feeling my oats
|
coming every couple of weeks now
SU g |
quote |
Veteran Member
|
More info on the update is here:
http://docs.info.apple.com/article.html?artnum=61798 Security Update 2004-09-30 (released 2004-10-04) AFP Server Available for: Mac OS X v10.3.5 and Mac OS X Server v10.3.5 CVE-ID: CAN-2004-0921 Impact: A denial of service permitting a guest to disconnect AFP volumes Description: An AFP volume mounted by a guest could be used to terminate authenticated user mounts from the same server by modifying SessionDestroy packets. This issue does not affect systems prior to Mac OS X v10.3 or Mac OS X Server v10.3. AFP Server Available for: Mac OS X v10.3.5 and Mac OS X Server v10.3.5 CVE-ID: CAN-2004-0922 Impact: Write-only AFP Drop Box may be set as read-write Description: A write-only Drop Box on an AFP volume mounted by a guest could sometimes be read-write due to an incorrect setting of the guest group id. This issue does not affect systems prior to Mac OS X v10.3 or Mac OS X Server v10.3. CUPS Available for: Mac OS X v10.3.5, Mac OS X Server v10.3.5, Mac OS X v10.2.8, Mac OS X Server v10.2.8 CVE-ID: CAN-2004-0558 Impact: A denial of service causing the printing system to hang Description: The Internet Printing Protocol (IPP) implementation in CUPS can hang when a certain UDP packet is sent to the IPP port. CUPS Available for: Mac OS X v10.3.5, Mac OS X Server v10.3.5, Mac OS X v10.2.8, Mac OS X Server v10.2.8 CVE-ID: CAN-2004-0923 Impact: Local disclosure of user passwords Description: Certain methods of authenticated remote printing could disclose user passwords in the printing system log files. Credit to Gary Smith of the IT Services department at Glasgow Caledonian University for reporting this issue. NetInfoManager Available for: Mac OS X v10.3.5 and Mac OS X Server v10.3.5 CVE-ID: CAN-2004-0924 Impact: Incorrect indication of account status Description: The NetInfo Manager utility can enable the "root" account, but after a single "root" login it is no longer possible to use NetInfo Manager to disable the account and it incorrectly appears to be disabled. This issue does not affect systems prior to Mac OS X v10.3 or Mac OS X Server v10.3. postfix Available for: Mac OS X v10.3.5 and Mac OS X Server v10.3.5 CVE-ID: CAN-2004-0925 Impact: A denial of service when SMTPD AUTH has been enabled Description: When SMTPD AUTH has been enabled in postfix, a buffer containing the username is not correctly cleared between authentication attempts. Only users with the longest usernames will be able to authenticate. This issue does not affect systems prior to Mac OS X v10.3 or Mac OS X Server v10.3. Credit to Michael Rondinelli of EyeSee360 for reporting this issue. QuickTime Available for: Mac OS X v10.3.5, Mac OS X Server v10.3.5, Mac OS X v10.2.8, Mac OS X Server v10.2.8 CVE-ID: CAN-2004-0926 Impact: A heap buffer overflow could allow attackers to execute arbitrary code Description: Flaws in decoding the BMP image type could overwrite heap memory and potentially allow the execution of arbitrary code hidden in an image. ServerAdmin Available for: Mac OS X Server v10.3.5 and Mac OS X Server v10.2.8 CVE-ID: CAN-2004-0927 Impact: Client - Server communication with ServerAdmin can be read by decoding captured sessions Description: Client - Server communication with ServerAdmin uses SSL. All systems come installed with the same example self signed certificate. If that certificate has not been replaced, then ServerAdmin communication may be decrypted. The fix replaces the existing self-signed certificate with one that has been locally and uniquely generated. |
quote |
I shot the sherrif.
|
i'd rather get patched every few weeks before it's a problem, rather than Apple sitting on the problem for months then only releasing a patch after it's a publicly known exploit.
Google is your frenemy. Caveat Emptor - Latin for tough titty I tend to interpret things in the way that's most hilarious to me |
quote |
Antimatter Man
Join Date: May 2004
Location: that interweb thing
|
Quote:
Unpatched systems might actually be slightly more vulnerable now that people are clued about vulnerabilities relatively unknown before. But I suppose that's the double edged side of posting security updates with info about what they fix. |
|
quote |
Veteran Member
Join Date: May 2004
Location: Chicago
|
Downloaded, installed, everything works...as far as I can tell
|
quote |
Sucker for shiny objects
|
Same with me.
|
quote |
Antimatter Man
Join Date: May 2004
Location: that interweb thing
|
Safari seem a bit snappier™?
Maybe I just haven't seen any Nebagkid smilies to choke it, but background tab page load seems quicker. To be fair, I did three SecUpdates and Java142... not sure which helped. |
quote |
Veteran Member
Join Date: May 2004
Location: Chicago
|
I didn't notice anything. May have been, I just wasn't paying attention
|
quote |
9" monochrome
Join Date: May 2004
Location: 🇦🇺
|
I didn't even know my machine "was vulnerable" ( ), so thanks for the heads up g - downloaded and all seems fine.
|
quote |
Posting Rules | Navigation |
|
Thread Tools | |
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Security Update 9-16-2004 in Software Update | DMBand0026 | Apple Products | 2 | 2004-09-17 00:06 |
Security Update 9-7-2004 in Software Update | DMBand0026 | Apple Products | 16 | 2004-09-09 08:07 |
Software Update: Java 1.4.2 Update 1 | AirSluf | Apple Products | 15 | 2004-08-17 10:22 |
What's accessing my hard disk??? (Help Please!!) | stevegong | Genius Bar | 36 | 2004-06-11 19:05 |
Apple releases new security update | Defiant | Apple Products | 8 | 2004-05-22 09:08 |