User Name
Password
AppleNova Forums » Apple Products »

go get your security update


Register Members List Calendar Search FAQ Posting Guidelines
go get your security update
Thread Tools
thegelding
feeling my oats
 
Join Date: May 2004
Location: there are nice people here...that makes me happy
Send a message via AIM to thegelding  
2004-10-04, 16:23

coming every couple of weeks now

SU

g
  quote
MCQ
Veteran Member
 
Join Date: May 2004
Location: NY
Send a message via MSN to MCQ  
2004-10-04, 17:00

More info on the update is here:
http://docs.info.apple.com/article.html?artnum=61798

Security Update 2004-09-30 (released 2004-10-04)

AFP Server
Available for: Mac OS X v10.3.5 and Mac OS X Server v10.3.5
CVE-ID: CAN-2004-0921
Impact: A denial of service permitting a guest to disconnect AFP volumes
Description: An AFP volume mounted by a guest could be used to terminate authenticated user mounts from the same server by modifying SessionDestroy packets. This issue does not affect systems prior to Mac OS X v10.3 or Mac OS X Server v10.3.

AFP Server
Available for: Mac OS X v10.3.5 and Mac OS X Server v10.3.5
CVE-ID: CAN-2004-0922
Impact: Write-only AFP Drop Box may be set as read-write
Description: A write-only Drop Box on an AFP volume mounted by a guest could sometimes be read-write due to an incorrect setting of the guest group id. This issue does not affect systems prior to Mac OS X v10.3 or Mac OS X Server v10.3.

CUPS
Available for: Mac OS X v10.3.5, Mac OS X Server v10.3.5, Mac OS X v10.2.8, Mac OS X Server v10.2.8
CVE-ID: CAN-2004-0558
Impact: A denial of service causing the printing system to hang
Description: The Internet Printing Protocol (IPP) implementation in CUPS can hang when a certain UDP packet is sent to the IPP port.

CUPS
Available for: Mac OS X v10.3.5, Mac OS X Server v10.3.5, Mac OS X v10.2.8, Mac OS X Server v10.2.8
CVE-ID: CAN-2004-0923
Impact: Local disclosure of user passwords
Description: Certain methods of authenticated remote printing could disclose user passwords in the printing system log files. Credit to Gary Smith of the IT Services department at Glasgow Caledonian University for reporting this issue.

NetInfoManager
Available for: Mac OS X v10.3.5 and Mac OS X Server v10.3.5
CVE-ID: CAN-2004-0924
Impact: Incorrect indication of account status
Description: The NetInfo Manager utility can enable the "root" account, but after a single "root" login it is no longer possible to use NetInfo Manager to disable the account and it incorrectly appears to be disabled. This issue does not affect systems prior to Mac OS X v10.3 or Mac OS X Server v10.3.

postfix
Available for: Mac OS X v10.3.5 and Mac OS X Server v10.3.5
CVE-ID: CAN-2004-0925
Impact: A denial of service when SMTPD AUTH has been enabled
Description: When SMTPD AUTH has been enabled in postfix, a buffer containing the username is not correctly cleared between authentication attempts. Only users with the longest usernames will be able to authenticate. This issue does not affect systems prior to Mac OS X v10.3 or Mac OS X Server v10.3. Credit to Michael Rondinelli of EyeSee360 for reporting this issue.

QuickTime
Available for: Mac OS X v10.3.5, Mac OS X Server v10.3.5, Mac OS X v10.2.8, Mac OS X Server v10.2.8
CVE-ID: CAN-2004-0926
Impact: A heap buffer overflow could allow attackers to execute arbitrary code
Description: Flaws in decoding the BMP image type could overwrite heap memory and potentially allow the execution of arbitrary code hidden in an image.

ServerAdmin
Available for: Mac OS X Server v10.3.5 and Mac OS X Server v10.2.8
CVE-ID: CAN-2004-0927
Impact: Client - Server communication with ServerAdmin can be read by decoding captured sessions
Description: Client - Server communication with ServerAdmin uses SSL. All systems come installed with the same example self signed certificate. If that certificate has not been replaced, then ServerAdmin communication may be decrypted. The fix replaces the existing self-signed certificate with one that has been locally and uniquely generated.
  quote
alcimedes
I shot the sherrif.
 
Join Date: May 2004
Send a message via ICQ to alcimedes  
2004-10-04, 18:02

i'd rather get patched every few weeks before it's a problem, rather than Apple sitting on the problem for months then only releasing a patch after it's a publicly known exploit.

Google is your frenemy.
Caveat Emptor - Latin for tough titty
I tend to interpret things in the way that's most hilarious to me
  quote
curiousuburb
Antimatter Man
 
Join Date: May 2004
Location: that interweb thing
 
2004-10-04, 18:50

Quote:
Originally Posted by alcimedes
i'd rather get patched every few weeks before it's a problem, rather than Apple sitting on the problem for months then only releasing a patch after it's a publicly known exploit.
I wouldn't be surprised if some of these details are the first publicity of their respective exploits.
Unpatched systems might actually be slightly more vulnerable now that people are clued about vulnerabilities relatively unknown before. But I suppose that's the double edged side of posting security updates with info about what they fix.
  quote
DMBand0026
Veteran Member
 
Join Date: May 2004
Location: Chicago
 
2004-10-04, 19:17

Downloaded, installed, everything works...as far as I can tell
  quote
onlyafterdark
Sucker for shiny objects
 
Join Date: Jul 2004
Location: Kitchener, ON
Send a message via AIM to onlyafterdark  
2004-10-04, 20:11

Same with me.
  quote
curiousuburb
Antimatter Man
 
Join Date: May 2004
Location: that interweb thing
 
2004-10-04, 20:15

Safari seem a bit snappier™?
Maybe I just haven't seen any Nebagkid smilies to choke it, but background tab page load seems quicker.

To be fair, I did three SecUpdates and Java142... not sure which helped.
  quote
DMBand0026
Veteran Member
 
Join Date: May 2004
Location: Chicago
 
2004-10-04, 20:19

I didn't notice anything. May have been, I just wasn't paying attention
  quote
Mac+
9" monochrome
 
Join Date: May 2004
Location: I'm here
 
2004-10-05, 08:49

I didn't even know my machine "was vulnerable" ( ), so thanks for the heads up g - downloaded and all seems fine.
  quote
Posting Rules Navigation
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Post Reply

Forum Jump
Thread Tools
Similar Threads
Thread Thread Starter Forum Replies Last Post
Security Update 9-16-2004 in Software Update DMBand0026 Apple Products 2 2004-09-17 00:06
Security Update 9-7-2004 in Software Update DMBand0026 Apple Products 16 2004-09-09 08:07
Software Update: Java 1.4.2 Update 1 AirSluf Apple Products 15 2004-08-17 10:22
What's accessing my hard disk??? (Help Please!!) stevegong Genius Bar 36 2004-06-11 19:05
Apple releases new security update Defiant Apple Products 8 2004-05-22 09:08


« Previous Thread | Next Thread »

All times are GMT -5. The time now is 03:44.


Powered by vBulletin®
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.
Copyright ©2004 - 2019, AppleNova