copyright | disclaimer | privacy | contact  
Australia's Leading Computer Emergency Response Team
 
Search this site

 
On this site

 > HOME
 > About AusCERT
 > Membership
 > Contact Us
 > PKI Services
 > Publications
 > Sec. Bulletins
 > Conferences
 > News & Media
 > Services
 > Web Log
 > Site Map
 > Site Help
 > Member login





 

ESB-2007.0918 -- [OSX] -- Mac OS X v10.5.1 Update

Date: 16 November 2007

Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                        ESB-2007.0918 -- [Mac][OSX]
                          Mac OS X v10.5.1 Update
                             16 November 2007

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Application Firewall
Publisher:            Apple
Operating System:     Mac OS X
Impact:               Provide Misleading Information
                      Inappropriate Access
                      Reduced Security
Access:               Remote/Unauthenticated
CVE Names:            CVE-2007-4704 CVE-2007-4703 CVE-2007-4702

Original Bulletin:    http://docs.info.apple.com/article.html?artnum=61798

Comment: This update fixes several deficiencies in the Mac OSX Firewall. These
         deficiencies constitute potential for exposure rather than
         vulnerabilities, the exposures may allow remote access to vulnerable
         services running on Mac OS X.

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2007-11-15 Mac OS X v10.5.1 Update

Mac OS X v10.5.1 Update is now available and addresses the following
issues:

Application Firewall
CVE-ID:  CVE-2007-4702
Available for:  Mac OS X v10.5, Mac OS X Server v10.5
Impact:  The "Block all incoming connections" setting for the
firewall is misleading
Description:  The "Block all incoming connections" setting for the
Application Firewall allows any process running as user "root" (UID
0) to receive incoming connections, and also allows mDNSResponder to
receive connections. This could result in the unexpected exposure of
network services. This update addresses the issue by more accurately
describing the option as "Allow only essential services", and by
limiting the processes permitted to receive incoming connections
under this setting to a small fixed set of system services: configd
(for DHCP and other network configuration protocols), mDNSResponder
(for Bonjour), and racoon (for IPSec). The "Help" content for the
Application Firewall is also updated to provide further information.
This issue does not affect systems prior to Mac OS X v10.5.

Application Firewall
CVE-ID:  CVE-2007-4703
Available for:  Mac OS X v10.5, Mac OS X Server v10.5
Impact:  Processes running as user "root" (UID 0) cannot be blocked
when the firewall is set to "Set access for specific services and
applications"
Description:  The "Set access for specific services and applications"
setting for the Application Firewall allows any process running as
user "root" (UID 0) to receive incoming connections, even if its
executable is specifically added to the list of programs and its
entry in the list is marked as "Block incoming connections". This
could result in the unexpected exposure of network services. This
update corrects the issue so that any executable so marked is
blocked. This issue does not affect systems prior to Mac OS X v10.5.

Application Firewall
CVE-ID:  CVE-2007-4704
Available for:  Mac OS X v10.5, Mac OS X Server v10.5
Impact:  Changes to Application Firewall settings do not affect
processes started by launchd until they are restarted
Description:  When the Application Firewall settings are changed, a
running process started by launchd will not be affected until it is
restarted. A user might expect changes to take effect immediately and
so leave their system exposed to network access. This update corrects
the issue so that changes take effect immediately. This issue does
not affect systems prior to Mac OS X v10.5.

Mac OS X v10.5.1 may be obtained from the Software Update pane in
System Preferences, or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/

For Mac OS X v10.5
The download file is named:  "MacOSXUpd10.5.1.dmg"
Its SHA-1 digest is:  fb4ba4e5a0a7db7e04b3c93bb10115017cbea986

For Mac OS X Server v10.5
The download file is named:  "MacOSXServerUpd10.5.1.dmg"
Its SHA-1 digest is:  9ccfe856eae029b70b7f465d85041a96738eaeab

Information will also be posted to the Apple Security Updates
web site:
http://docs.info.apple.com/article.html?artnum=61798

This message is signed with Apple's Product Security PGP key,
and details are available at:
http://www.apple.com/support/security/pgp/

- -----BEGIN PGP SIGNATURE-----
Version: 9.7.0.867

wsBVAwUBRzyVBcgAoqu4Rp5tAQjJGwf+JPqv9+zTyyvX5WmeLHocPXxwkZBupkT/
XnaeVJsckZchxKHahwFQPSMInx1mK4sG0rI00nXDQx3m1qpa5zrwQyIwgweg7gh8
SwnGDJdoZyUOuf+Yx7m2b/u426T0De7lqFNbBGnMdmtWKoZGfphUgPcTD6Svh2PB
3/EjmGqXzWrN5dgESI23c9YQvobRSTTye+uzT1Z5Hx7E1KPyuuGBsFhDCfxZ/fms
ifLRZiXBOw2uzxVPQVHLtBnksO0MSgTfozQTfYNfcWugTE3N5TS6b6ck5Tv7bBpn
RmKeqlmsdVQTLgxj47jnBQV8Wunl7Qwtzxfyj57jYqx3X7GPH+LGmw==
=fq+k
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

If you believe that your computer system has been compromised or attacked in 
any way, we encourage you to let us know by completing the secure National IT 
Incident Reporting Form at:

        http://www.auscert.org.au/render.html?it=3192

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================

-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQCVAwUBRzzSaih9+71yA2DNAQIfdAP/Yx9BWVlM2/ke8cgv/MH0SpZqVQeBVotm
Kh5O+oTLZxapoiE+wrgCQdjYcELhlFrKOhpSKd0RqnKC6AltzS9umCto5Hb9CtVa
hlKRv5xbd9hH7JilCo7UGs4N2dcWiAdS5DY6jOQ9NV+nen9L2VA/Nm9ZWuotNHhk
0cIs16h8lQc=
=H5v8
-----END PGP SIGNATURE-----