(Apple Issues Fix) tcpdump RADIUS print_attr_string() Parameter Overflow Lets Remote Users Crash the Process
|
|
SecurityTracker Alert ID: 1009185 |
|
SecurityTracker URL: http://securitytracker.com/id/1009185
|
|
CVE Reference:
CAN-2004-0055
(Links to External Site)
|
Date: Feb 24 2004
|
Impact:
Denial of service via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 3.8.1
|
Description:
A vulnerability was reported in tcpdump in the processing of RADIUS packets. A remote user can cause the target tcpdump process to crash.
Jonathan Heusser reported that there is a flaw in 'print-radius.c' in the print_attr_string() function, where the 'length' and 'data' parameters are not properly validated. The report also indicates that there is a flaw in the radius_attr_print() function, where an upper limit for the 'rad_attr->len' is not defined.
A remote user can send a specially crafted RADIUS packet to cause the target process to crash.
|
Impact:
A remote user can crash the tcpdump process.
|
Solution:
Apple has released a fix as part of Security Update 2004-02-23, available at:
* Software Update pane in System Preferences (Mac OS X 10.3.2 and Mac OS X 10.2.8)
* Apple's Software Downloads web site:
Mac OS X 10.3.2 Client
======================
http://www.info.apple.com/kbnum/n120323
The download file is named: "SecUpd2004-02-23Pan.dmg"
Its SHA-1 digest is: dfe48ca16839e693674cf55995986f11d8282777
Mac OS X 10.3.2 Server
======================
http://www.info.apple.com/kbnum/n120324
The download file is named: "SecUpdSrvr2004-02-23Pan.dmg"
Its SHA-1 digest is: cde0a40abe3c1451458b15c01b73910b18bc4530
Mac OS X 10.2.8 Client
======================
http://www.info.apple.com/kbnum/n120277
The download file is named: "SecUpd2004-02-23Jag.dmg"
Its SHA-1 digest is: 4ec49f05f206649353ae20edd9b87ddb0b42a84b
Mac OS X 10.2.8 Server
======================
http://www.info.apple.com/kbnum/n120322
The download file is named: "SecUpdSrvr2004-02-23Jag.dmg"
Its SHA-1 digest is: 79617234d288d45208531622a38f307a978f82d7
|
Vendor URL: www.tcpdump.org/ (Links to External Site)
|
Cause:
Boundary error, Input validation error
|
Underlying OS:
UNIX (OS X)
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Mon, 23 Feb 2004 18:42:28 -0800
Subject: APPLE-SA-2004-02-23 Security Update 2004-02-23
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2004-02-23 Security Update 2004-02-23
Security Update 2004-02-23 is now available. It addresses the
following issues:
CoreFoundation: Fixes CAN-2004-0168 to improve notification
logging. Credit to aaron@vtty.com for reporting this issue.
DiskArbitration: Fixes CAN-2004-0167 to more securely handle the
initialization of writeable removable media. Credit to
aaron@vtty.com for reporting this issue.
IPSec: Fixes CAN-2004-0164 to improve checking in key exchange
Point-to-Point-Protocol: Fixes CAN-2004-0165 to improve the
handling of error messages. Credit to Dave G. of @stake and
Justin Tibbs of Secure Network Operations (SRT) for reporting
this issue.
QuickTime Streaming Server: Fixes CAN-2004-0169 to improve
checking of request data. Credit to iDEFENSE Labs for
reporting this issue. Streaming Server updates for other
platforms are available from
http://developer.apple.com/darwin/
Safari: Fixes CAN-2004-0166 to improve the display of URLs in the
status bar
tcpdump: Fixes CAN-2003-0989, CAN-2004-0055, and CAN-2004-0057 by
updating tcpdump to version 3.8.1 and libpcap to version 0.8.1
================================================
Security Update 2004-02-23 may be obtained from:
* Software Update pane in System Preferences (Mac OS X 10.3.2
and Mac OS X 10.2.8)
* Apple's Software Downloads web site:
Mac OS X 10.3.2 Client
======================
http://www.info.apple.com/kbnum/n120323
The download file is named: "SecUpd2004-02-23Pan.dmg"
Its SHA-1 digest is: dfe48ca16839e693674cf55995986f11d8282777
Mac OS X 10.3.2 Server
======================
http://www.info.apple.com/kbnum/n120324
The download file is named: "SecUpdSrvr2004-02-23Pan.dmg"
Its SHA-1 digest is: cde0a40abe3c1451458b15c01b73910b18bc4530
Mac OS X 10.2.8 Client
======================
http://www.info.apple.com/kbnum/n120277
The download file is named: "SecUpd2004-02-23Jag.dmg"
Its SHA-1 digest is: 4ec49f05f206649353ae20edd9b87ddb0b42a84b
Mac OS X 10.2.8 Server
======================
http://www.info.apple.com/kbnum/n120322
The download file is named: "SecUpdSrvr2004-02-23Jag.dmg"
Its SHA-1 digest is: 79617234d288d45208531622a38f307a978f82d7
* QuickTime Streaming Server updates for platforms other than
Mac OS X Server are available from:
http://developer.apple.com/darwin/projects/streaming/
Information will also be posted to the Apple Product Security web
site:
http://www.apple.com/support/security/security_updates.html
This message is signed with Apple's Product Security PGP key, and
details are available at:
http://www.apple.com/support/security/security_pgp.html
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.2
iQEVAwUBQDq4GXeI0z6bzFr0AQIokgf7B0qbznnDSz9kse26CWXjw2dpkC0iOR3D
Jtw9wtQbCT8MWSWoaqHvp2BRQ4951cdIZEbOt/Gvv2eEuK7h5y4HvyLFwH9y5ajg
uuSC8XSK8Ccl5OTFYGP7w+xn4snE8Wo1Sx4L4H8QszrG0jYmKffOL0PNZl/mcF9o
Atl/kBV168R9jK/oww5bjFd99AIB3RDMR0w9fl7DNS1ZS5LHuAps1tsEfHDs2mKm
9lPWlhlUI6CEp2JHS3GhYNht2J0enKX9ESrWV9DVMx5gydb6bQTD1X9vvn9ba0Ld
xF7IZacZXGlYbqQ5jxq68x9c88oZv9BPSAQg7+9Grdtyk/iOXmskOw==
=siCh
-----END PGP SIGNATURE-----
_______________________________________________
security-announce mailing list | security-announce@lists.apple.com
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/security-announce
Do not post admin requests to the list. They will be ignored.
|
|
