SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   OS (UNIX)  >   Mac OS X Vendors:   Apple Computer
Mac OS X Format String Flaw in PackageKit Allows Remote Man-in-the-Middle Attacks to Execute Arbitrary Code
SecurityTracker Alert ID:  1024938
SecurityTracker URL:  http://securitytracker.com/id/1024938
CVE Reference:   CVE-2010-4013   (Links to External Site)
Date:  Jan 6 2011
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 10.6 - 10.6.5
Description:   A vulnerability was reported in Mac OS X PackageKit. A remote user can execute arbitrary code on the target system.

A remote user with the ability to conduct a man-in-the-middle attack can trigger a format string flaw in PackageKit's handling of distribution scripts to execute arbitrary code when Software Update checks for new updates.

Systems prior to Mac OS X v10.6 are not affected.

Aaron Sigel of vtty.com reported this vulnerability.
Impact:   A remote user with the ability to conduct a man-in-the-middle attack can execute arbitrary code on the target system.
Solution:   The vendor has issued a fix as part of Mac OS X Server v10.6.6, available from the Software Update pane in System Preferences, or Apple's Software Downloads web site at:

http://www.apple.com/support/downloads/

For Mac OS X v10.6.5
The download file is named: MacOSXUpd10.6.6.dmg
Its SHA-1 digest is: 299d22132bebdab229be531e169d65a88f4736c9

For Mac OS X v10.6 - v10.6.4
The download file is named: MacOSXUpdCombo10.6.6.dmg
Its SHA-1 digest is: 868768cbc88db1895161f74030e98e8ce2303151

For Mac OS X Server v10.6.5
The download file is named: MacOSXServerUpd10.6.6.dmg
Its SHA-1 digest is: 2f202fcbe27fa54ddd2fb8aaa5b4aa9b055301e2

For Mac OS X Server v10.6 - v10.6.4
The download file is named: MacOSXServUpdCombo10.6.6.dmg
Its SHA-1 digest is: 3d051d91a8ffe4d25b95378eb7385e94a64fc71c

The vendor's advisory is available at:

http://support.apple.com/kb/HT4498
Vendor URL:  support.apple.com/kb/HT4498 (Links to External Site)
Cause:   Input validation error, State error
Underlying OS:  

Message History:   None.

 Source Message Contents
Date:  Thu, 06 Jan 2011 21:10:03 +0000
Subject:  Mac OS X


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2011-01-06-1 Mac OS X v10.6.6

Mac OS X v10.6.6 is now available and addresses the following:

PackageKit
CVE-ID:  CVE-2010-4013
Available for:  Mac OS X v10.6 through v10.6.5,
Mac OS X Server v10.6 through v10.6.5
Impact:  A man-in-the-middle attacker may be able to cause an
unexpected application termination or arbitrary code execution
Description:  A format string issue exists in PackageKit's handling
of distribution scripts. A man-in-the-middle attacker may be able to
cause an unexpected application termination or arbitrary code
execution when Software Update checks for new updates. This issue is
addressed through improved validation of distribution scripts. This
issue does not affect systems prior to Mac OS X v10.6. Credit to
Aaron Sigel of vtty.com for reporting this issue.


Mac OS X Server v10.6.6 may be obtained from the Software Update
pane in System Preferences, or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/


For Mac OS X v10.6.5
The download file is named: MacOSXUpd10.6.6.dmg
Its SHA-1 digest is: 299d22132bebdab229be531e169d65a88f4736c9

For Mac OS X v10.6 - v10.6.4
The download file is named: MacOSXUpdCombo10.6.6.dmg
Its SHA-1 digest is: 868768cbc88db1895161f74030e98e8ce2303151

For Mac OS X Server v10.6.5
The download file is named: MacOSXServerUpd10.6.6.dmg
Its SHA-1 digest is: 2f202fcbe27fa54ddd2fb8aaa5b4aa9b055301e2

For Mac OS X Server v10.6 - v10.6.4
The download file is named: MacOSXServUpdCombo10.6.6.dmg
Its SHA-1 digest is: 3d051d91a8ffe4d25b95378eb7385e94a64fc71c


Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (Darwin)

iQEcBAEBAgAGBQJNJeeXAAoJEGnF2JsdZQeeV7UIAJTPFZz+mQMIdlrS7TlRpsdv
Hvz3O/9sj/czbpBs/EcAIk75vRNcGqI/NYCAbf+5VNHt8ALuJkXuRidIjIPvy8sV
Sq7tiNRySzD2kzjCvFXxqcWRewsfD1JWtPoV6HgL6PAHZF7KEQfCH54UI/Ka8h3U
XAoRRXWhKdDuBsO0W2mJFrZEwgihb3aetY1SHYX2yX9K1ccVy29vznAfWTKNeS3w
z4MBJV9OdufqpJEEe6sWC4zpZgiCBkDvNgxYujRoJYPujOajvb94HeBkl3hnSsLV
9X02Y/VQ0VRWPxtCCnIwbvXyv7A5AR/BeDX56fxNIyrJHNE65vIOjM+um5EmVPo=
=eHtZ
-----END PGP SIGNATURE-----


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2013, SecurityGlobal.net LLC