From: Woo Lee (vitcitylb_at_earthlink.net)
Date: Tue Dec 23 2003 - 05:01:01 PST
>Subject: [SA10474] Mac OS X Security Updat.
>From: sec-adv_at_secunia.com
>Sent: 7:52 am Mon 12/22/03
TITLE:
Mac OS X Security Update Fixes Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA10474
VERIFY ADVISORY:
http://www.secunia.com/advisories/10474/
CRITICAL:
Highly critical
IMPACT:
Security Bypass, Privilege escalation, DoS, System access
WHERE:
From remote
OPERATING SYSTEM:
Apple Macintosh OS X
DESCRIPTION:
Apple has issued security updates for Mac OS X. These fix several
vulnerabilities, which can be exploited by malicious people to
perform a variety of attacks.
The AppleFileServer contains an unspecified vulnerability when
handling malformed requests.
An error in the handling of malformed ASN.1 sequences can be
exploited to cause a DoS (Denial of Service).
A boundary error in "cd9660.util" can potentially be exploited by
malicious, local users to escalate their privileges.
For more information:
SA10440
Insecure default settings when handling DHCP packets can potentially
be exploited by malicious people to compromise a user's system.
For more information:
SA10295
An error in fetchmail when handling long lines can be exploited to
cause a DoS.
For more information:
SA10025
An unspecified vulnerability in the tool "fs_usage" can be exploited
by malicious, local users to escalate their privileges.
An integer overflow in rsync can potentially be exploited by
malicious people to compromise a vulnerable system.
For more information:
SA10353
A security issue in the Screen Saver can be exploited to perform some
actions for a limited period of time on the desktop and applications
when the login window is present.
During the system initialisation process, a malicious, local user can
get a root shell by pressing the "Ctrl" and "C" keys on a USB
keyboard for an extended period of time.
SOLUTION:
Apply Security Update 2003-12-19.
Mac OS X 10.2.8 Client and Server:
http://www.info.apple.com/kbnum/n120291
Mac OS X 10.3.2 Client and Server:
http://www.info.apple.com/kbnum/n120292
PROVIDED AND/OR DISCOVERED BY:
Apple credits the discovery of some vulnerabilities to:
William A. Carrel, Benjamin Kelly, and Dave G.
OTHER REFERENCES:
SA10025:
http://www.secunia.com/advisories/10025/
SA10295:
http://www.secunia.com/advisories/10295/
SA10353:
http://www.secunia.com/advisories/10353/
SA10440:
http://www.secunia.com/advisories/10440/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://www.secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://www.secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
vitcitylb_at_earthlink.net">http://www.secunia.com/sec_adv_unsubscribe/?email=vitcitylb_at_earthlink.net
----------------------------------------------------------------------
---------------------
!ooW %-) www.lanug.org
Pres. of LA Newton Users Group!...over $teve's Live Body.
A NewtonAddict on MacAddictYr2003!
-- This is the NewtonTalk list - http://www.newtontalk.net/ for all inquiries List FAQ/Etiquette/Terms: http://www.newtontalk.net/faq.html Official Newton FAQ: http://www.chuma.org/newton/faq/
This archive was generated by hypermail 2.1.5 : Tue Dec 23 2003 - 05:30:01 PST