SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Apple CoreFoundation Vendors:   Apple
Apple CoreFoundation Environment Variable Flaw Has Unspecified Impact
SecurityTracker Alert ID:  1010045
SecurityTracker URL:  http://securitytracker.com/id/1010045
CVE Reference:   CVE-2004-0428   (Links to External Site)
Date:  May 4 2004
Impact:   Not specified
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in Apple's CoreFoundation. The impact was not specified.

Apple reported that CoreFoundation does not properly handle an environment variable. No further details were available.

The vendor credits aaron@vtty.com with reporting this flaw.

Impact:   The impact was not specified.
Solution:   Apple has released a fix as part of APPLE-SA-2004-05-03 Security Update 2004-05-03.

For Mac OS X 10.3.3 "Panther"
=============================
http://download.info.apple.com/Mac_OS_X/061-1213.20040503.vngr3/2Z/SecUpd2004-05-03Pan.dmg
The download file is named: "SecUpd2004-05-03Pan.dmg"
Its SHA-1 digest is: 6f35539668d80ee536305a4146bd982a93706532

For Mac OS X Server 10.3.3
==========================
http://download.info.apple.com/Mac_OS_X/061-1215.20040503.mPp9k/2Z/SecUpdSrvr2004-05-03Pan.dmg
The download file is named: "SecUpdSrvr2004-05-03Pan.dmg"
Its SHA-1 digest is: 3c7da910601fd36d4cdfb276af4783ae311ac5d7

For Mac OS X 10.2.8 "Jaguar"
=============================
http://download.info.apple.com/Mac_OS_X/061-1217.20040503.BmkY5/2Z/SecUpd2004-05-03Jag.dmg
The download file is named: "SecUpd2004-05-03Jag.dmg"
Its SHA-1 digest is: 11d5f365e0db58b369d85aa909ac6209e2f49945

For Mac OS X Server 10.2.8
==========================
http://download.info.apple.com/Mac_OS_X/061-1219.20040503.Zsw3S/2Z/SecUpdSrvr2004-05-03Jag.dmg
The download file is named: "SecUpdSrvr2004-05-03Jag.dmg"
Its SHA-1 digest is: 28859a4c88f6e1d1fe253388b233a5732b6e42fb

Vendor URL:  www.apple.com/support/security/security_updates.html (Links to External Site)
Cause:   Not specified
Underlying OS:  UNIX (macOS/OS X)
Underlying OS Comments:  10.2.8, 10.3.3

Message History:   None.


 Source Message Contents

Subject:  APPLE-SA-2004-05-03 Security Update 2004-05-03


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2004-05-03 Security Update 2004-05-03

Security Update 2004-05-03 is now available and contains security
enhancements for the following:

CoreFoundation: Fixes CAN-2004-0428 to improve the handling of an
    environment variable. Credit to aaron@vtty.com for reporting this
    issue.

Apache 2: Fixes CAN-2003-0020, CAN-2004-0113 and CAN-2004-0174 by
    updating to Apache 2 to version 2.0.49.

RAdmin: Fixes CAN-2004-0429 to improve the handling of large requests

AppleFileServer: Fixes CAN-2004-0430 to improve the handling of long
    passwords. Credit to Dave G. from @stake for reporting this issue.

IPSec: Fixes CAN-2004-0155 and CAN-2004-0403 to improve the security
    of VPN tunnels.  IPSec in Mac OS X is not vulnerable to
    CAN-2004-0392.

Notes:
  -  Security Update 2004-05-03 is available for both Mac OS X 10.3.3
       and Mac OS X 10.2.8
  -  Security Update 2004-04-05 has been incorporated into this update

================================================

Security Update 2004-05-03 may be obtained from:

  * Software Update pane in System Preferences

  * Apple's Software Downloads web site:

    For Mac OS X 10.3.3 "Panther"
    =============================
    http://download.info.apple.com/Mac_OS_X/061-1213.20040503.vngr3/2Z
/SecUpd2004-05-03Pan.dmg
    The download file is named: "SecUpd2004-05-03Pan.dmg"
    Its SHA-1 digest is: 6f35539668d80ee536305a4146bd982a93706532
    
    For Mac OS X Server 10.3.3
    ==========================
    http://download.info.apple.com/Mac_OS_X/061-1215.20040503.mPp9k/2Z
/SecUpdSrvr2004-05-03Pan.dmg
    The download file is named: "SecUpdSrvr2004-05-03Pan.dmg"
    Its SHA-1 digest is: 3c7da910601fd36d4cdfb276af4783ae311ac5d7
    
    For Mac OS X 10.2.8 "Jaguar"
    =============================
    http://download.info.apple.com/Mac_OS_X/061-1217.20040503.BmkY5/2Z
/SecUpd2004-05-03Jag.dmg
    The download file is named: "SecUpd2004-05-03Jag.dmg"
    Its SHA-1 digest is: 11d5f365e0db58b369d85aa909ac6209e2f49945
    
    For Mac OS X Server 10.2.8
    ==========================
    http://download.info.apple.com/Mac_OS_X/061-1219.20040503.Zsw3S/2Z
/SecUpdSrvr2004-05-03Jag.dmg
    The download file is named: "SecUpdSrvr2004-05-03Jag.dmg"
    Its SHA-1 digest is: 28859a4c88f6e1d1fe253388b233a5732b6e42fb
        
Information will also be posted to the Apple Product Security web
site:
http://www.apple.com/support/security/security_updates.html

This message is signed with Apple's Product Security PGP key, and
details are available at:
http://www.apple.com/support/security/security_pgp.html

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.2

iQEVAwUBQJa38XeI0z6bzFr0AQKEjAf9HAvSxFVwKjmzZ1ZcqmVWhCfkNA9TIby7
Z9WOeAIhSFX1GVyetjQIeODLBYVj8bACK2fDj+deRv60VC6IQOxQNTSI5EwlkI/O
Tnz9q77WwV0IaNugfZHWQglKiH6j5ZhMg9xZUQTEpJChPS6u0NN3J4nhj7diqlbK
4a6N+HLQ4jQvk4hpQoFYRGOVnHzso2SJpKUN5uJ2obTSUw528Gchugr1Uez4/m9G
Pb5BZewX877Qc3t1icnlNxSXSru2TIrqef4+ZuJlek5N8lN0oda2KQ7pvkc0/raO
oJnLTiJoGFxLV5jLw7PBd7bIRpUJXZa/xtyg1lj8XUf0r5SFGRVwww==
=wmAo
-----END PGP SIGNATURE-----
_______________________________________________
security-announce mailing list | security-announce@lists.apple.com
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/security-announce
Do not post admin requests to the list. They will be ignored.


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC