SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (File Transfer/Sharing)  >   AppleFileServer Vendors:   Apple
AppleFileServer Does Not Properly Handle Malformed Requests
SecurityTracker Alert ID:  1008532
SecurityTracker URL:  http://securitytracker.com/id/1008532
CVE Reference:   CVE-2003-1007   (Links to External Site)
Updated:  Jul 6 2008
Original Entry Date:  Dec 20 2003
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   An unspecified vulnerability was reported in the AppleFileServer on Mac OS X. The impact was not specified.

It is reported that AppleFileServer does not properly handle malformed requests. No further details were provided.

Impact:   The impact was not specified. [Editor's note: It appears from Apple's vague description that the impact is a remote denial of service.]
Solution:   Apple has released a fix for Panther and Jaguar.

Security Update 2003-12-19 for Panther is available at:

* Software Update pane in System Preferences

* Apple's Software Downloads web site:
http://www.info.apple.com/kbnum/n120292
The download file is named: "SecurityUpd2003-12-19.dmg"
Its SHA-1 digest is: 112674677572232f640d03122b25527d84fbbbf8

Security Update 2003-12-19 for Jaguar is available at:

* Software Update pane in System Preferences

* Apple's Software Downloads web site:
http://www.info.apple.com/kbnum/n120291
The download file is named: "SecurityUpd2003-12-19Jag.dmg"
Its SHA-1 digest is: b0c5d1ef54020db7580798fddd7a1e132e653896

Vendor URL:  www.apple.com/ (Links to External Site)
Cause:   Not specified
Underlying OS:  UNIX (macOS/OS X)
Underlying OS Comments:  10.2.8, 10.3.2

Message History:   None.


 Source Message Contents

Subject:  APPLE-SA-2003-12-19 Security Update for Panther


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2003-12-19 Security Update 2003-12-19 for Panther

Security Update 2003-12-19 for Panther is available for
    Mac OS X 10.3.2 and Mac OS X Server 10.3.2.

It contains security enhancements for the following:

AppleFileServer: Fixes CAN-2003-1007 to improve the handling of
    malformed requests.

ASN.1 Decoding for PKI:  Fixes CAN-2003-1005 which could cause a
    potential denial of service when receiving malformed ASN.1
    sequences.  This is related but separate from CAN-2003-0851.

cd9660.util:  Fixes CAN-2003-1006, a buffer overflow vulnerability in
    the filesystem utility cd9660.util.
    Credit to KF of Secure Network Operations for reporting this issue.

Directory Services:  Fixes CAN-2003-1009.  The default settings are
    changed to prevent an inadvertent connection in the event of a
    malicious DHCP server on the computer's local subnet.  Further
    information is provided in Apple's Knowledge Base article:
    http://docs.info.apple.com/article.html?artnum=32478
    Credit to William A. Carrel for reporting this issue.

fetchmail: Fixes CAN-2003-0792. Updates are provided to fetchmail that
    improve its stability when receiving malformed messages.

fs_usage:  Fixes CAN-2003-1010. The fs_usage tool has been improved to
    prevent a local privilege escalation vulnerability.  This tool is
    used to collect system performance information and requires admin
    privileges to run.
    Credit to Dave G. of @stake for reporting this issue.

rsync:  Fixes CAN-2003-0962 by improving the security of the rsync
    server.
    
Screen Saver:  Fixes CAN-2003-1008.  When the Screen Saver login
    window is present, it is no longer possible to write a text
    clipping to the desktop or an application.
    Credit to Benjamin Kelly for reporting this issue.

System initialization:  Fixes CAN-2003-1011. The system initialization
    process has been improved to restrict root access on a system that
    uses a USB keyboard.

================================================

Security Update 2003-12-19 for Panther may be obtained from:

  * Software Update pane in System Preferences

  * Apple's Software Downloads web site:
    http://www.info.apple.com/kbnum/n120292
    The download file is named: "SecurityUpd2003-12-19.dmg"
    Its SHA-1 digest is: 112674677572232f640d03122b25527d84fbbbf8
    
Information will also be posted to the Apple Product Security web
site:
http://www.apple.com/support/security/security_updates.html

This message is signed with Apple's Product Security PGP key, and
details are available at:
http://www.apple.com/support/security/security_pgp.html

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.2

iQEVAwUBP+Rsp3eI0z6bzFr0AQI/MwgAqqUXmeRPg2xLQlbGiK15uDhgrcOuE27V
5fi8IvkiAWMN/qjJofG3y+crtmZwTea0Z8qvcw8EcbMRtuhqzyCu43HFTE8wFJ4w
FqmwihZQANu8IHye9tgl36CiPJvY3bYWPxd3GobAQKZp81/OIhY3H2aB79Oa3N3o
6lBPHInyLmRswlOa9s7v6wSJAK/9MXa7dwSLtaaFsVg7R8kfe4atZ0tAlc8rHAnS
k0sZq1z6hPeiXHRxFIeozwTr6P5QLZB/3YuRYLtgYudojOauV1/X4/ltsOb5Kdk/
HUdrNSZfoECPI78BecWblnsGG91Tgd20GIcTke06o0zWvZa2vXWJDg==
=3ZBF
-----END PGP SIGNATURE-----
_______________________________________________
security-announce mailing list | security-announce@lists.apple.com
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/security-announce
Do not post admin requests to the list. They will be ignored.

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC