Date: 28 October 2004
Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2004.0686 -- APPLE-SA-2004-10-27
Security Update 2004-10-27
28 October 2004
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Apple Remote Desktop Client prior to v1.2.4
Publisher: Apple
Operating System: Mac OS X 10.3.x
Impact: Reduced Security
Access: Remote/Unauthenticated
CVE Names: CAN-2004-0962
Original Bulletin URL:
http://docs.info.apple.com/article.html?artnum=61798
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2004-10-27 Security Update 2004-10-27
Security Update 2004-10-27 is now available and delivers the
following security enhancement for Apple Remote Desktop Client:
CVE-ID: CAN-2004-0962
Available for: Apple Remote Desktop Client v1.2.4 with Mac OS X
v10.3.x
Impact: An application can be started behind the loginwindow and it
will run as root
Description: For a system with the following pre-conditions:
* Apple Remote Desktop client installed
* A user on the client system has been enabled with the "Open and
quit applications" privilege
* The username and password of the ARD user is known
* Fast User Switching has been enabled
* A user is logged in, and loginwindow is active via Fast User
Switching
If the Apple Remote Desktop Administrator application on another
system is used to start a GUI application on the client, then the GUI
application will run as root behind the loginwindow. This update
prevents Apple Remote Desktop from launching applications when the
loginwindow is active.
This security enhancement is also present in Apple Remote Desktop
v2.1.
This issue does not affect systems prior to Mac OS X v10.3. Credit
to Andrew Nakhla and Secunia Research for reporting this issue.
Security Update 2004-10-27 may be obtained from the Software Update
pane in System Preferences, or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/
The download file is named: "SecurityUpdate2004-10-27.dmg"
Its SHA-1 digest is: 6f74180d4144affd3630e8824bff778ac39655e7
Information will also be posted to the Apple Product Security
web site:
http://www.apple.com/support/security/security_updates.html
This message is signed with Apple's Product Security PGP key,
and details are available at:
http://www.apple.com/support/security/security_pgp.html
- -----BEGIN PGP SIGNATURE-----
Version: PGP 8.1
iQEVAwUBQX//jZyw5owIz4TQAQKitwf+IQ3dtQquGBWVPAew/3+CYHmL121zldZ9
2qlMn4zk66/hu9ecTHi0JLjI6sYS2jcYlIt5lxdHXAm1yt6LVdsgfCwLXu0ZnrgL
ygoPtr39KDX0YFPomkQVz2ZGptJs4zFsfnLUfi61pegLvicMKy+Zc1Cpzdba+rL5
39ZsZFMnWn6XJqwhJs3zlcXhkH3ggPmG7r6bWLmiRGY6EUaMRFyyCfphoTcSZSiC
81tDpryCJk2X/Ncv4g8tXlDqzjpJMRSslM9a1WFGXx+6Vd7FUz4UfC7ATYggodBU
QvYHKEkVQSH9efMDHJBk6F50WQpLvPoTA1fW3RLl54eEQlileuBgoA==
=2G/h
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQCVAwUBQYBN1ih9+71yA2DNAQJDWQP/R5fE3b2aTFE+AG/jtYiU8kAf9tinHe4m
ONfk1F2CJTAg6OTmGlnlVqu4PHQ0oN0lvKTTTKENsjIjWH9xS/aQCF5rexqI5tnj
5TyrpviuPAIHOtz7NDmq/sICzzIu3/lC37GgTyn1kOkvsdCYQuTDRd3cof6BnAml
ppDBchBZZe4=
=dn1u
-----END PGP SIGNATURE-----
|