Apple Mac OS X NFS Ktrace Logging Flaw Lets Local Users Deny Service
|
|
SecurityTracker Alert ID: 1010329
|
|
SecurityTracker URL: http://securitytracker.com/id?1010329
|
|
CVE Reference: CAN-2004-0513
(Links to External Site)
|
Updated: Jun 3 2004
|
Original Entry Date: May 29 2004
|
Impact: Denial of service via local system
|
Fix Available: Yes
Exploit Included: Yes
Vendor Confirmed: Yes
|
Description: A vulnerability was reported in Apple Mac OS X in the NFS implementation. A local user can cause denial of service conditions.
Apple reported that there is an issue in NFS logging when tracing system calls. No further information was provided by Apple.
The
vendor credits David Brown <dave@spoonguard.org> with reporting this issue.
David Brown reported that a local user can mount
or access an NFS volume that has '+rx' permissions, change the working directory to the mount point, and then create a ktrace loop
by running `ktrace ktrace ls` to cause the system to become mostly unresponsive.
|
Impact: A local user can cause the system to become generally unavailable.
|
Solution: Apple has released a fix as part of Mac OS X 10.3.4, available at:
* Software Update pane in System Preferences
* Apple's Software
Downloads web site:
Updating from Mac OS X 10.3.3
http://www.apple.com/support/downloads/macosxupdate_10_3_4.html
The download
file is named: "MacOSXUpdate10.3.4.dmg"
Its SHA-1 digest is: dd2e1576cfd2792f0c012d552d41556192ce7415
Updating from Mac OS X
10.3 - 10.3.2
http://www.apple.com/support/downloads/macosxcombined1034update.html
The download file is named: "MacOSXUpdateCombo10.3.4.dmg"
Its
SHA-1 digest is: 061a2560cdd239e8d60e36678a3ea31d1aef5534
Updating from Mac OS X Server 10.3.3
http://www.apple.com/support/downloads/macosxupdate_10_3_4.html
The
download file is named: "MacOSXServerUpdate10.3.4.dmg"
Its SHA-1 digest is: c9d04735eb1b381fe8786cc1424fa734abb28c32
Updating
from Mac OS X Server 10.3 - 10.3.2
http://www.apple.com/support/downloads/macosxcombinedserver1034update.html
The download file
is named: "MacOSXSrvrUpdCombo10.3.4.dmg"
Its SHA-1 digest is: 2579754ab996c4e070bd3bd7c3789792754e6adc
|
Vendor URL: docs.info.apple.com/article.html?artnum=61798 (Links to External Site)
|
Cause: State error
|
Underlying OS: UNIX (OS X)
|
Underlying OS Comments: Prior to 10.3.4
|
Reported By: Apple Product Security <product-security@apple.com>
|
Message History:
None.
|
Source Message Contents
|
Date: Fri, 28 May 2004 17:24:40 -0700
From: Apple Product Security <product-security@apple.com>
Subject: APPLE-SA-2004-05-28 Mac OS X 10.3.4
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2004-05-28 Mac OS X Update 10.3.4
Mac OS X Update 10.3.4 is now available and contains security
enhancements for the following:
NFS: Improves logging when tracing system calls. Credit to David
Brown <dave@spoonguard.org> for reporting this issue.
LoginWindow: Improves the handling of directory services lookups and
console log files. Credit to aaron@vtty.com for reporting the issue.
Packaging: Improves package installation. Credit to aaron@vtty.com
for reporting the isssue.
TCP/IP: provides better handling of out-of-sequence TCP packets.
AppleFileServer: Improves the use of SSH and reporting errors.
Terminal: Improves the handling of URLs. Credit to Rene Puls
<rpuls@gmx.net> for reporting this issue.
Note: CVE Candidate IDs will be published to the Security Updates
page when available:
http://docs.info.apple.com/article.html?artnum=61798
================================================
Mac OS X 10.3.4 may be obtained from:
* Software Update pane in System Preferences
* Apple's Software Downloads web site:
Updating from Mac OS X 10.3.3
=============================
http://www.apple.com/support/downloads/macosxupdate_10_3_4.html
The download file is named: "MacOSXUpdate10.3.4.dmg"
Its SHA-1 digest is: dd2e1576cfd2792f0c012d552d41556192ce7415
Updating from Mac OS X 10.3 - 10.3.2
====================================
http://www.apple.com/support/downloads/macosxcombined1034update.html
The download file is named: "MacOSXUpdateCombo10.3.4.dmg"
Its SHA-1 digest is: 061a2560cdd239e8d60e36678a3ea31d1aef5534
Updating from Mac OS X Server 10.3.3
====================================
http://www.apple.com/support/downloads/macosxupdate_10_3_4.html
The download file is named: "MacOSXServerUpdate10.3.4.dmg"
Its SHA-1 digest is: c9d04735eb1b381fe8786cc1424fa734abb28c32
Updating from Mac OS X Server 10.3 - 10.3.2
===========================================
http://www.apple.com/support/downloads/macosxcombinedserver1034update.
html
The download file is named: "MacOSXSrvrUpdCombo10.3.4.dmg"
Its SHA-1 digest is: 2579754ab996c4e070bd3bd7c3789792754e6adc
Information will also be posted to the Apple Product Security web
site:
http://docs.info.apple.com/article.html?artnum=61798
This message is signed with Apple's Product Security PGP key, and
details are available at:
http://www.apple.com/support/security/security_pgp.html
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.2
iQEVAwUBQLfX+Jyw5owIz4TQAQK+sgf9H3P1/mVZGdqjnejfIezii+jzQnZZaZuv
tCbePSyLEKrn6evHZvUyEdRVIpcbZAU3ymxCNPgg/Mv5gdln/PAdUSYb/wvtUbxM
CB08zYqpD8IsPS5zay8SotYPJsXw+RagbI4zjB8i+mm9Wep/R/zu/iC0G/3/6ItN
qeD8hTF0spGqSrGR0XAUiIBKmUCvel4KFcvxADwGrjCjCUOleQlwE8+nkdUc3/Cd
53oREzuqsboTjaQOcqAToj9n9JzT9R5Oip0PngkXOloAp8ITKQAj6kLrAYMxTe5l
piMH6xElS8VydC7M1wZchUxYHdhKFtlHC/6fWPP/k2vT/QGyt7+pWA==
=C0Or
-----END PGP SIGNATURE-----
_______________________________________________
security-announce mailing list | security-announce@lists.apple.com
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/security-announce
Do not post admin requests to the list. They will be ignored.
|
|
