APPLE-SA-2003-10-28 Mac OS X 10.3 Panther
APPLE-SA-2003-10-28 Mac OS X 10.3 Panther
- Subject: APPLE-SA-2003-10-28 Mac OS X 10.3 Panther
- From: Product Security <email@hidden>
- Date: Tue, 28 Oct 2003 09:46:35 -0800
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2003-10-28 Mac OS X 10.3 Panther
Mac OS X 10.3 Panther has been released, and it contains the following
security enhancements:
Finder: Fixes CAN-2003-0876 where folder permissions may not be
preserved when copying a folder from a mounted volume such as a
disk image. Credit to Dave G. from @stake, Inc. for finding this
issue.
Kernel: Fixes CAN-2003-0877 where if a system is running with core
files enabled, a user with interactive shell access can overwrite
arbitrary files, and read core files created by root-owned
processes. This may result in sensitive information such as
authentication credentials being compromised. Core file creation is
disabled by default on Mac OS X. Credit to Dave G. from @stake,
Inc. for finding this issue.
slpd: Fixes CAN-2003-0878 when Personal File Sharing is enabled, the
slpd daemon may create a root-owned file in the /tmp directory.
This could overwrite an existing file and allow a user to gain
elevated privileges. Personal File Sharing is off by default in Mac
OS X. Credit to Dave G. from @stake, Inc. for finding this issue.
Kernel: Fixes CAN-2003-0895 where it may be possible for a local user
to cause the Mac OS X kernel to crash by specifying a long command
line argument. The machine will reboot on its own after several
minutes. Credit to Dave G. from @stake, Inc. for finding this
issue.
ktrace: Fixes CVE-2002-0701 a theoretical exploit when ktrace is
enabled through the KTRACE kernel option, a local user might be
able to obtain sensitive information. No specific utility is
currently known to be vulnerable to this particular problem.
nfs: Fixes CVE-2002-0830 for the Network File System where a remote
user may be able to send RPC messages that cause the system to lock
up.
zlib: Addresses CAN-2003-0107. While there were no functions in Mac OS
X that used the vulnerable gzprintf() function, the underlying
issue in zlib has been fixed.
gm4: Fixes CAN-2001-1411 a format string vulnerability in the gm4
utility. No setuid root programs relied on gm4 and this fix is a
preventative measure against a possible future exploit.
OpenSSH: Fixes CAN-2003-0386 where "from=" and "user@hosts"
restrictions are potentially spoofable via reverse DNS for
numerically specified IP addresses. Mac OS X 10.3 also incorporates
prior fixes released for OpenSSH, and the version of OpenSSH as
obtained via the "ssh -V" command is:
OpenSSH_3.6.1p1+CAN-2003-0693, SSH protocols 1.5/2.0, OpenSSL
0x0090702f
nidump: Fixes CAN-2001-1412 where the nidump utility provides access
to the crypted passwords used to authenticate logins.
System Preferences: Fixes CAN-2003-0883 where after authenticating
with an administrator password, the system will continue to allow
access to secure Preference Panes for a short period of time. This
could allow a local user to access Preference Panes that they would
not normally be able to use. In Mac OS X 10.3 Security
preferences, there is now a choice to "Require password to unlock
each secure system preference". Credit to Anthony Holder for
reporting this issue.
TCP timestamp: Fixes CAN-2003-0882 where the TCP timestamp is
initialized with a constant number. This could allow a person to
discover how long the system has been up based upon the ID in TCP
packets. In Mac OS X 10.3, the TCP timestamp is now initialized
with a random number. Credit to Aaron Linville for reporting this
issue and submitting a fix via the Darwin open source program.
Mail: Fixes CAN-2003-0881 in the Mac OS X Mail application, if an
account is configured to use MD5 Challenge Response, it will
attempt to login using CRAM-MD5 but will silently fall back to
plain-text if the hashed login fails. Credit to Chris Adams for
reporting this issue.
Dock: Fixes CAN-2003-0880 when Full Keyboard Access is turned on via
the Keyboard pane in System Preferences, Dock functions can be
accessed blindly from behind Screen Effects.
Other security features: Mac OS X 10.3 contains a number of other
security features which may be found at:
http://www.apple.com/macosx/features/security/
================================================
Further information on Mac OS X 10.3 may be obtained from:
http://www.apple.com/macosx/
This message is signed with Apple's Product Security PGP key, and
details are available at:
http://www.apple.com/support/security/security_pgp.html
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.2
iQEVAwUBP56rFXeI0z6bzFr0AQIvKAgAg781rk+PU4rGZAo4/5z6OCD6f8cdy7ra
cyP9Ojg8u58g4UisHF4cF9gvVq99TT5WXhMEHZHE+/TFetUj08xyY6q5FJa9VtNg
YcO66fwHGKjB7AlXJmux/nwV0r2x8hqyx2Q0PHCgPMo9MWtO3/tUM6Gpc8kA/JeH
Rd0Csw3ejm4zBIP/t5C5QY/20KZJ9i5S48Nw6neLmJf/mBAfjvMkZM1R+pPN/58A
BwSiuILg8qxE2kf4roMJUTSOf8ToFGTD8X5sp/p15YBzjvknVV5ls7XHCwlkz+iF
W04E3CFbeX9ixTtrHPzStPKAtiRwai1oqx0LRd2mApnYTvbl9lMCOw==
=PJi8
-----END PGP SIGNATURE-----
_______________________________________________
security-announce mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/security-announce
Do not post admin requests to the list. They will be ignored.