Aunque en inglés, consideramos de interés publicar la lista de vulnerabilidades que cubrió el último parche de seguridad para Mac OS X, y que como informábamos ayer, algunos usuarios pueden no haber instalado por utilizar una versión modificada de Apache, o bien, a pesar de haberlo instalado el parche puede no haber tapado el «agujero» que pretendía. Nos lo ha remitido Gandalf.
Resumen, (en inglés) del por qué del Security Update 2004-12-02:
Cyrus IMAP
Available for: Mac OS X Server v10.3.6
CVE-ID: CAN-2004-1089
Impact: When using Kerberos authentication with Cyrus IMAP an authenticated user could gain unauthorized access to other mailboxes on the same system.
Description: When using the Kerberos authentication mechanism with the Cyrus IMAP server a user could switch mailboxes after authenticating and gain access to other mailboxes on the same system. This update binds the mailbox to the authenticated user.
This server-specific issue is not present in Mac OS X Server v10.2.8. Credit to
johan.gradvall@gothia.se for reporting this issue.
HIToolbox
Available for: Mac OS X v10.3.6, Mac OS X Server v10.3.6
CVE-ID: CAN-2004-1085
Impact: Users can quit applications in kiosk mode
Description: A special key combination allowed users to bring up the force quit window even in kiosk mode. This update will block all force-quit key combinations not to work while in kiosk mode. This issue is not present in Mac OS X v10.2.8 or Mac OS X Server v10.2.8. Credit to Glenn Blauvelt of University of Colorado at Boulder for reporting
this issue.
Kerberos
Available for: Mac OS X v10.3.6, Mac OS X Server v10.3.6, Mac OS X v10.2.8, Mac OS X Server v10.2.8 CVE-ID: CAN-2004-0642, CAN-2004-0643, CAN-2004-0644, CAN-2004-0772
Impact: Exposure to a potential denial of service when Kerberos authentication is used
Description: MIT has released a new version of Kerberos that addresses a denial of service and three double free errors. Mac OS X contains protection against double free errors. This update applies the fix for the denial of service problem. As a precautionary measure the double free patches have also been applied. Credit to the MIT Kerberos Development Team for reporting this issue and providing fixes.
Postfix
Available for: Mac OS X v10.3.6, Mac OS X Server v10.3.6
CVE-ID: CAN-2004-1088
Impact: Postfix using CRAM-MD5 may allow a remote user to send mail without properly authenticating.
Description: Postfix servers using CRAM-MD5 to authenticate senders were vulnerable to a replay attack. Under some circumstances, the credentials used to successfully authenticate a user could be re-used for a small time period. The CRAM-MD5 algorithm used to authenticate users has been updated to prevent the replay window. This issue is not present in Mac OS X v10.2.8 or Mac OS X Server v10.2.8. Credit to Victor Duchovni of Morgan Stanley for reporting this issue.
PSNormalizer
Available for: Mac OS X v10.3.6, Mac OS X Server v10.3.6
CVE-ID: CAN-2004-1086
Impact: A buffer overflow in PostScript to PDF conversion could allow execution of arbitrary code.
Description: A buffer overflow in the handling of PostScript to PDF conversion could potentially allow the execution of arbitrary code. This updates corrects the PostScript to PDF conversion code to prevent the buffer overflow. This issue is not present in Mac
OS X v10.2.8 or Mac OS X Server v10.2.8.
QuickTime Streaming Server
Available for: Mac OS X Server v10.3.6, Mac OS X Server v10.2.8
CVE-ID: CAN-2004-1123
Impact: Specially crafted requests could cause a denial of service.
Description: QuickTime Streaming Server was vulnerable to a denial of service attack when handling DESCRIBE requests. This update corrects the handling of these requests.
Credit to iDEFENSE for reporting this issue.
Terminal
Available for: Mac OS X v10.3.6 and Mac OS X Server v10.3.6
CVE-ID: CAN-2004-1087
Impact: Terminal may indicate that ‘Secure Keyboard Entry’ is active when it is not.
Description: The ‘Secure Keyboard Entry’ menu setting was not properly restored when launching Terminal.app. A check mark would be displayed next to ‘Secure Keyboard Entry’ even though it was not enabled. This update fixes the behavior of the ‘Secure Keyboard Entry’. This issue is not present in Mac OS X v10.2.8 or Mac OS X Server v10.2.8.
Credit to Jonathan ‘Wolf’ Rentzsch of Red Shed Software for reporting this issue.
Appkit
Available for: Mac OS X v10.3.6, Mac OS X Server v10.3.6, Mac OS X v10.2.8, Mac OS X Server v10.2.8
CVE-ID: CAN-2004-1081
Impact: Characters entered into a secure text field can be read by other applications in the same window session
Description: In some circumstances a secure text input field will not correctly enable secure input. This can allow other applications in the same window session to see some input characters and keyboard events. Input to secure text fields is now enabled in a way to prevent the leakage of key press information.
Appkit
Available for: Mac OS X v10.3.6, Mac OS X Server v10.3.6, Mac OS X v10.2.8, Mac OS X Server v10.2.8
CVE-ID: CAN-2004-0803, CAN-2004-0804, CAN-2004-0886
Impact: Integer overflows and poor range checking in tiff handling could allow to execution of arbitrary code or denial of service.
Description: Flaws in decoding tiff images could overwrite memory, cause arithmetic errors resulting in a crash, or permit the execution of arbitrary code. This update corrects the problems in the handling of tiff images.
Deja una respuesta
Lo siento, debes estar conectado para publicar un comentario.