SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Apple Xcode Vendors:   Apple
Apple Xcode Tools Grants Remote Access to WebObjects Projects
SecurityTracker Alert ID:  1016143
SecurityTracker URL:  http://securitytracker.com/id/1016143
CVE Reference:   CVE-2006-1466   (Links to External Site)
Updated:  Nov 1 2006
Original Entry Date:  May 23 2006
Impact:   Disclosure of user information, Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 2.3
Description:   A vulnerability was reported in Xcode Tools. A remote user may be able to view or modify WebObjects projects on the target system.

The WebObjects Xcode plug-in allows a remote user to manipulate projects through a network service. A remote user can connect to the service to view or modify projects.

Systems with the WebObjects plug-in installed are affected.

Apple credits Mike Schrag of mDimension Technology with reporting this vulnerability.

Impact:   A remote user can view or modify WebObjects projects.
Solution:   The vendor has issued a fixed version (2.3), available at:

http://developer.apple.com/tools/download/

The download file is named: "xcode_2.3_8m1780_oz693620813.dmg"
Its SHA-1 digest is: aa768c0fb979eeb11c29f177f68c763fab14ea3f

Vendor URL:  docs.info.apple.com/article.html?artnum=61798 (Links to External Site)
Cause:   Access control error
Underlying OS:  UNIX (macOS/OS X)

Message History:   None.


 Source Message Contents

Subject:  APPLE-SA-2006-05-23 Xcode Tools 2.3

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2006-05-23 Xcode Tools 2.3

Xcode Tools 2.3 is now available.  Along with functionality
improvements (see release notes), it also fixes the following
security issue:

WebObjects
CVE-ID:  CVE-2006-1466
Available for:  Mac OS X v10.4 and later
Impact:  If you install WebObjects developer tools, remote
attackers may be able to obtain or modify WebObjects projects
while Xcode is running
Description:  The WebObjects Xcode plug-in provides the ability
to manipulate projects through a network service. This service
is accessible to remote systems while Xcode is running. This
update addresses the issue by limiting this service to the local
system. This issue does not affect default installations of
Xcode Tools. Only systems with the WebObjects plug-in installed
are affected. Credit to Mike Schrag of mDimension Technology
for reporting this issue.

Xcode Tools 2.3 may be obtained from:
http://developer.apple.com/tools/download/

The download file is named:  "xcode_2.3_8m1780_oz693620813.dmg"
Its SHA-1 digest is:  aa768c0fb979eeb11c29f177f68c763fab14ea3f

Information will also be posted to the Apple Product Security
web site:  http://docs.info.apple.com/article.html?artnum=61798

This message is signed with Apple's Product Security PGP key,
and details are available at:
http://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.6 (Build 6060)

iQEVAwUBRHN0x4mzP5/bU5rtAQiQWAgAxi6ZaXuDsUe193U7AMZ6QXvjfsHm8ZiW
QgTKmZz9kGzriS1nlepxSkNkCe5yWYLkrJ5qNQb7DTj1Gya+7clMHdWX/2fY56eS
PLQ0V3K/0bhRO5qvpQGjeOFX77gxmhYtphWH3X+HhYPEzjVkWc6+11tyvwqGtP52
DJvDbytpqVlmlaGkKGQ5b2PhdlzZEuiqKNtzVvn0EN/1vM7/Ic93YAGkkn19K2Uh
Jv4KhPWoj+52cL92Pp4GdjtRcdXr0Iw3rxtBW5/BU8XNat44+qmR9gm9hvZL6O84
aacs6vRHa29xekwn+VK56DpIrA96LlafzFWDE6TJFKp31Z2nAb5g2Q==
=DWIH
-----END PGP SIGNATURE-----

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list      (Security-announce@lists.apple.com)
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC