Mac OS X Apple File Protocol (AFP) Access Control Bug Lets Administrators Login Under Other User Identities
|
|
SecurityTracker Alert ID: 1006107
|
|
SecurityTracker URL: http://securitytracker.com/id?1006107
|
|
CVE Reference: CVE-2003-0049
(Links to External Site)
|
Updated: Jun 13 2008
|
Original Entry Date: Feb 15 2003
|
Impact: User access via network
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Version(s): Mac OS X 10.2.3 and prior versions
|
Description: An access control vulnerability was reported in Mac OS X Apple File Protocol (AFP) servers. A remote authenticated system administrator may access the server under another user's identity.
It is reported that a remote authenticated system administrator could login to an AFP server as a different user. No further details were provided.
|
Impact: A remote authenticated system administrator could login under a different user's identity.
|
Solution: The vendor has released a fixed version (10.2.4). The functionality is now optional (configurable). The update is available from:
*
Software Update pane in System Preferences
- OR -
* Apple's Software Downloads web site:
If updating from Mac OS X 10.2.3:
http://www.info.apple.com/kbnum/n70
167
The download file is named: "MacOSXUpdate10.2.4.dmg"
Its SHA-1 digest is: a54695d21f1162bd453d2f9a3b02176cae8c8777
If
updating from Mac OS X 10.2, 10.2.1, or 10.2.2:
http://www.info.apple.com/kbnum/n70168
The download file is named: "MacOSX10.2.4Combined.dmg"
Its
SHA-1 digest is: 0b377141c1cd11d303a72ce3fac5170d2e02cf3b
|
Vendor URL: docs.info.apple.com/article.html?artnum=61798 (Links to External Site)
|
Cause: Access control error
|
Underlying OS: UNIX (OS X)
|
Underlying OS: UNIX (Mac OS X)
|
Reported By: Product Security <product-security@apple.com>
|
Message History:
None.
|
Source Message Contents
|
Date: Fri, 14 Feb 2003 11:27:02 -0800
From: Product Security <product-security@apple.com>
Subject: APPLE-SA-2003-02-14 Mac OS X 10.2.4 client
|
-----BEGIN PGP SIGNED MESSAGE-----
APPLE-SA-2003-02-14 Mac OS X 10.2.4 client
Mac OS X 10.2.4 client Software Update is now available. It contains
fixes for
the following potential security issues:
* Sendmail: Fixes CAN-2002-0906 Buffer overflow in Sendmail before
8.12.5, when
configured to use a custom DNS map to query TXT records, could permit a
denial
of service attack and possibly allow execution of arbitrary code. Mac
OS X
10.2.4 contains Sendmail 8.12.6 with the SMRSH fix applied to also
address
CAN-2002-1165 .
* AFP: Fixes CAN-2003-0049 "AFP login permissions for the system
administrator". Provides an option whereby a system administrator may
or may
not be allowed to log in as a user, authenticating via their admin
password.
Previously, administrators could always log in as a user,
authenticating via
their own admin password.
* Classic: Fixes CAN-2003-0088 , where an attacker may change an
environment
variable to create arbitrary files or overwrite existing files, which
could lead
to obtaining elevated privileges. Credit to Dave G. from @stake, Inc.
for
discovering this issue.
* Samba: Previous releases of Mac OS X are not vulnerable to
CAN-2002-1318 , an
issue in Samba's length checking for encrypted password changes. Mac
OS X
currently uses Directory Services for authentication, and does not call
the
vulnerable Samba function. However, to prevent a potential future
exploit via
this function, the patch from Samba 2.2.7 was applied although the
version of
Samba was not changed for this update release. Further information is
available
from: http://samba.org/samba/whatsnew/samba-2.2.7.html
Mac OS X 10.2.4 client Software Update may be obtained from:
* Software Update pane in System Preferences
- OR -
* Apple's Software Downloads web site:
Updating from Mac OS X 10.2.3:
http://www.info.apple.com/kbnum/n70167
The download file is named: "MacOSXUpdate10.2.4.dmg"
Its SHA-1 digest is: a54695d21f1162bd453d2f9a3b02176cae8c8777
Updating from Mac OS X 10.2, 10.2.1, or 10.2.2:
http://www.info.apple.com/kbnum/n70168
The download file is named: "MacOSX10.2.4Combined.dmg"
Its SHA-1 digest is: 0b377141c1cd11d303a72ce3fac5170d2e02cf3b
Information is also posted to the Apple Support web site:
http://docs.info.apple.com/article.html?artnum=61798
This message is signed with Apple's Product Security PGP key, and
details are
available at:
http://www.apple.com/support/security/security_pgp.html
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.3
iQEVAwUBPk1CwyFlYNdE6F9oAQH+Jgf/dB72A3cb+cz2It8jKRR2vrx/WLqeWjMG
DF7757xPTfDLG1oc4Nqd1lGdcoI19rhYyY86avnr6yykIr+gFz27Yujz48fgvIdL
OMBD66wV+Ohq5jwB19baJu3pq+TCDlsRg//bhKsvE7izdtahlXdIDnSYJDUUb0Nl
yMtu6jyoHPcxJAUUVEgG4vYuiVKnD4ZGGkKoS4tPNe2BAz0kw7lrr70edEGn/EA2
ZWl+LQ7AFBnxCm2NAeJ3BA+SyjrPw3/atNLaJCfQTi+UoA3OT/EET/PcMNosQaMG
7pYbachVjVHext8B9GmAy02NyoKjV/sFn0AVjV2w0NgJp9YW/sBBzw==
=gmkJ
-----END PGP SIGNATURE-----
_______________________________________________
security-announce mailing list | security-announce@lists.apple.com
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/security-announce
Do not post admin requests to the list. They will be ignored.
|
|
