(Apple Issues Fix) Rsync Heap Overflow in Daemon Mode Lets Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1008529 |
|
SecurityTracker URL: http://securitytracker.com/id/1008529
|
|
CVE Reference:
CAN-2003-0962
(Links to External Site)
|
Date: Dec 20 2003
|
Impact:
Execution of arbitrary code via network, User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 2.5.6 and prior versions
|
Description:
A vulnerability was reported in rsync. A remote user can execute arbitrary code on the target system.
It is reported that a remote user can connect to a target server running rsync on TCP port 873 and send specially crafted data to execute arbitrary code. The code will run with the privileges of the rsync daemon.
Only systems that are running rsync in daemon mode are reportedly affected.
|
Impact:
A remote user can execute arbitrary code with the privileges of the rsync daemon.
|
Solution:
Apple has released a fix for Panther and Jaguar.
Security Update 2003-12-19 for Panther is available at:
* Software Update pane in System Preferences
* Apple's Software Downloads web site:
http://www.info.apple.com/kbnum/n120292
The download file is named: "SecurityUpd2003-12-19.dmg"
Its SHA-1 digest is: 112674677572232f640d03122b25527d84fbbbf8
Security Update 2003-12-19 for Jaguar is available at:
* Software Update pane in System Preferences
* Apple's Software Downloads web site:
http://www.info.apple.com/kbnum/n120291
The download file is named: "SecurityUpd2003-12-19Jag.dmg"
Its SHA-1 digest is: b0c5d1ef54020db7580798fddd7a1e132e653896
|
Vendor URL: rsync.samba.org/ (Links to External Site)
|
Cause:
Boundary error
|
Underlying OS:
UNIX (OS X)
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Sat, 20 Dec 2003 07:50:25 -0800
Subject: APPLE-SA-2003-12-19 Security Update for Panther
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2003-12-19 Security Update 2003-12-19 for Panther
Security Update 2003-12-19 for Panther is available for
Mac OS X 10.3.2 and Mac OS X Server 10.3.2.
It contains security enhancements for the following:
AppleFileServer: Fixes CAN-2003-1007 to improve the handling of
malformed requests.
ASN.1 Decoding for PKI: Fixes CAN-2003-1005 which could cause a
potential denial of service when receiving malformed ASN.1
sequences. This is related but separate from CAN-2003-0851.
cd9660.util: Fixes CAN-2003-1006, a buffer overflow vulnerability in
the filesystem utility cd9660.util.
Credit to KF of Secure Network Operations for reporting this issue.
Directory Services: Fixes CAN-2003-1009. The default settings are
changed to prevent an inadvertent connection in the event of a
malicious DHCP server on the computer's local subnet. Further
information is provided in Apple's Knowledge Base article:
http://docs.info.apple.com/article.html?artnum=32478
Credit to William A. Carrel for reporting this issue.
fetchmail: Fixes CAN-2003-0792. Updates are provided to fetchmail that
improve its stability when receiving malformed messages.
fs_usage: Fixes CAN-2003-1010. The fs_usage tool has been improved to
prevent a local privilege escalation vulnerability. This tool is
used to collect system performance information and requires admin
privileges to run.
Credit to Dave G. of @stake for reporting this issue.
rsync: Fixes CAN-2003-0962 by improving the security of the rsync
server.
Screen Saver: Fixes CAN-2003-1008. When the Screen Saver login
window is present, it is no longer possible to write a text
clipping to the desktop or an application.
Credit to Benjamin Kelly for reporting this issue.
System initialization: Fixes CAN-2003-1011. The system initialization
process has been improved to restrict root access on a system that
uses a USB keyboard.
================================================
Security Update 2003-12-19 for Panther may be obtained from:
* Software Update pane in System Preferences
* Apple's Software Downloads web site:
http://www.info.apple.com/kbnum/n120292
The download file is named: "SecurityUpd2003-12-19.dmg"
Its SHA-1 digest is: 112674677572232f640d03122b25527d84fbbbf8
Information will also be posted to the Apple Product Security web
site:
http://www.apple.com/support/security/security_updates.html
This message is signed with Apple's Product Security PGP key, and
details are available at:
http://www.apple.com/support/security/security_pgp.html
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.2
iQEVAwUBP+Rsp3eI0z6bzFr0AQI/MwgAqqUXmeRPg2xLQlbGiK15uDhgrcOuE27V
5fi8IvkiAWMN/qjJofG3y+crtmZwTea0Z8qvcw8EcbMRtuhqzyCu43HFTE8wFJ4w
FqmwihZQANu8IHye9tgl36CiPJvY3bYWPxd3GobAQKZp81/OIhY3H2aB79Oa3N3o
6lBPHInyLmRswlOa9s7v6wSJAK/9MXa7dwSLtaaFsVg7R8kfe4atZ0tAlc8rHAnS
k0sZq1z6hPeiXHRxFIeozwTr6P5QLZB/3YuRYLtgYudojOauV1/X4/ltsOb5Kdk/
HUdrNSZfoECPI78BecWblnsGG91Tgd20GIcTke06o0zWvZa2vXWJDg==
=3ZBF
-----END PGP SIGNATURE-----
_______________________________________________
security-announce mailing list | security-announce@lists.apple.com
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/security-announce
Do not post admin requests to the list. They will be ignored.
|
|
