 10.4.2, both client and server, may let an attacker run their code on your computer because of a picture. Not just any picture, but a PICT image that has been designed in a way to exploit a buffer overflow in the QuickDraw Manager. QuickDraw is used in Safari, Mail, and Finder within OS X. This is fixed in the Apple Security Update 2005-008. Apple credits Henrik Dalgaard for finding this bug.
Security researcher Laszlo Toth discovered a bug in the way that Windows XP Service Pack 2 guards some of the key information about wireless networks. Users without administrative privileges may be able to get WEP keys and WPA Pair-wise Master Keys, the information needed to decrypt the wireless network. This can't be done remotely, only by a local user. This bug won't affect the typical home user, but if a school or library has a wireless network set up for public use, it may cause security problems. Microsoft was contacted about this bug in April, 2005. It appears a fix for this won't be coming until the next version of Windows (Longhorn/Vista) which should be here in 2006. See the details at http://www.soonerorlater.hu/index.khtml?article_id=62
iDefense Labs says that the Symantec AntiVirus Scan Engine Web Service has a buffer overflow. This may allow remote attackers to run their code on the target computer with System privileges. According to iDefense, all the attackers need to do is send the improper code to TCP port 8001 on the vulnerable server. The scan engine from Symantec is used by many other third-party applications. See the list of vulnerable software at http://www.symantec.com/avcenter/security/Content/2005.10.04.html, where you can also get fix information. This primarily affects Symantec's enterprise software and not the consumer software. Read the iDefense bulletin at http://www.idefense.com/application/poi/display?id=314&type=vulnerabilities.
See the BugBlog for continuing coverage of bugs and other things that go wrong with your computer.
Article comments
1 - Will Parker
That unusual name sounded quite familiar, so I decided to do a google. Are we quite sure that we should accept bug reports from the insane, even if the bug pertains to Windows?
2 - Bruce Kratofil
It's not an unusual name if you are Hungarian....
besides, he was sane until he started using Windows.
(even though the attack was pre-Win)
3 - Brian
Notice the Apple bug is already fixed before you even hear about it, and the Windows bug? Well, it MIGHT be fixed next year (if you are lucky) and after you buy Longwait/Vista. We know it will be out on time, too, this is M$ we are talking about, and they never miss a deadline. :-)