Mac OS X DiskArbitration Has Unspecified Removable Media Initialization Flaw
|
|
SecurityTracker Alert ID: 1009188
|
|
CVE Reference: CAN-2004-0167
(Links to External Site)
|
Date: Feb 24 2004
|
Impact: Not specified
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Description: An unspecified vulnerability was reported in Apple's Mac OS X DiskArbitration implementation. No details were provided.
The vulnerability reportedly pertains to the insecure initialization of writeable removable media.
Apple credits aaron at vtty.com with reporting the vulnerability.
|
Impact: The impact was not specified.
|
Solution: Apple has released a fix as part of Security Update 2004-02-23, available at:
* Software Update pane in System Preferences (Mac
OS X 10.3.2 and Mac OS X 10.2.8)
* Apple's Software Downloads web site:
Mac OS X 10.3.2 Client
======================
http://www.info.apple.com/kbnum/n120323
The download file is named: "SecUpd2004-02-23Pan.dmg"
Its SHA-1 digest is:
dfe48ca16839e693674cf55995986f11d8282777
Mac OS X 10.3.2 Server
======================
http://www.info.apple.com/kbnum/n120324
The download file is named: "SecUpdSrvr2004-02-23Pan.dmg"
Its SHA-1 digest is: cde0a40abe3c1451458b15c01b73910b18bc4530
Mac OS X 10.2.8 Client
======================
http://www.info.apple.com/kbnum/n120277
The download file is named:
"SecUpd2004-02-23Jag.dmg"
Its SHA-1 digest is: 4ec49f05f206649353ae20edd9b87ddb0b42a84b
Mac OS X 10.2.8 Server
======================
http://www.info.apple.com/kbnum/n120322
The download file is named: "SecUpdSrvr2004-02-23Jag.dmg"
Its SHA-1 digest is: 79617234d288d45208531622a38f307a978f82d7
|
Vendor URL: www.apple.com/support/security/security_updates.html (Links to External Site)
|
Cause: Not specified
|
Underlying OS: UNIX (OS X)
|
Underlying OS Comments: Mac OS X 10.3.2 and 10.2.8
|
Reported By: Apple Product Security <product-security@apple.com>
|
Message History:
None.
|
Source Message Contents
|
Date: Mon, 23 Feb 2004 18:42:28 -0800
From: Apple Product Security <product-security@apple.com>
Subject: APPLE-SA-2004-02-23 Security Update 2004-02-23
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2004-02-23 Security Update 2004-02-23
Security Update 2004-02-23 is now available. It addresses the
following issues:
CoreFoundation: Fixes CAN-2004-0168 to improve notification
logging. Credit to aaron@vtty.com for reporting this issue.
DiskArbitration: Fixes CAN-2004-0167 to more securely handle the
initialization of writeable removable media. Credit to
aaron@vtty.com for reporting this issue.
IPSec: Fixes CAN-2004-0164 to improve checking in key exchange
Point-to-Point-Protocol: Fixes CAN-2004-0165 to improve the
handling of error messages. Credit to Dave G. of @stake and
Justin Tibbs of Secure Network Operations (SRT) for reporting
this issue.
QuickTime Streaming Server: Fixes CAN-2004-0169 to improve
checking of request data. Credit to iDEFENSE Labs for
reporting this issue. Streaming Server updates for other
platforms are available from
http://developer.apple.com/darwin/
Safari: Fixes CAN-2004-0166 to improve the display of URLs in the
status bar
tcpdump: Fixes CAN-2003-0989, CAN-2004-0055, and CAN-2004-0057 by
updating tcpdump to version 3.8.1 and libpcap to version 0.8.1
================================================
Security Update 2004-02-23 may be obtained from:
* Software Update pane in System Preferences (Mac OS X 10.3.2
and Mac OS X 10.2.8)
* Apple's Software Downloads web site:
Mac OS X 10.3.2 Client
======================
http://www.info.apple.com/kbnum/n120323
The download file is named: "SecUpd2004-02-23Pan.dmg"
Its SHA-1 digest is: dfe48ca16839e693674cf55995986f11d8282777
Mac OS X 10.3.2 Server
======================
http://www.info.apple.com/kbnum/n120324
The download file is named: "SecUpdSrvr2004-02-23Pan.dmg"
Its SHA-1 digest is: cde0a40abe3c1451458b15c01b73910b18bc4530
Mac OS X 10.2.8 Client
======================
http://www.info.apple.com/kbnum/n120277
The download file is named: "SecUpd2004-02-23Jag.dmg"
Its SHA-1 digest is: 4ec49f05f206649353ae20edd9b87ddb0b42a84b
Mac OS X 10.2.8 Server
======================
http://www.info.apple.com/kbnum/n120322
The download file is named: "SecUpdSrvr2004-02-23Jag.dmg"
Its SHA-1 digest is: 79617234d288d45208531622a38f307a978f82d7
* QuickTime Streaming Server updates for platforms other than
Mac OS X Server are available from:
http://developer.apple.com/darwin/projects/streaming/
Information will also be posted to the Apple Product Security web
site:
http://www.apple.com/support/security/security_updates.html
This message is signed with Apple's Product Security PGP key, and
details are available at:
http://www.apple.com/support/security/security_pgp.html
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.2
iQEVAwUBQDq4GXeI0z6bzFr0AQIokgf7B0qbznnDSz9kse26CWXjw2dpkC0iOR3D
Jtw9wtQbCT8MWSWoaqHvp2BRQ4951cdIZEbOt/Gvv2eEuK7h5y4HvyLFwH9y5ajg
uuSC8XSK8Ccl5OTFYGP7w+xn4snE8Wo1Sx4L4H8QszrG0jYmKffOL0PNZl/mcF9o
Atl/kBV168R9jK/oww5bjFd99AIB3RDMR0w9fl7DNS1ZS5LHuAps1tsEfHDs2mKm
9lPWlhlUI6CEp2JHS3GhYNht2J0enKX9ESrWV9DVMx5gydb6bQTD1X9vvn9ba0Ld
xF7IZacZXGlYbqQ5jxq68x9c88oZv9BPSAQg7+9Grdtyk/iOXmskOw==
=siCh
-----END PGP SIGNATURE-----
_______________________________________________
security-announce mailing list | security-announce@lists.apple.com
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/security-announce
Do not post admin requests to the list. They will be ignored.
|
|
