-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2003-10-28 Mac OS X 10.3 Panther Mac OS X 10.3 Panther has been released, and it contains the following security enhancements: Finder: Fixes CAN-2003-0876 where folder permissions may not be preserved when copying a folder from a mounted volume such as a disk image. Credit to Dave G. from @stake, Inc. for finding this issue. Kernel: Fixes CAN-2003-0877 where if a system is running with core files enabled, a user with interactive shell access can overwrite arbitrary files, and read core files created by root-owned processes. This may result in sensitive information such as authentication credentials being compromised. Core file creation is disabled by default on Mac OS X. Credit to Dave G. from @stake, Inc. for finding this issue. slpd: Fixes CAN-2003-0878 when Personal File Sharing is enabled, the slpd daemon may create a root-owned file in the /tmp directory. This could overwrite an existing file and allow a user to gain elevated privileges. Personal File Sharing is off by default in Mac OS X. Credit to Dave G. from @stake, Inc. for finding this issue. Kernel: Fixes CAN-2003-0895 where it may be possible for a local user to cause the Mac OS X kernel to crash by specifying a long command line argument. The machine will reboot on its own after several minutes. Credit to Dave G. from @stake, Inc. for finding this issue. ktrace: Fixes CVE-2002-0701 a theoretical exploit when ktrace is enabled through the KTRACE kernel option, a local user might be able to obtain sensitive information. No specific utility is currently known to be vulnerable to this particular problem. nfs: Fixes CVE-2002-0830 for the Network File System where a remote user may be able to send RPC messages that cause the system to lock up. zlib: Addresses CAN-2003-0107. While there were no functions in Mac OS X that used the vulnerable gzprintf() function, the underlying issue in zlib has been fixed. gm4: Fixes CAN-2001-1411 a format string vulnerability in the gm4 utility. No setuid root programs relied on gm4 and this fix is a preventative measure against a possible future exploit. OpenSSH: Fixes CAN-2003-0386 where "from=" and "user@hosts" restrictions are potentially spoofable via reverse DNS for numerically specified IP addresses. Mac OS X 10.3 also incorporates prior fixes released for OpenSSH, and the version of OpenSSH as obtained via the "ssh -V" command is: OpenSSH_3.6.1p1+CAN-2003-0693, SSH protocols 1.5/2.0, OpenSSL 0x0090702f nidump: Fixes CAN-2001-1412 where the nidump utility provides access to the crypted passwords used to authenticate logins. System Preferences: Fixes CAN-2003-0883 where after authenticating with an administrator password, the system will continue to allow access to secure Preference Panes for a short period of time. This could allow a local user to access Preference Panes that they would not normally be able to use. In Mac OS X 10.3 Security preferences, there is now a choice to "Require password to unlock each secure system preference". Credit to Anthony Holder for reporting this issue. TCP timestamp: Fixes CAN-2003-0882 where the TCP timestamp is initialized with a constant number. This could allow a person to discover how long the system has been up based upon the ID in TCP packets. In Mac OS X 10.3, the TCP timestamp is now initialized with a random number. Credit to Aaron Linville for reporting this issue and submitting a fix via the Darwin open source program. Mail: Fixes CAN-2003-0881 in the Mac OS X Mail application, if an account is configured to use MD5 Challenge Response, it will attempt to login using CRAM-MD5 but will silently fall back to plain-text if the hashed login fails. Credit to Chris Adams for reporting this issue. Dock: Fixes CAN-2003-0880 when Full Keyboard Access is turned on via the Keyboard pane in System Preferences, Dock functions can be accessed blindly from behind Screen Effects. Other security features: Mac OS X 10.3 contains a number of other security features which may be found at: http://www.apple.com/macosx/features/security/ ================================================ Further information on Mac OS X 10.3 may be obtained from: http://www.apple.com/macosx/ This message is signed with Apple's Product Security PGP key, and details are available at: http://www.apple.com/support/security/security_pgp.html -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.2 iQEVAwUBP56rFXeI0z6bzFr0AQIvKAgAg781rk+PU4rGZAo4/5z6OCD6f8cdy7ra cyP9Ojg8u58g4UisHF4cF9gvVq99TT5WXhMEHZHE+/TFetUj08xyY6q5FJa9VtNg YcO66fwHGKjB7AlXJmux/nwV0r2x8hqyx2Q0PHCgPMo9MWtO3/tUM6Gpc8kA/JeH Rd0Csw3ejm4zBIP/t5C5QY/20KZJ9i5S48Nw6neLmJf/mBAfjvMkZM1R+pPN/58A BwSiuILg8qxE2kf4roMJUTSOf8ToFGTD8X5sp/p15YBzjvknVV5ls7XHCwlkz+iF W04E3CFbeX9ixTtrHPzStPKAtiRwai1oqx0LRd2mApnYTvbl9lMCOw== =PJi8 -----END PGP SIGNATURE----- _______________________________________________ security-announce mailing list | security-announce@lists.apple.com Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/security-announce Do not post admin requests to the list. They will be ignored.