APPLE-SA-2005-03-21 Security Update 2005-003
APPLE-SA-2005-03-21 Security Update 2005-003
- Subject: APPLE-SA-2005-03-21 Security Update 2005-003
- From: Apple Product Security <email@hidden>
- Date: Mon, 21 Mar 2005 13:53:20 -0800
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2005-03-21 Security Update 2005-003
Security Update 2005-003 is now available and delivers the following
security enhancements:
AFP Server
Available for: Mac OS X v10.3.8, Mac OS X Server v10.3.8
CVE-ID: CAN-2005-0340
Impact: A specially crafted packet can cause a Denial of Service
against the AFP Server
Description: A specially crafted packet will terminate the operation
of the AFP Server due to an incorrect memory reference. Credit to
Braden Thomas for reporting this issue.
AFP Server
Available for: Mac OS X v10.3.8, Mac OS X Server v10.3.8
CVE-ID: CAN-2005-0715
Impact: The contents of a "Drop Box" can be discovered
Description: Fixes the checking of file permissions for access to
"Drop Boxes". Credit to John M. Glenn of San Francisco for reporting
this issue.
Bluetooth Setup Assistant
Available for: Mac OS X v10.3.8, Mac OS X Server v10.3.8
CVE-ID: CAN-2005-0713
Impact: Local security bypass when using a Bluetooth input device
Description: The Bluetooth Setup Assistant may be launched on
systems without a keyboard or a pre-configured Bluetooth input
device. In these cases, access to certain privileged functions has
been disabled within the Bluetooth Setup Assistant.
Core Foundation
Available for: Mac OS X v10.3.8, Mac OS X Server v10.3.8
CVE-ID: CAN-2005-0716
Impact: Buffer overflow via an environment variable
Description: The incorrect handling of an environment variable
within Core Foundation can result in a buffer overflow that may be
used to execute arbitrary code. This issue has been addressed by
correctly handling the environment variable. Credit to iDEFENSE and
Adriano Lima of SeedSecurity.com for reporting this issue.
Cyrus IMAP
Available for: Mac OS X Server v10.3.8
CVE-ID: CAN-2004-1011, CAN-2004-1012, CAN-2004-1013, CAN-2004-1015,
CAN-2004-1067
Impact: Multiple vulnerabilities in Cyrus IMAP including remotely
exploitable denial of service and buffer overflows
Description: Cyrus IMAP is updated to version 2.2.12 which includes
fixes for buffer overflows in fetchnews, backend, proxyd, and imapd.
Further information is available from
http://asg.web.cmu.edu/cyrus/download/imapd/changes.html
Cyrus SASL
Available for: Mac OS X v10.3.8, Mac OS X Server v10.3.8
CVE-ID: CAN-2002-1347, CAN-2004-0884
Impact: Multiple vulnerabilities in Cyrus SASL including remote
denial of service and possible remote code execution in applications
that use this library.
Description: Cyrus SASL is updated to address several security holes
caused by improper data validation, memory allocation and data
handling.
Folder permissions
Available for: Mac OS X v10.3.8, Mac OS X Server v10.3.8
CVE-ID: CAN-2005-0712
Impact: World-writable permissions on several directories allowing
potential file race conditions or local privilege escalation
Description: Secure folder permissions are applied to protect the
installer's receipt cache and system-level ColorSync profiles.
Credit to Eric Hall of DarkArt Consulting Services, Michael Haller
<email@hidden>, and <root at addcom.de> for reporting this issue.
Mailman
Available for: Mac OS X Server v10.3.8
CVE-ID: CAN-2005-0202
Impact: Directory traversal issue in Mailman that could allow access
to arbitrary files
Description: Mailman is a software package that provides mailing
list management. This update addresses an exposure in Mailman's
private archive handling that allowed remote access to arbitrary
files on the system. Further information is available from
http://www.gnu.org/software/mailman/security.html
Safari
CVE-ID: CAN-2005-0234
Impact: Maliciously registered International Domain Names [IDN] can
make URLs visually appear as legitimate sites
Description: Support for Unicode characters within domain names
(International Domain Name support) can allow maliciously registered
domain names to visually appear as legitimate sites. Safari has been
modified so that it consults a user-customizable list of scripts that
are allowed to be displayed natively. Characters based on scripts
that are not in the allowed list are displayed in their Punycode
equivalent. The default list of allowed scripts does not include
Roman look-alike scripts. Credit to Eric Johanson <email@hidden>
for reporting this issue to us. Further information is available
from http://docs.info.apple.com/article.html?artnum=301116
Samba
Available for: Mac OS X v10.3.8, Mac OS X Server v10.3.8
CVE-ID: CAN-2004-0882, CAN-2004-0930, CAN-2004-1154
Impact: Multiple vulnerabilities in Samba including remote denial of
service and possible remote execution of arbitrary commands
Description: Several security vulnerabilities were addressed in
recent Samba releases. Security Update 2005-003 installs Samba
version 3.0.10 to provide these fixes. Further information is
available from the Samba security site located at
http://www.samba.org/samba/history/security.html
SquirrelMail
Available for: Mac OS X Server v10.3.8
CVE-ID: CAN-2004-1036, CAN-2005-0075, CAN-2005-0103, CAN-2005-0104
Impact: Multiple vulnerabilities in Squirrelmail including
cross-site scripting and html injection
Description: SquirrelMail 1.4.4 addresses several security issues
including various cross-site scripting exposures and the possibility
of using webmail.php to include web pages from remote servers.
CAN-2005-0075 is an issue fixed in SquirrelMail 1.4.4, but which does
not affect the default configuration of Mac OS X Server since
register_globals is not enabled. Further information is available
from the SquirrelMail security site located at
http://www.squirrelmail.org/changelog.php
Security Update 2005-003 may be obtained from the Software Update
pane in System Preferences, or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/
For Mac OS X v10.3.8
The download file is named: "SecUpd2005-003Pan.dmg"
Its SHA-1 digest is: 2f16fc9fc5b378454491ca7b5dfec54f79a283a0
For Mac OS X Server v10.3.8
The download file is named: "SecUpdSrvr2005-003Pan.dmg"
Its SHA-1 digest is: feaccbbdc490b433304b437c01eb41d9f2b0f9b8
Information will also be posted to the Apple Product Security
web site:
http://docs.info.apple.com/article.html?artnum=61798
This message is signed with Apple's Product Security PGP key,
and details are available at:
http://www.apple.com/support/security/security_pgp.html
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1
iQEVAwUBQj8/gZyw5owIz4TQAQIbuAgApO5OQDiniWpYVuE1HfW9OnjgHCAM6lAS
RuWxR+I4alduUXRH4EHKfuTM5cvSiUgfFx3UHSgdEiBQ2RbjeQFwTpwK0QntnR95
WgDiueVEGEHK1pQHekgWQ/pVv/uMANeBSqQ5FE3/zNXBtQNK8zznpQZA58G4LmCi
ERCipVBajTO8KKKFR+Fd+F2c70oWm0Tb3DLuA7Fev0OTWh3F14peuOXbxxv5Skfm
pzLTZz57t58V63/m6CuyO2YjgIKxsL4XS+egp7hyq0bDsZNY17x0Y7udtWIKQApD
tJItIGzfwQ4zbETPdQlqJD/99Hb1ygC4qKfZOEGFbV6iDsUWdNHtSQ==
=nd0Z
-----END PGP SIGNATURE-----
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden