SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


Try our Premium Alert Service
 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service





Category:   OS (UNIX)  >   Apple macOS/OS X Vendors:   Apple
Mac OS X Application Firewall Bugs May Let Remote Users Access the Services on the Target System
SecurityTracker Alert ID:  1018958
SecurityTracker URL:  http://securitytracker.com/id/1018958
CVE Reference:   CVE-2007-4702, CVE-2007-4703, CVE-2007-4704   (Links to External Site)
Date:  Nov 16 2007
Impact:   Host/resource access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 10.5
Description:   A vulnerability was reported in Mac OS X in the application firewall. A remote user may be able to access services on the target system.

The firewall's "Block all incoming connections" setting allows any process running with root user privileges to receive incoming connections [CVE-2007-4702].

The firewall's "Set access for specific services and applications" setting allows any process running with root user privileges to receive incoming connections, even if the process executable is listed in the "Block incoming connections" list [CVE-2007-4703].

Modifications to the firewall's settings do not apply to processes started by launchd until the processes are restarted [CVE-2007-4704].

This may cause network services to be exposed.

Impact:   A remote user may be able to access services on the target system.
Solution:   The vendor has issued a fixed version (10.5.1 Update), available from the Software Update pane in System Preferences, or Apple's Software Downloads web site at:

http://www.apple.com/support/downloads/

For Mac OS X v10.5
The download file is named: "MacOSXUpd10.5.1.dmg"
Its SHA-1 digest is: fb4ba4e5a0a7db7e04b3c93bb10115017cbea986

For Mac OS X Server v10.5
The download file is named: "MacOSXServerUpd10.5.1.dmg"
Its SHA-1 digest is: 9ccfe856eae029b70b7f465d85041a96738eaeab

The Apple advisory is available at:

http://docs.info.apple.com/article.html?artnum=307004

Vendor URL:  docs.info.apple.com/article.html?artnum=307004 (Links to External Site)
Cause:   Access control error, State error

Message History:   None.


 Source Message Contents

Subject:  APPLE-SA-2007-11-15 Mac OS X v10.5.1 Update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2007-11-15 Mac OS X v10.5.1 Update

Mac OS X v10.5.1 Update is now available and addresses the following
issues:

Application Firewall
CVE-ID:  CVE-2007-4702
Available for:  Mac OS X v10.5, Mac OS X Server v10.5
Impact:  The "Block all incoming connections" setting for the
firewall is misleading
Description:  The "Block all incoming connections" setting for the
Application Firewall allows any process running as user "root" (UID
0) to receive incoming connections, and also allows mDNSResponder to
receive connections. This could result in the unexpected exposure of
network services. This update addresses the issue by more accurately
describing the option as "Allow only essential services", and by
limiting the processes permitted to receive incoming connections
under this setting to a small fixed set of system services: configd
(for DHCP and other network configuration protocols), mDNSResponder
(for Bonjour), and racoon (for IPSec). The "Help" content for the
Application Firewall is also updated to provide further information.
This issue does not affect systems prior to Mac OS X v10.5.

Application Firewall
CVE-ID:  CVE-2007-4703
Available for:  Mac OS X v10.5, Mac OS X Server v10.5
Impact:  Processes running as user "root" (UID 0) cannot be blocked
when the firewall is set to "Set access for specific services and
applications"
Description:  The "Set access for specific services and applications"
setting for the Application Firewall allows any process running as
user "root" (UID 0) to receive incoming connections, even if its
executable is specifically added to the list of programs and its
entry in the list is marked as "Block incoming connections". This
could result in the unexpected exposure of network services. This
update corrects the issue so that any executable so marked is
blocked. This issue does not affect systems prior to Mac OS X v10.5.

Application Firewall
CVE-ID:  CVE-2007-4704
Available for:  Mac OS X v10.5, Mac OS X Server v10.5
Impact:  Changes to Application Firewall settings do not affect
processes started by launchd until they are restarted
Description:  When the Application Firewall settings are changed, a
running process started by launchd will not be affected until it is
restarted. A user might expect changes to take effect immediately and
so leave their system exposed to network access. This update corrects
the issue so that changes take effect immediately. This issue does
not affect systems prior to Mac OS X v10.5.

Mac OS X v10.5.1 may be obtained from the Software Update pane in
System Preferences, or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/

For Mac OS X v10.5
The download file is named:  "MacOSXUpd10.5.1.dmg"
Its SHA-1 digest is:  fb4ba4e5a0a7db7e04b3c93bb10115017cbea986

For Mac OS X Server v10.5
The download file is named:  "MacOSXServerUpd10.5.1.dmg"
Its SHA-1 digest is:  9ccfe856eae029b70b7f465d85041a96738eaeab

Information will also be posted to the Apple Security Updates
web site:
http://docs.info.apple.com/article.html?artnum=61798

This message is signed with Apple's Product Security PGP key,
and details are available at:
http://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----
Version: 9.7.0.867

wsBVAwUBRzyVBcgAoqu4Rp5tAQjJGwf+JPqv9+zTyyvX5WmeLHocPXxwkZBupkT/
XnaeVJsckZchxKHahwFQPSMInx1mK4sG0rI00nXDQx3m1qpa5zrwQyIwgweg7gh8
SwnGDJdoZyUOuf+Yx7m2b/u426T0De7lqFNbBGnMdmtWKoZGfphUgPcTD6Svh2PB
3/EjmGqXzWrN5dgESI23c9YQvobRSTTye+uzT1Z5Hx7E1KPyuuGBsFhDCfxZ/fms
ifLRZiXBOw2uzxVPQVHLtBnksO0MSgTfozQTfYNfcWugTE3N5TS6b6ck5Tv7bBpn
RmKeqlmsdVQTLgxj47jnBQV8Wunl7Qwtzxfyj57jYqx3X7GPH+LGmw==
=fq+k
-----END PGP SIGNATURE-----

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list      (Security-announce@lists.apple.com)
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2018, SecurityGlobal.net LLC