Focus on Apple
Security update fixes ARDAgent and DNS issues Aug 01 2008 03:15AM
Dave Schroeder (das doit wisc edu) (1 replies)
Re: Security update fixes ARDAgent and DNS issues Aug 02 2008 10:19PM
Indy (ind cca smith gmail com) (1 replies)
Re: Security update fixes ARDAgent and DNS issues Aug 03 2008 09:05AM
Derek Chesterfield (dez mac com) (1 replies)
I don't see why Apple are being singled out here...

I have the patch installed on WinXP, and that also increments the
source port, rather than randomising.
Ubuntu 7.1 with the patch doesn't even do that... it uses the same
source port for every request.

The BIND daemon itself is properly randomising the source port [tested
on Tiger Server].

The client side does need fixing as well, of course, but it is much
less important than fixing the daemon. If a hacker were able to spoof
your DNS replies, then they have conned one person; if they spoof a
reply to someone's DNS server, then they have potentially captured
thousands of victims.

Dez

On 2 Aug 2008, at 23:19, Indy wrote:

> *sigh*
> http://isc.sans.org/diary.html?storyid=4810
>
> Indy
> On Jul 31, 2008, at 11:15 PM, Dave Schroeder wrote:
>
>> Apple just released Security Update 2008-005, which addresses the
>> ARDAgent and DNS security issues, among others:
>>
>> http://support.apple.com/kb/HT2647
>>
>> - Dave
>>
>> Begin forwarded message:
>>
>>> From: Apple Product Security <product-security-noreply (at) lists.apple (dot) com [email concealed]
>>> >
>>> Date: July 31, 2008 10:07:45 PM CDT
>>> To: security-announce (at) lists.apple (dot) com [email concealed]
>>> Subject: APPLE-SA-2008-07-31 Security Update 2008-005
>>>
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA256
>>>
>>> APPLE-SA-2008-07-31 Security Update 2008-005
>>>
>>> Security Update 2008-005 is now available and addresses the
>>> following
>>> issues:
>>>
>>> Open Scripting Architecture
>>> CVE-ID: CVE-2008-2830
>>> Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
>>> Mac OS X v10.5.4, Mac OS X Server v10.5.4
>>> Impact: A local user may execute commands with elevated privileges
>>> Description: A design issue exists in the Open Scripting
>>> Architecture libraries when determining whether to load scripting
>>> addition plugins into applications running with elevated privileges.
>>> Sending scripting addition commands to a privileged application may
>>> allow the execution of arbitrary code with those privileges. This
>>> update addresses the issue by not loading scripting addition plugins
>>> into applications running with system privileges. The recently
>>> reported ARDAgent and SecurityAgent issues are addressed by this
>>> update. Credit to Charles Srstka for reporting this issue.
>>>
>>> BIND
>>> CVE-ID: CVE-2008-1447
>>> Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
>>> Mac OS X v10.5.4, Mac OS X Server v10.5.4
>>> Impact: BIND is susceptible to DNS cache poisoning and may return
>>> forged information
>>> Description: The Berkeley Internet Name Domain (BIND) server is
>>> distributed with Mac OS X, and is not enabled by default. When
>>> enabled, the BIND server provides translation between host names and
>>> IP addresses. A weakness in the DNS protocol may allow remote
>>> attackers to perform DNS cache poisoning attacks. As a result,
>>> systems that rely on the BIND server for DNS may receive forged
>>> information. This update addresses the issue by implementing source
>>> port randomization to improve resilience against cache poisoning
>>> attacks. For Mac OS X v10.4.11 systems, BIND is updated to version
>>> 9.3.5-P1. For Mac OS X v10.5.4 systems, BIND is updated to version
>>> 9.4.2-P1. Credit to Dan Kaminsky of IOActive for reporting this
>>> issue.
>>>
>>> CarbonCore
>>> CVE-ID: CVE-2008-2320
>>> Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
>>> Mac OS X v10.5.4, Mac OS X Server v10.5.4
>>> Impact: Processing long filenames may lead to an unexpected
>>> application termination or arbitrary code execution
>>> Description: A stack buffer overflow exists in the handling of long
>>> filenames. Processing long filenames may lead to an unexpected
>>> application termination or arbitrary code execution. This update
>>> addresses the issue through improved bounds checking. Credit to
>>> Thomas Raffetseder of the International Secure Systems Lab and
>>> Sergio
>>> 'shadown' Alvarez of n.runs AG for reporting this issue.
>>>
>>> CoreGraphics
>>> CVE-ID: CVE-2008-2321
>>> Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
>>> Mac OS X v10.5.4, Mac OS X Server v10.5.4
>>> Impact: Visiting a maliciously crafted website may lead to an
>>> unexpected application termination or arbitrary code execution
>>> Description: CoreGraphics contains memory corruption issues in the
>>> processing of arguments. Passing untrusted input to CoreGraphics via
>>> an application, such as a web browser, may lead to an unexpected
>>> application termination or arbitrary code execution. This update
>>> addresses the issue through improved bounds checking. Credit to
>>> Michal Zalewski of Google for reporting this issue.
>>>
>>> CoreGraphics
>>> CVE-ID: CVE-2008-2322
>>> Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
>>> Mac OS X v10.5.4, Mac OS X Server v10.5.4
>>> Impact: Viewing a maliciously crafted PDF file may lead to an
>>> unexpected application termination or arbitrary code execution
>>> Description: An integer overflow in the handling of PDF files may
>>> result in a heap buffer overflow. Viewing a maliciously crafted PDF
>>> file may lead to an unexpected application termination or arbitrary
>>> code execution. This update addresses the issue through additional
>>> validation of PDF files. Credit to Pariente Kobi working with the
>>> iDefense VCP for reporting this issue.
>>>
>>> Data Detectors Engine
>>> CVE-ID: CVE-2008-2323
>>> Available for: Mac OS X v10.5.4, Mac OS X Server v10.5.4
>>> Impact: Viewing maliciously crafted messages with Data Detectors
>>> may
>>> lead to an unexpected application termination
>>> Description: Data Detectors are used to extract reference
>>> information from textual content or archives. A resource consumption
>>> issue exists in Data Detectors' handling of textual content. Viewing
>>> maliciously crafted content in an application that uses Data
>>> Detectors may lead to a denial of service, but not arbitrary code
>>> execution. This issue does not affect systems prior to Mac OS X
>>> v10.5.
>>>
>>> Disk Utility
>>> CVE-ID: CVE-2008-2324
>>> Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11
>>> Impact: A local user may obtain system privileges
>>> Description: The "Repair Permissions" tool in Disk Utility makes
>>> /usr/bin/emacs setuid. After the Repair Permissions tool has been
>>> run, a local user may use emacs to run commands with system
>>> privileges. This update addresses the issue by correcting the
>>> permissions applied to emacs in the Repair Permissions tool. This
>>> issue does not affect systems running Mac OS X v10.5 and later.
>>> Credit to Anton Rang and Brian Timares for reporting this issue.
>>>
>>> OpenLDAP
>>> CVE-ID: CVE-2008-2952
>>> Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
>>> Mac OS X v10.5.4, Mac OS X Server v10.5.4
>>> Impact: A remote attacker may be able to cause an unexpected
>>> application termination
>>> Description: An issue exists in OpenLDAP's ASN.1 BER decoding.
>>> Processing a maliciously crafted LDAP message may trigger an
>>> assertion and lead to an unexpected application termination of the
>>> OpenLDAP daemon, slapd. This update addresses the issue by
>>> performing
>>> additional validation of LDAP messages.
>>>
>>> OpenSSL
>>> CVE-ID: CVE-2007-5135
>>> Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
>>> Mac OS X v10.5.4, Mac OS X Server v10.5.4
>>> Impact: A remote attacker may be able to cause an unexpected
>>> application termination or arbitrary code execution
>>> Description: A range checking issue exists in the
>>> SSL_get_shared_ciphers() utility function within OpenSSL. In an
>>> application using this function, processing maliciously crafted
>>> packets may lead to an unexpected application termination or
>>> arbitrary code execution. This update addresses the issue through
>>> improved bounds checking.
>>>
>>> PHP
>>> CVE-ID: CVE-2008-2051, CVE-2008-2050, CVE-2007-4850, CVE-2008-0599,
>>> CVE-2008-0674
>>> Available for: Mac OS X v10.5.4, Mac OS X Server v10.5.4
>>> Impact: Multiple vulnerabilities in PHP 5.2.5
>>> Description: PHP is updated to version 5.2.6 to address multiple
>>> vulnerabilities, the most serious of which may lead to arbitrary
>>> code
>>> execution. Further information is available via the PHP website at
>>> http://www.php.net/ PHP version 5.2.x is only provided with Mac OS X
>>> v10.5 systems.
>>>
>>> QuickLook
>>> CVE-ID: CVE-2008-2325
>>> Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
>>> Mac OS X v10.5.4, Mac OS X Server v10.5.4
>>> Impact: Downloading a maliciously crafted Microsoft Office file may
>>> lead to an unexpected application termination or arbitrary code
>>> execution
>>> Description: Multiple memory corruption issues exist in QuickLook's
>>> handling of Microsoft Office files. Downloading a maliciously
>>> crafted
>>> Microsoft Office file may lead to an unexpected application
>>> termination or arbitrary code execution. This update addresses the
>>> issue through improved bounds checking. This issue does not affect
>>> systems prior to Mac OS X v10.5.
>>>
>>> rsync
>>> CVE-ID: CVE-2007-6199, CVE-2007-6200
>>> Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
>>> Mac OS X v10.5.4, Mac OS X Server v10.5.4
>>> Impact: Files outside the module root may be accessed or
>>> overwritten
>>> remotely
>>> Description: Path validation issues exist in rsync's handling of
>>> symbolic links when running in daemon mode. Placing symbolic links
>>> in
>>> an rsync module may allow files outside of the module root to be
>>> accessed or overwritten. This update addresses the issue through
>>> improved handling of symbolic links. Further information on the
>>> patches applied is available via the rsync web site at
>>> http://rsync.samba.org/
>>>
>>> Security Update 2008-005 may be obtained from the Software Update
>>> pane in System Preferences, or Apple's Software Downloads web site:
>>> http://www.apple.com/support/downloads/
>>>
>>> For Mac OS X v10.5.4 and Mac OS X Server 10.5.4
>>> The download file is named: "SecUpd2008-005.dmg"
>>> Its SHA-1 digest is: 9c4fd4ee59965819427445f6de172c42b223e6e1
>>>
>>> For Mac OS X v10.4.11 (Intel)
>>> The download file is named: "SecUpd2008-005Intel.dmg"
>>> Its SHA-1 digest is: 1ff3242935c98325769b33148a2a8b1e72db567c
>>>
>>> For Mac OS X v10.4.11 (PPC)
>>> The download file is named: "SecUpd2008-005PPC.dmg"
>>> Its SHA-1 digest is: 2f56ea4311d5b85de3c494f6fee46360e5b7317e
>>>
>>> For Mac OS X Server v10.4.11 (Universal)
>>> The download file is named: "SecUpdSrvr2008-005Univ.dmg"
>>> Its SHA-1 digest is: 256401659308a634cee06b00d1a6ae9dc20b5467
>>>
>>> For Mac OS X Server v10.4.11 (PPC)
>>> The download file is named: "SecUpdSrvr2008-005PPC.dmg"
>>> Its SHA-1 digest is: d310d471bd39df92cb5580e18f356a222824d7d2
>>>
>>> Information will also be posted to the Apple Security Updates
>>> web site: http://support.apple.com/kb/HT1222
>>>
>>> This message is signed with Apple's Product Security PGP key,
>>> and details are available at:
>>> http://www.apple.com/support/security/pgp/
>>>
>>> -----BEGIN PGP SIGNATURE-----
>>> Version: PGP Desktop 9.0.3 (Build 2932)
>>>
>>> iQEVAwUBSJJ9c3kodeiKZIkBAQiWmggAmx3HBLe2vwoDmCr+ycU+orkLNDvRW0zJ
>>> Kq8rJZNRC4HwoDvAdduzNcwL9vudnJqcY0ZEGaXp6USRPjvioFUZJNUoDG/1goj5
>>> E6q9velCEgu67WBT66ampy9oyqaHFP5YdWKKDg4AvGeFiJqgplFsBEaCqr7xigoh
>>> T+xbPAzWt5aXp8rlAnZPhEFbK7ZAQEGEtoc5UnSdTlm4mwDdMRszG8JhgpoiII72
>>> 8LIjZpf7cMf0neUua2pvGDNITHoZfNWg2a11CyIDilIPUj7Vl4Rhfw6b+bcSK6Po
>>> FMS1ZF0D9I58j6KLQ2LuSr0lB0Xd1tfsZGlCNdWQzK5RH/UrmbEMXg==
>>> =k/dw
>>> -----END PGP SIGNATURE-----
>

[ reply ]
Re: Security update fixes ARDAgent and DNS issues Aug 03 2008 01:33PM
Indy (ind cca smith gmail com)


 

Privacy Statement
Copyright 2010, SecurityFocus