SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (E-mail Server)  >   Postfix Vendors:   Postfix.org
Postfix Buffer Error May Prevent Remote Users from Being Able to Authenticate Using SMTPD AUTH
SecurityTracker Alert ID:  1011532
SecurityTracker URL:  http://securitytracker.com/id/1011532
CVE Reference:   CVE-2004-0925   (Links to External Site)
Date:  Oct 4 2004
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in Postfix on Mac OS X. A remote user can cause denial of service conditions.

Apple reported that when SMTPD AUTH has been enabled, the system does not properly clear a buffer containing the username after authentication attempts. As a result, only users with the longest usernames can authenticate.

Versions prior to Mac OS X 10.3 are not affected.

Apple credits Michael Rondinelli of EyeSee360 with reporting this flaw.

[Editor's note: It is not clear if this affects the upstream Postfix code or if it is specific to Mac OS X.]

Impact:   A remote user can prevent other users from authenticating using SMTPD AUTH.
Solution:   Apple has released a fix as part of Security Update 2004-09-30, available from the Software Update pane in System Preferences, or Apple's Software Downloads web site at:

http://www.apple.com/support/downloads/

For Mac OS X v10.3.5 and Mac OS X Server v10.3.5:

The download file is named: "SecUpd2004-09-30Pan.dmg"
Its SHA-1 digest is: 1660042cecdfca15866cc3a7be06c69ee52d68a3

Vendor URL:  www.postfix.org/ (Links to External Site)
Cause:   State error
Underlying OS:  UNIX (macOS/OS X)
Underlying OS Comments:  10.3.5

Message History:   None.


 Source Message Contents

Subject:  APPLE-SA-2004-09-30 Security Update 2004-09-30


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2004-09-30 Security Update 2004-09-30

Security Update 2004-09-30 is now available and delivers the
following security enhancements:

AFP Server
Available for:  Mac OS X v10.3.5 and Mac OS X Server v10.3.5
CVE-ID:  CAN-2004-0921
Impact:  A denial of service permitting a guest to disconnect AFP
volumes
Description:  An AFP volume mounted by a guest could be used to
terminate authenticated user mounts from the same server by modifying
SessionDestroy packets.  This issue does not affect systems prior to
Mac OS X v10.3 or Mac OS X Server v10.3.

AFP Server
Available for:  Mac OS X v10.3.5 and Mac OS X Server v10.3.5
CVE-ID:  CAN-2004-0922
Impact:  Write-only AFP Drop Box may be set as read-write
Description:  A write-only Drop Box on an AFP volume mounted by a
guest could sometimes be read-write due to an incorrect setting of
the guest group id.  This issue does not affect systems prior to Mac
OS X v10.3 or Mac OS X Server v10.3.

CUPS
Available for:  Mac OS X v10.3.5, Mac OS X Server v10.3.5, Mac OS X
v10.2.8, Mac OS X Server v10.2.8
CVE-ID:  CAN-2004-0558
Impact:  A denial of service causing the printing system to hang
Description:  The Internet Printing Protocol (IPP) implementation in
CUPS can hang when a certain UDP packet is sent to the IPP port.

CUPS
Available for:  Mac OS X v10.3.5, Mac OS X Server v10.3.5, Mac OS X
v10.2.8, Mac OS X Server v10.2.8
CVE-ID:  CAN-2004-0923
Impact:  Local disclosure of user passwords
Description:  Certain methods of authenticated remote printing could
disclose user passwords in the printing system log files.  Credit to
Gary Smith of the IT Services department at Glasgow Caledonian
University for reporting this issue.

NetInfo Manager
Available for:  Mac OS X v10.3.5 and Mac OS X Server v10.3.5
CVE-ID:  CAN-2004-0924
Impact:  Incorrect indication of account status
Description:  The NetInfo Manager utility can enable the "root"
account, but after a single "root" login it is no longer possible to
use NetInfo Manager to disable the account and it incorrectly appears
to be disabled.  This issue does not affect systems prior to Mac OS X
v10.3 or Mac OS X Server v10.3.

postfix
Available for:  Mac OS X v10.3.5 and Mac OS X Server v10.3.5
CVE-ID:  CAN-2004-0925
Impact:  A denial of service when SMTPD AUTH has been enabled
Description:  When SMTPD AUTH has been enabled in postfix, a buffer
containing the username is not correctly cleared between
authentication attempts. Only users with the longest usernames will
be able to authenticate.  This issue does not affect systems prior to
Mac OS X v10.3 or Mac OS X Server v10.3.  Credit to Michael
Rondinelli of EyeSee360 for reporting this issue.

QuickTime
Available for:  Mac OS X v10.3.5, Mac OS X Server v10.3.5, Mac OS X
v10.2.8, Mac OS X Server v10.2.8
CVE-ID:  CAN-2004-0926
Impact:  A heap buffer overflow could allow attackers to execute
arbitrary code
Description:  Flaws in decoding the BMP image type could overwrite
heap memory and potentially allow the execution of arbitrary code
hidden in an image.

ServerAdmin
Available for:  Mac OS X Server v10.3.5 and Mac OS X Server v10.2.8
CVE-ID:  CAN-2004-0927
Impact:  Client - Server communication with ServerAdmin can be read
by decoding captured sessions
Description:  Client - Server communication with ServerAdmin uses
SSL.  All systems come installed with the same example self signed
certificate.  If that certificate has not been replaced, then
ServerAdmin communication may be decrypted.  The fix replaces the
existing self-signed certificate with one that has been locally and
uniquely generated.

================================================

The title of this security update does not match today's date.  Parts
of Cupertino and nearby cities experienced a power blackout late last
week, which affected the actual release date.

================================================

Security Update 2004-09-30 may be obtained from the Software Update
pane in System Preferences, or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/

For Mac OS X v10.3.5 and Mac OS X Server v10.3.5
================================================
The download file is named: "SecUpd2004-09-30Pan.dmg"
Its SHA-1 digest is:  1660042cecdfca15866cc3a7be06c69ee52d68a3

For Mac OS X v10.2.8 and Mac OS X Server v10.2.8
================================================
The download file is named: "SecUpd2004-09-30Jag.dmg"
Its SHA-1 digest is:  6db70c5b76d386776f491dca52fabdc02c8284e1

Information will also be posted to the Apple Product Security
web site:
http://www.apple.com/support/security/security_updates.html

This message is signed with Apple's Product Security PGP key,
and details are available at:
http://www.apple.com/support/security/security_pgp.html

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQEVAwUBQWG0OJyw5owIz4TQAQIL0Af+Imy6bB1sAngh3LYt2YE8N/ibWh5sMwda
4PpBqJL8WY4UEV3jP6UOzEH1QYMAGF7/NbXKuyVrXEo5cQdEtVLYuhGwwvuSHlM+
FtYRoD2Nx/1/+4+uOWWMeWvr45PJheCLhw0KlQ+98DETmBFyNkJFwZXTXCSRK0tz
I52ZZTMFHIDVSJ32+way32MFLVSinEDsnFUG2TNohJBLGX1INJHZTvHbs/gtN8b+
cHFypqXKtLpFlScim5QWx4QPnenfLko3IrsqcWDPUjJ7w9EVVTkMldHKFbjbR8vQ
0aws7V3kDcbeFTVlTigjzA3FGh+XjM6L6ea91duDNRT1hwAiZ8qMiA==
=Ml2L
-----END PGP SIGNATURE-----

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list      (Security-announce@lists.apple.com)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/security-announce/gst%40securitytracker.com

This email sent to ***********************

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC