Mac OS X USB keyboard 'init' Flaw Yields Root Access to Physically Local Users
|
|
SecurityTracker Alert ID: 1008528
|
|
CVE Reference: CAN-2003-1011
(Links to External Site)
|
Date: Dec 20 2003
|
Impact: Root access via local system
|
Fix Available: Yes
Exploit Included: Yes
Vendor Confirmed: Yes
|
Version(s): OS X 10.2.8, 10.3.2
|
Description: A vulnerability was reported in Apple's Mac OS X when using a USB keyboard. A physically local user can gain root access on the system.
Richard Glaser reported that a physically local user can hold down the Control C keys for an extended period when the system is starting
up or restarting to cause the init program to abort. The init program will reportedly provide a root shell.
Additional information
is available at:
http://www.macos.utah.edu/Documentation/usb_init_crash_root/usb_init_crash_root.html
|
Impact: A physically local user can gain root access on the system.
|
Solution: Apple has released a fix for Panther and for Jaguar.
For Panther, Security Update 2003-12-19 is available at:
* Software
Update pane in System Preferences
* Apple's Software Downloads web site:
http://www.info.apple.com/kbnum/n120292
The download file is named: "SecurityUpd2003-12-19.dmg"
Its SHA-1 digest is: 112674677572232f640d03122b25527d84fbbbf8
For
Jaguar, Security Update 2003-12-19 is available at:
* Software Update pane in System Preferences
* Apple's Software Downloads
web site:
http://www.info.apple.com/kbnum/n120291
The download file is named: "SecurityUpd2003-12-19Jag.dmg"
Its
SHA-1 digest is: b0c5d1ef54020db7580798fddd7a1e132e653896
|
Vendor URL: www.apple.com/ (Links to External Site)
|
Cause: Exception handling error, State error
|
Underlying OS: UNIX (Mac OS X)
|
Reported By: Apple Product Security <product-security@apple.com>
|
Message History:
None.
|
Source Message Contents
|
Date: Sat, 20 Dec 2003 07:50:25 -0800
From: Apple Product Security <product-security@apple.com>
Subject: APPLE-SA-2003-12-19 Security Update for Panther
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2003-12-19 Security Update 2003-12-19 for Panther
Security Update 2003-12-19 for Panther is available for
Mac OS X 10.3.2 and Mac OS X Server 10.3.2.
It contains security enhancements for the following:
AppleFileServer: Fixes CAN-2003-1007 to improve the handling of
malformed requests.
ASN.1 Decoding for PKI: Fixes CAN-2003-1005 which could cause a
potential denial of service when receiving malformed ASN.1
sequences. This is related but separate from CAN-2003-0851.
cd9660.util: Fixes CAN-2003-1006, a buffer overflow vulnerability in
the filesystem utility cd9660.util.
Credit to KF of Secure Network Operations for reporting this issue.
Directory Services: Fixes CAN-2003-1009. The default settings are
changed to prevent an inadvertent connection in the event of a
malicious DHCP server on the computer's local subnet. Further
information is provided in Apple's Knowledge Base article:
http://docs.info.apple.com/article.html?artnum=32478
Credit to William A. Carrel for reporting this issue.
fetchmail: Fixes CAN-2003-0792. Updates are provided to fetchmail that
improve its stability when receiving malformed messages.
fs_usage: Fixes CAN-2003-1010. The fs_usage tool has been improved to
prevent a local privilege escalation vulnerability. This tool is
used to collect system performance information and requires admin
privileges to run.
Credit to Dave G. of @stake for reporting this issue.
rsync: Fixes CAN-2003-0962 by improving the security of the rsync
server.
Screen Saver: Fixes CAN-2003-1008. When the Screen Saver login
window is present, it is no longer possible to write a text
clipping to the desktop or an application.
Credit to Benjamin Kelly for reporting this issue.
System initialization: Fixes CAN-2003-1011. The system initialization
process has been improved to restrict root access on a system that
uses a USB keyboard.
================================================
Security Update 2003-12-19 for Panther may be obtained from:
* Software Update pane in System Preferences
* Apple's Software Downloads web site:
http://www.info.apple.com/kbnum/n120292
The download file is named: "SecurityUpd2003-12-19.dmg"
Its SHA-1 digest is: 112674677572232f640d03122b25527d84fbbbf8
Information will also be posted to the Apple Product Security web
site:
http://www.apple.com/support/security/security_updates.html
This message is signed with Apple's Product Security PGP key, and
details are available at:
http://www.apple.com/support/security/security_pgp.html
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.2
iQEVAwUBP+Rsp3eI0z6bzFr0AQI/MwgAqqUXmeRPg2xLQlbGiK15uDhgrcOuE27V
5fi8IvkiAWMN/qjJofG3y+crtmZwTea0Z8qvcw8EcbMRtuhqzyCu43HFTE8wFJ4w
FqmwihZQANu8IHye9tgl36CiPJvY3bYWPxd3GobAQKZp81/OIhY3H2aB79Oa3N3o
6lBPHInyLmRswlOa9s7v6wSJAK/9MXa7dwSLtaaFsVg7R8kfe4atZ0tAlc8rHAnS
k0sZq1z6hPeiXHRxFIeozwTr6P5QLZB/3YuRYLtgYudojOauV1/X4/ltsOb5Kdk/
HUdrNSZfoECPI78BecWblnsGG91Tgd20GIcTke06o0zWvZa2vXWJDg==
=3ZBF
-----END PGP SIGNATURE-----
_______________________________________________
security-announce mailing list | security-announce@lists.apple.com
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/security-announce
Do not post admin requests to the list. They will be ignored.
|
|
