[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

APPLE-SA-2006-11-16 Apple Remote Desktop 3.1

Subject: APPLE-SA-2006-11-16 Apple Remote Desktop 3.1
From: Apple Product Security <email@hidden>
Date: Thu, 16 Nov 2006 13:28:34 -0800
Delivered-to: email@hidden
Delivered-to: email@hidden

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2006-11-16 Apple Remote Desktop 3.1

Apple Remote Desktop 3.1 is now available.  Along with functionality
improvements (see release notes), it also fixes the following
security issue:

Apple Remote Desktop
CVE-ID:  CVE-2006-4413
Available for:  Apple Remote Desktop 3.0
Impact:  Malicious local users may be able to modify packages
used to install or upgrade client systems
Description:  Apple Remote Desktop includes built-in packages
used to install and upgrade client systems. The permissions on
these packages could allow them to be altered by malicious local
users on Apple Remote Desktop admin systems. This could lead to
the execution of arbitrary commands with root privileges on
client systems when Apple Remote Desktop client software is
installed or upgraded. This issue has been addressed by applying
more restrictive permissions on the built-in installation
packages. Credit to Andrew Mortensen of the University of
Michigan for reporting this issue.

Apple Remote Desktop 3.1 may be obtained from:
http://www.apple.com/support/downloads/

For Apple Remote Desktop Client
The download file is named:  "RemoteDesktopClient.dmg"
Its SHA-1 digest is:  5747716690703dc6655a2882ebba77424c661650

For Apple Remote Desktop Admin
The download file is named:  "RemoteDesktopAdmin310.dmg"
Its SHA-1 digest is:  b86f7fb03253c70e3cf33f6ce6c8c1491daae0a7

Information will also be posted to the Apple Product Security
web site:  http://docs.info.apple.com/article.html?artnum=61798

This message is signed with Apple's Product Security PGP key,
and details are available at:
http://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----

iQEVAwUBRVzXVImzP5/bU5rtAQJyUQf/bBE1y/LJ3aMACIhTxBEdNK0B3D6EmdJs
7JU4bTjeZiTXKHwQkVHmSJkDu4EWYv29kcBI1r2cNMEQhZjOhfLV/YcdYnQY4wcT
RxQgvAnaWZchaWSTywFEJJL9ORQIihw5JUoaPAco+GU7ZCW3+nG13/oZ0+JwijgW
Ps8eQWWMOwzqURxyQmIpfJ3EhhKhpCgox19mD8CuHcsXOYLYA914lF0+ryIj52ko
dqcTrBPhs4Qu1ScShVHXYitiycpBHkQCvRgVryVbMbQ5oNCFpJrPWtPrQ8tQDRXL
xA56xKr1pYkieRcNGY4bmmE5fkvekBk8MaBEY2eAIsNUsMjtNhB0cg==
=T+cu
-----END PGP SIGNATURE-----

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/security-announce/email@hidden

This email sent to email@hidden

Next by Date: APPLE-SA-2006-11-28 Security Update 2006-007
Next by thread: APPLE-SA-2006-11-28 Security Update 2006-007
Index(es):
- Date
- Thread

Home