SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (UNIX)  >   Apple macOS/OS X Vendors:   Apple
Mac OS X Application Firewall German Language Preference Panel May Mislead Users and Incorrectly Permit Services to Accept Connections
SecurityTracker Alert ID:  1019658
SecurityTracker URL:  http://securitytracker.com/id/1019658
CVE Reference:   CVE-2008-0046   (Links to External Site)
Updated:  Mar 26 2008
Original Entry Date:  Mar 19 2008
Impact:   Host/resource access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 10.5.x
Description:   A vulnerability was reported in Mac OS X in the Application Firewall. The German language preference pane is misleading.

The German language translation of the Application Firewall preference pane listed the "Set access for specific services and applications" radio button as "Zugriff auf bestimmte Dienste und Programme festlegen" (i.e., "Set access to specific services and applications").

A user may incorrectly believe that only the listed services are permitted to accept incoming connections.

Mac OS X versions prior to 10.5 are not affected.

Impact:   A user may incorrectly believe that only the listed services are permitted to accept incoming connections.
Solution:   The vendor has issued a fix as part of Security Update 2008-002, available from the Software Update pane in System Preferences, or Apple's Software Downloads web site at:

http://www.apple.com/support/downloads/

On March 26, 2008, Apple issued a revised update (Security Update 2008-002 v1.1) for Mac OS X 10.5.2 to correct a non-security reliability issue with the Aperture 'Printer Settings' button. The revised files are listed below.

For Mac OS X v10.5.2
The download file is named: "SecUpd2008-002.v1.1.dmg"
Its SHA-1 digest is: 9e50032326611245bb5382099a60cbcd4d1852c9

For Mac OS X Server v10.5.2
The download file is named: "SecUpdSrvr2008-002.v1.1.dmg"
Its SHA-1 digest is: 73f6085ab0660018635fef28df0589754f50a69a

For Mac OS X v10.4.11 (Universal)
The download file is named: "SecUpd2008-002Univ.dmg"
Its SHA-1 digest is: 49b1c6b1a919b33cbaada1c86eb501291e7145e8

For Mac OS X v10.4.11 (PPC)
The download file is named: "SecUpd2008-002PPC.dmg"
Its SHA-1 digest is: 8a838e33b6720184a4e4e13c17392892e5a06a56

For Mac OS X Server v10.4.11 (Universal)
The download file is named: "SecUpdSrvr2008-002Univ.dmg"
Its SHA-1 digest is: 77074bdd1d0574abe9631b12011f8ef1d15151b3

For Mac OS X Server v10.4.11 (PPC)
The download file is named: "SecUpdSrvr2008-002PPC.dmg"
Its SHA-1 digest is: 1b5f3c1464b1fce0d77f44e50a0b662b467e3fd0

The vendor's advisory is available at:

http://docs.info.apple.com/article.html?artnum=307562

Vendor URL:  docs.info.apple.com/article.html?artnum=307562 (Links to External Site)
Cause:   Access control error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC