SecurityFocus

Apple releases Mac OS X v10.5.1 with Application Firewall security updates Nov 15 2007 07:11PM
Todd Woodward (todd_woodward symantec com) (1 replies)

Application Firewall security updates Nov 15 2007 08:08PM
Radoslav Dejanoviæ (radoslav dejanovic opsus hr) (4 replies)

Re: Application Firewall security updates Nov 21 2007 03:00PM
Dave Piscitello (dave corecom com) (2 replies)

Re: Application Firewall security updates Nov 21 2007 09:27PM
Ansgar -59cobalt- Wiechers (bugtraq planetcobalt net) (3 replies)

Re: Application Firewall security updates Nov 22 2007 06:35PM
Derek Chesterfield (dez mac com)

Re: Application Firewall security updates Nov 22 2007 04:28PM
Bruce Carter (bcarter nd edu)

RE: Application Firewall security updates Nov 21 2007 10:43PM
Todd Woodward (todd_woodward symantec com)

Re: Application Firewall security updates Nov 21 2007 09:02PM
Chris Adams (chris improbable org)

Re: Application Firewall security updates Nov 16 2007 03:58AM
Mike Savory (mike_lists nzbox com)

RE: Application Firewall security updates Nov 15 2007 09:55PM
Todd Woodward (todd_woodward symantec com)

Per the Knowledge Base article which is now available:
http://docs.info.apple.com/article.html?artnum=307004

CVE-ID: CVE-2007-4702

Available for: Mac OS X v10.5, Mac OS X Server v10.5

Impact: The "Block all incoming connections" setting for the firewall is
misleading

Description: The "Block all incoming connections" setting for the
Application Firewall allows any process running as user "root" (UID 0)
to receive incoming connections, and also allows mDNSResponder to
receive connections. This could result in the unexpected exposure of
network services. This update addresses the issue by more accurately
describing the option as "Allow only essential services, and by limiting
the processes permitted to receive incoming connections under this
setting to a small fixed set of system services: configd (for DHCP and
other network configuration protocols), mDNSResponder (for Bonjour), and
racoon (for IPSec). The "Help" content for the Application Firewall is
also updated to provide further information. This issue does not affect
systems prior to Mac OS X v10.5.

###

Security Response Researcher
Focus-Apple Moderator

Todd D. Woodward
Technical Support Engineer
NetBackup Support
Symantec Corporation
www.symantec.com
Springfield, Oregon

Office: 541-335-7441

[ reply ]

Re: Application Firewall security updates Nov 15 2007 09:51PM
Dave Schroeder (das doit wisc edu) (3 replies)

Re: Application Firewall security updates Nov 15 2007 11:36PM
Mark Senior (senatorfrog gmail com) (3 replies)

Re: Application Firewall security updates Nov 17 2007 02:54PM
Chris Pepper (pepper reppep com) (1 replies)

Re: Application Firewall security updates Nov 19 2007 12:59PM
Sandor Szücs (sszuecs zedat fu-berlin de)

Re: Application Firewall security updates Nov 16 2007 11:03AM
Radoslav Dejanoviæ (radoslav dejanovic opsus hr) (2 replies)

Re: Application Firewall security updates Nov 16 2007 05:30PM
Mark Senior (senatorfrog gmail com)

Re: Application Firewall security updates Nov 16 2007 04:34PM
Derek Chesterfield (dez mac com) (1 replies)

Re: Application Firewall security updates Nov 17 2007 12:30AM
Mark Senior (senatorfrog gmail com)

Re: Application Firewall security updates Nov 16 2007 04:47AM
Derek Chesterfield (dez mac com) (2 replies)

Re: Application Firewall security updates Nov 16 2007 04:08PM
Scott Russell (ScottRussell nd edu)

Fwd: Application Firewall security updates Nov 16 2007 04:55AM
Derek Chesterfield (dez mac com)

Re: Application Firewall security updates Nov 15 2007 10:08PM
Radoslav Dejanoviæ (radoslav dejanovic opsus hr)

Re: Application Firewall security updates Nov 15 2007 10:05PM
Dave Schroeder (das doit wisc edu)