ESB-2017.3071 - [Mac] Apple High Sierra: Root compromise - Existing account 2017-12-01

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2017.3071
                         Security Update 2017-001
                              1 December 2017

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Apple High Sierra
Publisher:         Apple
Operating System:  Mac OS
Impact/Access:     Root Compromise -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2017-13872  

Reference:         ESB-2017.3030

Original Bulletin: 
   https://support.apple.com/kb/HT201222

Comment: Security Update 2017-001 is now available

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2017-11-29-2 Security Update 2017-001

Security Update 2017-001 is now available and addresses the
following:

Directory Utility
Available for: macOS High Sierra 10.13 and macOS High Sierra 10.13.1
Not impacted: macOS Sierra 10.12.6 and earlier
Impact: An attacker may be able to bypass administrator
authentication without supplying the administrator's password
Description: A logic error existed in the validation of credentials.
This was addressed with improved credential validation.
CVE-2017-13872
Entry updated November 29, 2017

To confirm that your Mac has Security Update 2017-001:
1. Open the Terminal app, which is in the Utilities folder of your
Applications folder.
2. Type "what /usr/libexec/opendirectoryd" and press Return.
3. If Security Update 2017-001 was installed successfully, you will
see one of these project version numbers:
opendirectoryd-483.1.5 on macOS High Sierra 10.13
opendirectoryd-483.20.7 on macOS High Sierra 10.13.1

If you require the root user account on your Mac, see
https://support.apple.com/HT204012 for information on how to
re-enable the root user and change the root user's password.

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
- -----BEGIN PGP SIGNATURE-----

iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAlofoispHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEarCRAA
pbHH3yMF6yhH6uqAMVVSY3RNpV5hG3N2DCkNxNFq1be3qfbOmEs4oiYV7rGK8eGr
blcaUmdZd7NVayQ5NW6ceQh3HuTBhY7/zYnidFnAGRKtQ3LTcVCwP8ayU94/NO36
E1ZQSqv6U0sQPLlyaNQ3gEko6zXp2lHcfI9l8hCCb+t8RpCAC4OUBSsqWoZIR4Gm
xe7yi0NMYTvsMtN79eUz1ACbPCABHBkZqiOW8VGqSMdAMt/DgGjEJl0mjHe1jzoT
DUCgXPi5N6VA5E/Y1sfx0WE+pJPBrAGK0ByLVBSPI+rP9PjYtVaJMMhYrwXdcK8G
b9Q8ahalPrwD1wyob3Gtz0yFjc1b/0XmG/BkuR3DbOSAAz38bS6rG7O8UtUTbxPU
Tx8CGYnadj2fPYGYPZw5kbm7Z2mqMq4nua49E4fuUDyPd1Tu5R85MgCnKs1ZvbPu
/zCvWvGVJiOWVerATjkkYW3zm9RQeIs/MI3yU8eY8BOwMpSqtvsJhwaTGonP3+tL
zft8eDtr9Ogu6pmo/XVmJIHfd8op9htqB5Pa9iiwnvmf9avuxuqRrg7C6jSRodkt
LoCzBrvabpdVKf8RwtPTmdoa0PGURBPSpGqcv4qojPo6Llj4G1z9Fy52kU4o4JHC
l59EGKk1652UKaQ+lE6X/Zl5wZ9Pv7/Gkftg1BFwtr4=
=qhqE
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWiC+zox+lLeg9Ub1AQjaiw//UK2kOdmE4jTDVSXely6s1xIvhcm7tJVt
tee5izmG8JyDT9FPkWiVkJrDxjmHLEFKPAfY5TsfcOdPz6SVSg0EbdyTfuQRLbik
67KRxL7qLXLbLsQFqUSr3Auc5NDCEmag8kVAt1wCTbDBxLLX+zXn2JUcinHMH8Go
vUS6SMM/BVOqTiklsbvKB1tEGyJtxbTrvibbV4wIp5OY5NnAF7c7gBtdzaDn+flx
vwbpK8IIOeQgqZMQWJWk5oe2A3xDdAzZipmNHXBlBWMqTWsv8fHbaYMuUicqWlH5
IQTePdqiOlEdZnV4v9skg2tRcAm5HGPXzjBL6bDgReh1d+J5FXp3h0r7kAtrtgGM
bBxLYENCtC9E5bI7M9liWYJj4YpfwlF5V8N9rUwtznD/S70epwGl7Jk3mbzfXZ3j
FGhDr92LixhK0rbPNaZ1xpqwl8VkHLW4b0pmXvxdKH6pVwgJaE66RmiFwBNnFoRU
3OcgmUQ2SmM0yJWf1QjOnsrCUTLxCeMRmAy9u/2CpyjFcj5/z3T4boVXFSIo4oPf
t3QERCodBs+JUb2zUE2NVAPm1Jgx5wQJz79tK21n1Ja9aoqTF4duS7xhwQYDKEGG
YCcl3uZM3wfStyJSpHp9epCHzgdok4ytH3K9sYcquX3KXoB3oW+/J/js6vJZbPYe
417jqC30HUo=
=MUhn
-----END PGP SIGNATURE-----

« Back to bulletins